Abstract
It is well known that almost all random subset sum instances with density less than 0.6463... can be solved with an l2-norm SVP oracle by Lagarias and Odlyzko. Later, Coster et al. improved the bound to 0.9408... by using a different lattice. In this paper, we generalize this classical result to l p -norm. More precisely, we show that for p ∈ ℤ + , an l p -norm SVP oracle can be used to solve almost all random subset sum instances with density bounded by δ p , where δ1 = 0.5761 and \(\delta_p = 1/(\frac{1}{2^p}\log_2(2^{p+1}-2)+\log_2(1+\frac{1}{(2^p-1)(1-(\frac{1}{2^{p+1}-2})^{(2^p-1)})})))\) for p ≥ 3(asymptotically, δ p ≈ 2p/(p + 2)). Since δ p goes increasingly to infinity when p tends to infinity, it can be concluded that an l p -norm SVP oracle with bigger p can solve more subset sum instances. An interesting phenomenon is that an l p -norm SVP oracle with p ≥ 3 can help solve almost all random subset sum instances with density one, which are thought to be the most difficult instances.
This work was supported in part by the NNSF of China (No.11071285, No.11201458, and No.61121062), in part by 973 Project (No. 2011CB302401) and in part by the National Center for Mathematics and Interdisciplinary Sciences, CAS.
Chapter PDF
Similar content being viewed by others
References
Ajtai, M.: Gennerating hard instances of lattice problems. In: STOC 1996, pp. 99–108. ACM Press, New York (1996)
Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: STOC 1997, pp. 284–293. ACM Press, New York (1997)
Ajtai, M.: The shortest vector problem in L2 is NP-hard for randomized reductions(extended abstract). In: 30th Annual ACM Symposium on Theory of Computing, pp. 266–275. ACM Press, New York (1998)
Babai, L.: On Lovasz’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)
Coster, M.J., Joux, A., Lamacchia, B.A., Odlyzko, A.M., Schnorr, C.P., Stern, J.: An improved low-density subset sum algorithm. Computational Complexity 2, 111–128 (1992)
Dadush, D., Peikert, C., Vempala, S.: Enumerative lattice algorithms in any norm via M -ellipsoid coverings. In: FOCS 2011, pp. 580–589. IEEE Computer Society Press (2011)
Frieze, A.M.: On the Lagarias-Odlyzko algorithm for the subset sum problem. SIAM J. Comput. 18, 550–558 (1989)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169–178. ACM Press, New York (2009)
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008, pp. 197–206. ACM Press, New York (2008)
Goldreich, D., Micciancio, D., Safra, S., Seifert, J.P.: Approximating shortest lattice vectors is not harder than approximating closest lattice vectors. Information Processing Letters 71(2), 55–61 (1999)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN: Digital Signatures Using the NTRU Lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003)
Impagliazzo, R., Naor, M.: Efficient Cryptographic Schemes Provably as Secure as Subset Sum. Journal of Cryptology 9, 199–216 (1996)
Lenstra, A.K., Lenstra Jr., H.W., Lovasz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. J. Assoc. Comp. Mach. 32(1), 229–246 (1985)
Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: A modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008)
Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: A Cryptography Perspective. Kluwer Academic Publishes (2002)
Micciancio, D., Voulgaris, P.: A deterministic single exponential time algorithm for most lattice problems based on Voronoi cell computations. In: STOC 2010, pp. 351–358. ACM Press, New York (2010)
Micciancio, D.: Inapproximability of the Shortest Vector Problem: Toward a Deterministic Reduction. Theory of Computing 8(1), 487–512 (2012)
Regev, O.: Lattices in computer science. Lecture notes of a course given in Tel Aviv University (2004)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93. ACM Press, New York (2005)
Regev, O., Rosen, R.: Lattice problems and norm embeddings. In: STOC 2006, pp. 447–456. ACM Press, New York (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Association for Cryptologic Research
About this paper
Cite this paper
Hu, G., Pan, Y., Zhang, F. (2014). Solving Random Subset Sum Problem by l p -norm SVP Oracle. In: Krawczyk, H. (eds) Public-Key Cryptography – PKC 2014. PKC 2014. Lecture Notes in Computer Science, vol 8383. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54631-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-54631-0_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54630-3
Online ISBN: 978-3-642-54631-0
eBook Packages: Computer ScienceComputer Science (R0)