Module Lattice Security (Part III): Structured CVP Distance on the Log-Unit Lattice
This work provides a theoretical security analysis for lattice-based cryptography, specifically improving the hardness guarantee for the Module Lattice Key Encapsulation Mechanism (ML-KEM) by reducing an exponential security loss to sub-polynomial.
The authors prove that the L^2 CVP distance from a random short ring element to the log-unit lattice of a cyclotomic field converges to a specific constant times sqrt(n), and show that this target lies inside the Voronoi cell. Combined with prior work, this reduces the CDPR factor for ML-KEM from exp(O(sqrt(n))) to sub-polynomial.
We prove that the $L^2$ CVP distance from a random short ring element to the log-unit lattice of $\Q(ζ_{2^k})$ converges to $\fracπ{2\sqrt{6}}\sqrt{n}$ as $n=2^{k-1}\to\infty$. We then show that this target lies inside the Voronoi cell of the origin for $k\ge 4$. For the $L^\infty$ norm, the maximum over $n$ sub-Gaussian coordinates yields $O(\sqrt{\log n})$ which translates into a sub-polynomial approximation factor for the Short Generator Problem. We show a Coarse Lattice Theorem that Babai's algorithm returns zero for all structured targets, yet exactly recovers unit perturbations of arbitrary size. For module determinant ideals, we further prove the Trigamma Theorem that proves an intrinsic imbalance $σ_{g_0}=O(1)$ independent of the modulus $q$. Finally, combined with Parts I and II, we reduce the CDPR factor for ML-KEM from $\exp(\tO(\sqrt{n}))$ to a sub-polynomial value.