Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions

We study a generalization of the compact knapsack problem for arbitrary rings: given m = O(log n) ring elements a₁, . . . , a_m ∈ R and a target value b ∈ R, find coefficients x₁, . . . , x_m ∈ X (where X is a subset of R of size 2ⁿ) such that Σa_ix_i = b. The computational complexity of this problem depends on the choice of the ring R and set of coefficients X. This problem is known to be solvable in quasi polynomial time when R is the ring of the integers and X is the set of small integers {0, . . . , 2ⁿ $1}. We show that if R is an appropriately chosen ring of modular polynomials and X is the subset of polynomials with small coefficients, then the compact knapsack problem is as hard to solve on the average as the worst case instance of approximating the covering radius (or the length of the shortest vector, or various other well known lattice problems) of any cyclic lattice within a polynomial factor. Our proof adapts, to the cyclic lattice setting, techniques initially developed by Ajtai (1996) for the case of general lattices.