Lossy Codes and a New Variant of the Learning-With-Errors Problem
- Cite this paper as:
- Döttling N., Müller-Quade J. (2013) Lossy Codes and a New Variant of the Learning-With-Errors Problem. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg
The hardness of the Learning-With-Errors (LWE) Problem has become one of the most useful assumptions in cryptography. It exhibits a worst-to-average-case reduction making the LWE assumption very plausible. This worst-to-average-case reduction is based on a Fourier argument and the errors for current applications of LWE must be chosen from a gaussian distribution. However, sampling from gaussian distributions is cumbersome.
In this work we present the first worst-to-average case reduction for LWE with uniformly distributed errors, which can be sampled very efficiently. This new worst-to-average-case connection comes with a slight drawback and we need to use a bounded variant of the LWE problem, where the number of samples is fixed in advance. Most applications of LWE can be based on the bounded variant. The proof is based on a new tool called lossy codes, which might be of interest in the context other lattice/coding-based hardness assumptions.