In this article we revisit smoothing bounds in parallel between lattices $and$ codes. Initially introduced by Micciancio and Regev, these bounds were instantiated with Gaussian distributions and were crucial for arguing the security of many lattice-based cryptosystems. Unencumbered by direct application concerns, we provide a systematic study of how these bounds are obtained for both lattices $and$ codes, transferring techniques between both areas. We also consider multiple choices of spherically symmetric noise distribution. We found that the best strategy for a worst-case bound combines Parseval's Identity, the Cauchy-Schwarz inequality, and the second linear programming bound, and this holds for both codes and lattices and all noise distributions at hand. For an average-case analysis, the linear programming bound can be replaced by a tight average count. This alone gives optimal results for spherically uniform noise over random codes and random lattices. This also improves previous Gaussian smoothing bound for worst-case lattices, but surprisingly this provides even better results with uniform ball noise than for Gaussian (or Bernoulli noise for codes). This counter-intuitive situation can be resolved by adequate decomposition and truncation of Gaussian and Bernoulli distributions into a superposition of uniform noise, giving further improvement for those cases, and putting them on par with the uniform cases.
翻译:在本文中,我们同时重温了拉特克元和美元代码之间的平滑界限。 最初由米恰西奥和雷杰夫提出, 这些界限是用高萨的分布方式和第二个线性编程方式进行即决的, 对许多基于拉特斯的加密系统的安全性进行争论至关重要。 在直接应用的关注下, 我们提供系统研究, 研究这些界限是如何为拉特斯和美元代码获得的, 在两个区域之间传输技术的。 我们还考虑了球形对称噪音分布的多种选择。 我们发现, 最坏的界限的最佳策略是将普瑟瓦尔的特性、 考奇- 沙瓦兹的不平等性与第二个线性编程的界限结合起来, 这对于许多基于拉特斯克的加密系统及其手头上的所有噪音分布都很重要。 在平均分析中, 线性编程线性编程可以被一个紧凑的平均计数所取代。 这仅仅是在随机代码和随机拉特特克之间进一步安装球式的噪音的最佳结果。 这也改进了以前的戈斯平拉特罗特罗特罗特罗特, 和伯尔诺尔德州的防度则提供了更好的标准, 。 这比贝诺尔斯的平地提供了一个更好的结果, 。 高尔斯可制的校制的平比更优的平的比。