Skip to main content
SpringerLink
Log in

Quantum Algorithms for Variants of Average-Case Lattice Problems via Filtering

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2022 (EUROCRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13277))

Abstract

We show polynomial-time quantum algorithms for the following problems:

  1. 1.

    Short integer solution (SIS) problem under the infinity norm, where the public matrix is very wide, the modulus is a polynomially large prime, and the bound of infinity norm is set to be half of the modulus minus a constant.

  2. 2.

    Learning with errors (LWE) problem given LWE-like quantum states with polynomially large moduli and certain error distributions, including bounded uniform distributions and Laplace distributions.

  3. 3.

    Extrapolated dihedral coset problem (EDCP) with certain parameters.

The SIS, LWE, and EDCP problems in their standard forms are as hard as solving lattice problems in the worst case. However, the variants that we can solve are not in the parameter regimes known to be as hard as solving worst-case lattice problems. Still, no classical or quantum polynomial-time algorithms were known for the variants of SIS and LWE we consider. For EDCP, our quantum algorithm slightly extends the result of Ivanyos et al. (2018).

Our algorithms for variants of SIS and EDCP use the existing quantum reductions from those problems to LWE, or more precisely, to the problem of solving LWE given LWE-like quantum states. Our main contribution is solving LWE given LWE-like quantum states with interesting parameters using a filtering technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In the initial version of our paper (August 25, 2021) we were not aware of the results in [IPS18]. We sincerely thank Gábor Ivanyos for telling us the results in [IPS18].

References

  1. Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Automata, Languages and Programming - 38th International Colloquium, ICALP 2011, Zurich, Switzerland, 4–8 July 2011, Proceedings, Part I, pp. 403–415 (2011)

    Google Scholar 

  2. Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99–108 (1996)

    Google Scholar 

  3. Bos, J.W., et al.: CRYSTALS - kyber: A cca-secure module-lattice-based KEM. In: EuroS&P, pp. 353–367. IEEE (2018)

    Google Scholar 

  4. Brakerski, Z., Kirshanova, E., Stehlé, D., Wen, W.: Learning with errors and extrapolated dihedral cosets. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 702–727. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76581-5_24

    Chapter  Google Scholar 

  5. Biasse, J.F., Song, F.: Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 893–902. SIAM (2016)

    Google Scholar 

  6. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, Palm Springs, CA, USA, 22–25 October 2011, pp. 97–106 (2011)

    Google Scholar 

  7. Brakerski, Z., Vaikuntanathan, V.: Constrained key-homomorphic PRFs from standard lattice assumptions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 1–30. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_1

    Chapter  Google Scholar 

  8. Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_20

    Chapter  MATH  Google Scholar 

  9. Cramer, R., Ducas, L., Wesolowski, B.: Short stickelberger class relations and application to ideal-SVP. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 324–348. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_12

    Chapter  Google Scholar 

  10. Campbell, P., Groves, M., Shepherd, D.: Soliloquy: A cautionary tale (2014)

    Google Scholar 

  11. Cai, J.Y., Nerurkar, A.: An improved worst-case to average-case connection for lattice problems. In: FOCS, pp. 468–477. IEEE Computer Society (1997)

    Google Scholar 

  12. Childs, A.M., Dam, W.V.: Quantum algorithm for a generalized hidden shift problem. In: SODA, pp. 1225–1232. SIAM (2007)

    Google Scholar 

  13. Ducas, L.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238–268 (2018)

    Article  MathSciNet  Google Scholar 

  14. D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_16

    Chapter  Google Scholar 

  15. Döttling, N., Müller-Quade, J.: Lossy codes and a new variant of the learning-with-errors problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 18–34. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_2

    Chapter  Google Scholar 

  16. Eisenträger, K., Hallgren, S., Kitaev, A.Y., Song, F.: A quantum algorithm for computing the unit group of an arbitrary degree number field. In: STOC, pp. 293–302. ACM (2014)

    Google Scholar 

  17. Eldar, L., Shor, P.W.: An efficient quantum algorithm for a variant of the closest lattice-vector problem (2016)

    Google Scholar 

  18. Friedl, K., Ivanyos, G., Magniez, F., Santha, M., Sen, P.: Hidden translation and orbit coset in quantum computing. In: STOC, pp. 1–9. ACM (2003)

    Google Scholar 

  19. Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. Electron. Colloq. Comput. Compl. (ECCC) 3(42) (1996)

    Google Scholar 

  20. Grilo, A.B., Kerenidis, I., Zijlstra, T.: Learning-with-errors problem is easy with quantum samples. Phys. Rev. A 99(3), 032314 (2019)

    Google Scholar 

  21. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)

    Google Scholar 

  22. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC, pp. 545–554. ACM (2013)

    Google Scholar 

  23. Ivanyos, G., Prakash, A., Santha, M.: On learning linear functions from subset and its applications in quantum computing. In: ESA, vol. 112 of LIPIcs, pp. 66:1–66:14. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2018)

    Google Scholar 

  24. Kuperberg, G.: A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. SIAM J. Comput. 35(1), 170–188 (2005)

    Article  MathSciNet  Google Scholar 

  25. Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: FOCS, pp. 332–338. IEEE Computer Society (2018)

    Google Scholar 

  26. Micciancio, D.: Improved cryptographic hash functions with worst-case/average-case connection. In: STOC, pp. 609–618. ACM (2002)

    Google Scholar 

  27. Micciancio, D.: CSE 206A: Lattice Algorithms and Applications. Lecture 2: The dual lattice (2012)

    Google Scholar 

  28. Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 21–39. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_2

    Chapter  Google Scholar 

  29. Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measure. SIAM J. Comput. 37(1), 267–302 (2007)

    Article  MathSciNet  Google Scholar 

  30. Miller, S.D., Stephens-Davidowitz, N.: Kissing numbers and transference theorems from generalized tail bounds. SIAM J. Disc. Math. 33(3), 1313–1325 (2019)

    Article  MathSciNet  Google Scholar 

  31. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information (10th Anniversary edition). Cambridge University Press, Cambridge (2016)

    Google Scholar 

  32. Peres, A.: How to differentiate between non-orthogonal states. Phys. Lett. A 128, 19–19 (1988)

    Article  MathSciNet  Google Scholar 

  33. Regev, O.: Quantum computation and lattice problems. In: FOCS, pp. 520–529. IEEE Computer Society (2002)

    Google Scholar 

  34. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93. ACM (2005)

    Google Scholar 

  35. Schnorr, C.-P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1), 181–199 (1994)

    Article  MathSciNet  Google Scholar 

  36. Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_36

    Chapter  Google Scholar 

Download references

Acknowledgement

We sincerely thank Gábor Ivanyos for telling us the results in [IPS18]. We would also like to thank Luowen Qian, Léo Ducas, and the anonymous reviewers for their helpful comments. Y.C. is supported by Tsinghua University start-up funding and Shanghai Qi Zhi Institute. Q.L. is supported by the Simons Institute for the Theory of Computing, through a Quantum Postdoctoral Fellowship. M.Z. is supported in part by NSF.

Author information

Authors and Affiliations

  1. Tsinghua University, Beijing, 100084, China

    Yilei Chen

  2. Simons Institute for the Theory of Computing, Berkeley, USA

    Qipeng Liu

  3. NTT Research, Palo Alto, USA

    Mark Zhandry

  4. Princeton University, Princeton, USA

    Mark Zhandry

Authors
  1. Yilei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qipeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Zhandry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yilei Chen .

Editor information

Editors and Affiliations

  1. University of Haifa, Haifa, Haifa, Israel

    Orr Dunkelman

  2. University of Warsaw, Warsaw, Poland

    Stefan Dziembowski

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, Y., Liu, Q., Zhandry, M. (2022). Quantum Algorithms for Variants of Average-Case Lattice Problems via Filtering. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13277. Springer, Cham. https://doi.org/10.1007/978-3-031-07082-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-07082-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-07081-5

  • Online ISBN: 978-3-031-07082-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation