Chapter

Advances in Cryptology – CRYPTO 2011

Volume 6841 of the series Lecture Notes in Computer Science pp 465-484

Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions

  • Daniele MicciancioAffiliated withDepartment of Computer Science & Engineering, University of California
  • , Petros MolAffiliated withDepartment of Computer Science & Engineering, University of California

Abstract

We study the pseudorandomness of bounded knapsack functions over arbitrary finite abelian groups. Previous works consider only specific families of finite abelian groups and 0-1 coefficients. The main technical contribution of our work is a new, general theorem that provides sufficient conditions under which pseudorandomness of bounded knapsack functions follows directly from their one-wayness. Our results generalize and substantially extend previous work of Impagliazzo and Naor (J. Cryptology 1996).

As an application of the new theorem, we give sample preserving search-to-decision reductions for the Learning With Errors (LWE) problem, introduced by (Regev, STOC 2005) and widely used in lattice-based cryptography. Concretely, we show that, for a wide range of parameters, m LWE samples can be proved indistinguishable from random just under the hypothesis that search LWE is a one-way function for the same number m of samples.