Lossy Codes and a New Variant of the Learning-With-Errors Problem

  • Nico Döttling
  • Jörn Müller-Quade
Conference paper

DOI: 10.1007/978-3-642-38348-9_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)
Cite this paper as:
Döttling N., Müller-Quade J. (2013) Lossy Codes and a New Variant of the Learning-With-Errors Problem. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg


The hardness of the Learning-With-Errors (LWE) Problem has become one of the most useful assumptions in cryptography. It exhibits a worst-to-average-case reduction making the LWE assumption very plausible. This worst-to-average-case reduction is based on a Fourier argument and the errors for current applications of LWE must be chosen from a gaussian distribution. However, sampling from gaussian distributions is cumbersome.

In this work we present the first worst-to-average case reduction for LWE with uniformly distributed errors, which can be sampled very efficiently. This new worst-to-average-case connection comes with a slight drawback and we need to use a bounded variant of the LWE problem, where the number of samples is fixed in advance. Most applications of LWE can be based on the bounded variant. The proof is based on a new tool called lossy codes, which might be of interest in the context other lattice/coding-based hardness assumptions.


Learning-With-Errors Worst-Case Reduction Uniform Interval Error-Distribution 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Nico Döttling
    • 1
  • Jörn Müller-Quade
    • 1
  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations