TL;DR
This paper extends the analysis of lattice-based algorithms for the approximate common divisor problem to multiple variables, improving error tolerance bounds and connecting cryptanalysis with coding theory, including list decoding of advanced codes.
Contribution
It provides a multivariate generalization of Howgrave-Graham's algorithm, offering improved error bounds and a novel link between cryptanalysis and list decoding of multivariate codes.
Findings
Improved error tolerance bounds for multivariate approximate common divisors.
Established a lattice-based list decoding approach for multivariate codes.
Demonstrated practical performance surpassing theoretical expectations.
Abstract
We analyze the multivariate generalization of Howgrave-Graham's algorithm for the approximate common divisor problem. In the m-variable case with modulus N and approximate common divisor of size N^beta, this improves the size of the error tolerated from N^(beta^2) to N^(beta^((m+1)/m)), under a commonly used heuristic assumption. This gives a more detailed analysis of the hardness assumption underlying the recent fully homomorphic cryptosystem of van Dijk, Gentry, Halevi, and Vaikuntanathan. While these results do not challenge the suggested parameters, a 2^(n^epsilon) approximation algorithm with epsilon<2/3 for lattice basis reduction in n dimensions could be used to break these parameters. We have implemented our algorithm, and it performs better in practice than the theoretical analysis suggests. Our results fit into a broader context of analogies between cryptanalysis and coding…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Approximate Common Divisors via Lattices· youtube
