Advertisement

Lattice Decoding Attacks on Binary LWE

  • Shi Bai
  • Steven D. Galbraith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8544)

Abstract

We consider the binary-LWE problem, which is the learning with errors problem when the entries of the secret vector are chosen from { 0, 1} or { − 1, 0, 1 }. Our main result is an improved lattice decoding algorithm for binary-LWE, by translating to the inhomogeneous short integer solution (ISIS) problem, and then re-scaling the lattice. We also discuss modulus switching as an approach to the problem. Our conclusion is that binary-LWE is easier than general LWE. We give experimental results, and theoretical estimates for parameters that achieve certain security levels.

Keywords

lattice attacks learning with errors closest vector problem 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Albrecht, M.R., Cid, C., Faugère, J.-C., Fitzpatrick, R., Perret, L.: On the Complexity of the BKW Algorithm on LWE. In: Designs, Codes and Cryptography (Published online July 19, 2013) (to appear) Google Scholar
  2. 2.
    Albrecht, M.R., Fitzpatrick, R., Göpfert, F.: On the Efficacy of Solving LWE by Reduction to Unique-SVP. In: Proceedings of 2013 International Conference on Information Security and Cryptology (2013) (to appear)Google Scholar
  3. 3.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Arora, S., Ge, R.: New Algorithms for Learning in Presence of Errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. Journal of ACM 50(4), 506–519 (2003)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Brakerski, Z., Vaikuntanathan, V.: Efficient Fully Homomorphic Encryption from (Standard) LWE. In: Ostrovsky, R. (ed.) IEEE FOCS 2011, pp. 97–106 (2011)Google Scholar
  7. 7.
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) ACM STOC 2013, pp. 575–584 (2013)Google Scholar
  8. 8.
    Cadé, D., Pujol, X., Stehlé, D.: FPLLL (2013), http://perso.ens-lyon.fr/damien.stehle/fplll
  9. 9.
    Chen, Y., Nguyen, P.Q.: BKZ 2.0: Better Lattice Security Estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Gama, N., Nguyen, P.Q.: Predicting Lattice Reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Kannan, R.: Minkowski’s convex body theorem and integer programming. Mathematics of Operations Research 12(3), 415–440 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Liu, M., Nguyen, P.Q.: Solving BDD by Enumeration: An Update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Lyubashevsky, V., Micciancio, D.: On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Luzzi, L., Stehlé, D., Ling, C.: Decoding by Embedding: Correct Decoding Radius and DMT Optimality. IEEE Transactions on Information Theory 59(5), 2960–2973 (2013)CrossRefGoogle Scholar
  18. 18.
    Micciancio, D., Mol, P.: Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 465–484. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Micciancio, D., Peikert, C.: Hardness of SIS and LWE with Small Parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 21–39. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post Quantum Cryptography, pp. 147–191. Springer (2009)Google Scholar
  21. 21.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC 2005, pp. 84–93. ACM (2005)Google Scholar
  22. 22.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM 56(6), article 34 (2009)Google Scholar
  23. 23.
    Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Shi Bai
    • 1
  • Steven D. Galbraith
    • 1
  1. 1.Department of MathematicsUniversity of AucklandNew Zealand

Personalised recommendations