Filters








1,048 Hits in 2.7 sec

Algebraic algorithms for LWE problems

Martin R. Albrecht, Carlos Cid, Jean-Charles Faugère, Robert Fitzpatrick, Ludovic Perret
2015 ACM Communications in Computer Algebra  
We analyse the complexity of algebraic algorithms for solving systems of linear equations with noise.  ...  Firstly, we provide a refined complexity analysis for the original Arora-Ge algorithm for LWE.  ...  the LWE problem.  ... 
doi:10.1145/2815111.2815158 fatcat:nohlmajwrbcbllmfewqtkypvxq

The Hardness of LWE and Ring-LWE: A Survey [article]

David Balbás
2021 IACR Cryptology ePrint Archive  
LWE enjoys a hardness reduction from worst-case lattice problems, which are believed to be hard for classical and quantum computers.  ...  We start by introducing both Ring-LWE and LWE and their mathematical foundations, focusing on lattices and algebraic number theory.  ...  Acknowledgements I am grateful to Johan Håstad for his supervision and suggestions for improvement.  ... 
dblp:journals/iacr/Balbas21 fatcat:uy5rswilzjfqldjuufgsqeibxy

Efficient Signature Schemes from R-LWE

2016 KSII Transactions on Internet and Information Systems  
Additionally, a linearly homomorphic signature scheme without trapdoor is proposed from the R-LWE assumption.  ...  In this paper, an efficient signature scheme is proposed from the ring learning with errors (R-LWE), which avoids sampling from discrete Gaussians and has the characteristics of the much simpler description  ...  For any parameters n , q and polynomial ( ) f x satisfying the condition of the R-LWE problem, the signature scheme  is unforgeable in the chosen message attack model (CMA), assuming that the R-LWE problem  ... 
doi:10.3837/tiis.2016.08.026 fatcat:2uk7q7mtzzhldgryhfzkyxxara

Non-Commutative Ring Learning With Errors From Cyclic Algebras [article]

Charles Grover, Cong Ling, Roope Vehkalahti
2020 arXiv   pre-print
We show that the security reductions expected for an LWE problem hold, namely a reduction from certain structured lattice problems to the hardness of the decision variant of the CLWE problem.  ...  In this work, we introduce a novel variant of LWE over cyclic algebras (CLWE) to replicate the addition of the ring structure taking LWE to Ring LWE by adding cyclic structure to Module LWE.  ...  To this end, the central pillars of an LWE problem are provided for the cyclic algebra case.  ... 
arXiv:2008.01834v1 fatcat:2h65qk4u2zerxisxpiicykfmma

SALSA: Attacking Lattice Cryptography with Transformers [article]

Emily Wenger, Mingjie Chen, François Charton, Kristin Lauter
2022 arXiv   pre-print
Consequently, "quantum resistant" cryptosystems are in high demand, and lattice-based cryptosystems, based on a hard problem known as Learning With Errors (LWE), have emerged as strong contenders for standardization  ...  SALSA can fully recover secrets for small-to-mid size LWE instances with sparse binary secrets, and may scale to attack real-world LWE-based cryptosystems.  ...  Overview of Attacks on LWE Typically, attacks on the LWE problem use an algebraic approach and involve lattice reduction algorithms such as BKZ [21] .  ... 
arXiv:2207.04785v1 fatcat:zz7yt2g3xrh4bmptfrok2fsbsy

SCloud: Public Key Encryption and Key Encapsulation Mechanism Based on Learning with Errors [article]

Zhongxiang Zheng, Anyu Wang, Haining Fan, Chunhuan Zhao, Chao Liu, Xue Zhang
2020 IACR Cryptology ePrint Archive  
We propose a new family of public key encryption (PKE) and key encapsulation mechanism (KEM) schemes based on the plain learning with errors (LWE) problem.  ...  Based on these two techniques, SCloud can provide various sets of parameters for refined security level.  ...  Different to the random unstructured lattices related to the plain LWE problem, these variant LWE problems are proved to be as hard as the problems on lattices with algebraic structures [23, 21, 26] ,  ... 
dblp:journals/iacr/ZhengWFZLZ20 fatcat:eiw42fyaurd3tlp2whlkhh3bl4

Homomorphism learning problems and its applications to public-key cryptography [article]

Christopher Leonardi, Luis Ruiz-Lopez
2019 IACR Cryptology ePrint Archive  
We present a framework for the study of a learning problem over abstract groups, and introduce a new technique which allows for public-key encryption using generic groups.  ...  average-case to worst-case reductions to problems that are presumably hard even for quantum algorithms.  ...  Our work This paper regards LWE as a learning problem, specifically as a problem of learning homomorphisms between two algebraic objects from noisy samples.  ... 
dblp:journals/iacr/LeonardiR19 fatcat:raztkwdyzfdrnimwllcya5ymza

Pseudorandomness of ring-LWE for any ring and modulus

Chris Peikert, Oded Regev, Noah Stephens-Davidowitz
2017 Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing - STOC 2017  
For example, the modulusswitching reduction from [BLP + 13] increases the error rate, which ultimately yields a weaker worst-case approximation factor than for the corresponding search LWE problem.  ...  We give a polynomial-time quantum reduction from worst-case (ideal) lattice problems directly to the decision version of (Ring-)LWE.  ...  For one, the algebraic structure of Galois fields, or cyclotomics in particular, might conceivably be used to attack worst-case ideal-lattice problems like approximate SIVP, or Ring-LWE itself.  ... 
doi:10.1145/3055399.3055489 dblp:conf/stoc/Peikert0S17 fatcat:i6l75fyrhje6djct3bhv2djivi

Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm [article]

Katherine E. Stange
2020 arXiv   pre-print
We provide a reduction of the Ring-LWE problem to Ring-LWE problems in subrings, in the presence of samples of a restricted form (i.e.  ...  The results apply to two-power cyclotomic Ring-LWE with parameters proposed for practical use (including all splitting types).  ...  Ring-LWE problems.  ... 
arXiv:1902.07140v3 fatcat:mnzwyrit7zenpbjl2lgpmy5y2u

Semantic Security Invariance under Variant Computational Assumptions [article]

Eftychios Theodorakis, John C. Mitchell
2018 IACR Cryptology ePrint Archive  
Our result implies a correspondence between the Learning With Errors (LWE) problems and both the Elliptic Curve Discrete Log problem (ECDLP) and the Discrete Logarithm (DLOG) problem.  ...  We show that for two systems satisfying certain algebraic properties any proof in one system has an equivalent valid proof in the other.  ...  A Chooser able to acquire both messages can solve the CDH problem. Games 9d to 9f depict the LWE-DH proof for the Sender. H denotes the random oracle.  ... 
dblp:journals/iacr/TheodorakisM18 fatcat:jddn343orbh5znv4pszvptcfai

A framework for cryptographic problems from linear algebra

Carl Bootland, Wouter Castryck, Alan Szepieniec, Frederik Vercauteren
2019 Journal of Mathematical Cryptology  
For trivial modules (i.e. of rank one), the case {f=X^{n}+1} and {g=q\in\mathbb{Z}_{>1}} corresponds to ring-LWE, ring-SIS and NTRU, while the choices {f=X^{n}-1} and {g=X-2} essentially cover the recently  ...  Concretely, we study generalisations of hard problems such as SIS, LWE and NTRU to free modules over quotients of {\mathbb{Z}[X]} by ideals of the form {(f,g)} , where f is a monic polynomial and {g\in  ...  Bootland et al., A framework for cryptographic problems from linear algebra | C. Bootland et al., A framework for cryptographic problems from linear algebra  ... 
doi:10.1515/jmc-2019-0032 fatcat:l7fhkbx75fbrnlcjjgaezqiutq

On Algebraic Embedding for Unstructured Lattices [article]

Madalina Bolboceanu, Zvika Brakerski, Devika Sharma
2021 IACR Cryptology ePrint Archive  
In this work we show that the Order-LWE problem (a generalization of the well known Ring-LWE problem) on certain orders is at least as hard as the (unstructured) LWE problem.  ...  Efficient lattice-based cryptography usually relies on the intractability of problems on lattices with algebraic structure such as ideal-lattices or module-lattices.  ...  Briefly, it iterates the following quantum step: given discrete Gaussian samples and an oracle for algebraic LWE, the quantum algorithm outputs narrower discrete Gaussian samples.  ... 
dblp:journals/iacr/BolboceanuBS21 fatcat:ucl4v2gjnjbmje4jpxekkohdmq

Sublattice Attacks on Ring-LWE with Wide Error Distributions I [article]

Hao Chen
2020 IACR Cryptology ePrint Archive  
The fundamental problem in lattice-based cryptography is the hardness of the Ring-LWE, which has been based on the conjectured hardness of approximating ideal-SIVP or ideal-SVP.  ...  In this paper we propose the subset quadruple attack on general structured LWE problems over any ring endowed with a positive definite inner product and an error distribution.  ...  Ring-LWE The algebraic structure of ring was first introduced to the hardness of computational problems of lattices in [29] (also in [24, 25] ) for the consideration of efficiency.  ... 
dblp:journals/iacr/Chen20 fatcat:ky5vpnpxbfb2jbsrqaroveggpa

On Ideal Lattices and Learning with Errors over Rings [chapter]

Vadim Lyubashevsky, Chris Peikert, Oded Regev
2010 Lecture Notes in Computer Science  
Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms.  ...  A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives).  ...  We thank Damien Stehlé for useful discussions, and for sharing with us, together with Ron Steinfeld, Keisuke Tanaka, and Keita Xagawa, an early draft of their result.  ... 
doi:10.1007/978-3-642-13190-5_1 fatcat:htckcqetq5ehhkqjjrw4xmaqui

Generalized Bootstrapping Technique Based on Block Equality Test Algorithm

Xiufeng Zhao, Ailan Wang
2018 Security and Communication Networks  
Fully homomorphic encryption can be used to protect the privacy of cloud data and solve the trust problem of third party.  ...  The key problem of achieving fully homomorphic encryption is how to reduce the increasing noise during the ciphertext evaluation.  ...  algorithm, where is the size of block, and is the number of block, = ⌈ / ⌉. Suppose that LWE problem has 80 bits security when is set to be 2003.  ... 
doi:10.1155/2018/9325082 fatcat:6kjeirfwqfd5dgdn2ryajz2w64
« Previous Showing results 1 — 15 out of 1,048 results