The closest vector problem in tensored root lattices of type A and in their duals
In this work we consider the closest vector problem (CVP)—a problem also known as maximum-likelihood decoding—in the tensor of two root lattices of type A ((Formula presented.)), as well as in their duals ((Formula presented.)). This problem is mainly motivated by lattice based cryptography, where the cyclotomic rings (Formula presented.) (resp. its co-different (Formula presented.)) play a central role, and turn out to be isomorphic as lattices to tensors of (Formula presented.) lattices (resp. A root lattices). In particular, our results lead to solving CVP in (Formula presented.) and in (Formula presented.) for conductors of the form (Formula presented.) for any two odd primes p, q. For the primal case (Formula presented.), we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graph (Formula presented.). This leads—relying on the Bellman-Ford algorithm for negative cycle detection—to a CVP algorithm running in polynomial time. Precisely, our algorithm performs (Formula presented.) operations on reals, where l is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time (Formula presented.).
|Keywords||Closest vector problem, Cyclotomic lattices, Lattice based cryptography, Maximum likelihood decoding, Tensored root lattices|
|Journal||Designs, Codes, and Cryptography|
Ducas, L, & van Woerden, W.P.J. (2017). The closest vector problem in tensored root lattices of type A and in their duals. Designs, Codes and Cryptography, 1–14. doi:10.1007/s10623-017-0332-x