Nothing Special   »   [go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2023/488

$k$-SUM in the Sparse Regime

Shweta Agrawal, Indian Institute of Technology Madras
Sagnik Saha, Carnegie Mellon University
Nikolaj Ignatieff Schwartzbach, Bocconi University
Akhil Vanukuri, Indian Institute of Technology Madras
Prashant Nalini Vasudevan, National University of Singapore
Abstract

In the average-case $k$-SUM problem, given $r$ integers chosen uniformly at random from $\{0,\ldots,M-1\}$, the objective is to find a "solution" set of $k$ numbers that sum to $0$ modulo $M$. In the dense regime of $M \leq r^k$, where solutions exist with high probability, the complexity of these problems is well understood. Much less is known in the sparse regime of $M\gg r^k$, where solutions are unlikely to exist. In this work, we initiate the study of the sparse regime for $k$-SUM and its variant $k$-XOR, especially their planted versions, where a random solution is planted in a randomly generated instance and has to be recovered. We provide evidence for the hardness of these problems and suggest new applications to cryptography. Our contributions are summarized below. Complexity. First we study the complexity of these problems in the sparse regime and show: - Conditional Lower Bounds. Assuming established conjectures about the hardness of average-case (non-planted) $k$-SUM/$k$-XOR when $M = r^k$, we provide non-trivial lower bounds on the running time of algorithms for planted $k$-SUM when $r^k\leq M\leq r^{2k}$. - Hardness Amplification. We show that for any $M \geq r^k$, if an algorithm running in time $T$ solves planted $k$-SUM/$k$-XOR with success probability $\Omega(1/\text{polylog}(r))$, then there is an algorithm running in time $\tilde{O}(T)$ that solves it with probability $(1-o(1))$. This in particular implies hardness amplification for 3-SUM over the integers, which was not previously known. Technically, our approach departs significantly from existing approaches to hardness amplification, and relies on the locality of the solution together with the group structure inherent in the problem. Additionally, it enables us to assume only mild hardness of these problems for use in applications. - New Reductions and Algorithms. We provide reductions for $k$-SUM/$k$-XOR from search to decision, as well as worst-case and average-case reductions to the Subset Sum problem from $k$-SUM. Additionally, we present a new algorithm for average-case $k$-XOR that is faster than known worst-case algorithms at low densities. Cryptography. We show that by additionally assuming mild hardness of $k$-XOR, we can construct Public Key Encryption (PKE) from a weaker variant of the Learning Parity with Noise (LPN) problem than was known before. In particular, such LPN hardness does not appear to imply PKE on its own -- this suggests that $k$-XOR/$k$-SUM can be used to bridge "minicrypt" and "cryptomania" in some cases, and may be applicable in other settings in cryptography.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
k-SUMpublic-key encryptionfine-grained cryptography
Contact author(s)
shweta a @ cse iitm ac in
sagnik1saha @ gmail com
nikolaj @ ignatieff io
akhilvanukuri @ gmail com
prashant @ comp nus edu sg
History
2023-11-17: revised
2023-04-04: received
See all versions
Short URL
https://ia.cr/2023/488
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/488,
      author = {Shweta Agrawal and Sagnik Saha and Nikolaj Ignatieff Schwartzbach and Akhil Vanukuri and Prashant Nalini Vasudevan},
      title = {$k$-{SUM} in the Sparse Regime},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/488},
      year = {2023},
      url = {https://eprint.iacr.org/2023/488}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.