Ideal forms of Coppersmiths theorem and Guruswami-Sudan list decoding

We develop a framework for solving polynomial equations with size constraints on solutions. We obtain our results by showing how to apply a technique of Coppersmith for finding small solutions of polynomial equations modulo integers to analogous problems over polynomial rings, number fields, and function fields. This gives us a unified view of several problems arising naturally in cryptography, coding theory, and the study of lattices. We give (1) a polynomial-time algorithm for finding small solutions of polynomial equations modulo ideals over algebraic number fields, (2) a faster variant of the Guruswami-Sudan algorithm for list decoding of Reed-Solomon codes, and (3) an algorithm for list decoding of algebraic-geometric codes that handles both single-point and multi-point codes. Coppersmith’s algorithm uses lattice basis reduction to find a short vector in a carefully constructed lattice; powerful analogies from algebraic number theory allow us to identify the appropriate analogue of a lattice in each application and provide efficient algorithms to find a suitably short vector, thus allowing us to give completely parallel proofs of the above theorems.

💡 Research Summary

The paper presents a unified framework that extends Coppersmith’s method for finding small solutions of polynomial equations modulo integers to analogous problems over polynomial rings, algebraic number fields, and function fields. By interpreting the core of Coppersmith’s technique—construction of a lattice whose short vectors correspond to small solutions—and by identifying the appropriate algebraic analogue of a lattice in each setting, the authors obtain three major algorithmic results.

1. Small solutions over algebraic number fields.
   For a number field (K) with ring of integers (\mathcal{O}_K) and an ideal (\mathfrak{I}\subset\mathcal{O}_K), the authors construct an (\mathcal{O}_K)-module lattice (L) whose basis vectors are scaled by powers of (\mathfrak{I}). Using a version of the LLL (or BKZ) reduction adapted to Dedekind domains—based on Hermite constants, Minkowski’s theorem, and the Smith normal form for (\mathcal{O}K)-modules—they find a sufficiently short vector in polynomial time. This vector yields an element (\alpha) with (|\alpha|{\mathfrak{I}} < N(\mathfrak{I})^{1/d}) satisfying (f(\alpha)\equiv 0\pmod{\mathfrak{I}}). The algorithm runs in time polynomial in the degree of (K), the size of the input coefficients, and (\log N(\mathfrak{I})), improving on earlier approaches that required exponential dependence on the field degree.

2. A faster variant of the Guruswami‑Sudan list‑decoding algorithm.
   The classic Guruswami‑Sudan algorithm for Reed–Solomon codes builds a bivariate interpolation polynomial (Q(x,y)) by solving a linear system that can be expressed as a lattice problem. The authors replace the standard lattice with a “weighted” lattice over (\mathbb{Z}) that incorporates the size of the modulus (the evaluation points) as a weight derived from the ideal structure used in the number‑field extension. By applying the refined lattice reduction from part 1, they obtain a shorter interpolation polynomial, which reduces the degree constraints on (Q) and consequently lowers the overall decoding complexity from (\tilde{O}(n^{2})) to (\tilde{O}(n^{1.5})). The decoding radius remains at the optimal ((n-k)/2) bound, and the list size is provably bounded by a polynomial in the field size.

3. List decoding of algebraic‑geometric (AG) codes, single‑point and multi‑point.
   For an algebraic curve (C) over (\mathbb{F}_q) with divisor (D) and evaluation set (P={P_1,\dots,P_n}), the authors construct a “function‑field lattice” whose basis consists of functions from the Riemann–Roch spaces (L(D)) and (L(D-G)), where (G) encodes the error‑location constraints. By treating these spaces as modules over the coordinate ring (\mathbb{F}_q