Lattice problems have many applications in various domains of computer science. There is currently a gap in the understanding of these problems with respect to their worst-case complexity and their average-case behaviour. For instance, the Shortest Vector problem (SVP) on an n-dimensional lattice has worst-case complexity $2^{n+o(n)}$. However, in practice, people rely on heuristic (unproven) sieving algorithms of time complexity $2^{0.292n+o(n)}$ to assess the security of lattice-based cryptography schemes. Those heuristic algorithms are experimentally verified for lattices used in cryptography, which are usually random in some way.
In this talk, I will present some recent work that tries to bridge the gap between worst-case and heuristic algorithms. Using the formalism of random real lattices developed by Siegel, we show a tighter upper bound on an important lattice parameter called the smoothing parameter that applies to almost all random lattices. This allows us to obtain a $2^{n/2+o(n)}$ time algorithm for an approximation version of the SVP on random lattices with a small constant approximation factor. We will also see that in this setting, the corresponding approximation version of GapSVP is provably easy, giving a formal version of the "Gaussian Heuristic".
I am a CNRS researcher, currently on sabbatical at lowRISC C.I.C. My research interests include analog models of computation, numerical analysis, verification of hybrid systems and cryptography. Recently, I have become interested in latticed-based cryptography and mathematical aspects of lattices in particular.