Cyclic Lattices, Ideal Lattices and Bounds for the Smoothing Parameter
share
Cyclic lattices and ideal lattices were introduced by Micciancio in <cit.>, Lyubashevsky and Micciancio in <cit.> respectively, which play an efficient role in Ajtai's construction of a collision resistant Hash function (see <cit.> and <cit.>) and in Gentry's construction of fully homomorphic encryption (see <cit.>). Let R=Z[x]/⟨ϕ(x)⟩ be a quotient ring of the integer coefficients polynomials ring, Lyubashevsky and Micciancio regarded an ideal lattice as the correspondence of an ideal of R, but they neither explain how to extend this definition to whole Euclidean space ℝ^n, nor exhibit the relationship of cyclic lattices and ideal lattices. In this paper, we regard the cyclic lattices and ideal lattices as the correspondences of finitely generated R-modules, so that we may show that ideal lattices are actually a special subclass of cyclic lattices, namely, cyclic integer lattices. In fact, there is a one to one correspondence between cyclic lattices in ℝ^n and finitely generated R-modules (see Theorem <ref> below). On the other hand, since R is a Noether ring, each ideal of R is a finitely generated R-module, so it is natural and reasonable to regard ideal lattices as a special subclass of cyclic lattices (see corollary <ref> below). It is worth noting that we use more general rotation matrix here, so our definition and results on cyclic lattices and ideal lattices are more general forms. As application, we provide cyclic lattice with an explicit and countable upper bound for the smoothing parameter (see Theorem <ref> below). It is an open problem that is the shortest vector problem on cyclic lattice NP-hard? (see <cit.>). Our results may be viewed as a substantial progress in this direction.
READ FULL TEXT
