Abstract
The hardness of the learning with errors (LWE) problem supports the security of modern lattice-based cryptography. Ring-based LWE is the analog of LWE over univariate polynomial rings that includes the polynomial-LWE and the ring-LWE, and it is useful to construct efficient and compact LWE-based cryptosystems. Any ring-based LWE instance can be transformed to an LWE instance, which can also be reduced to a particular case of the shortest vector problem (SVP) on a certain lattice by Kannan’s embedding. In this paper, we extend Kannan’s embedding for solving the search version of the ring-based LWE problem. Specifically, we propose a new extended lattice to include multiple short errors that are amplified by rotation operations for the coefficient vector of an error polynomial. Since multiple short errors have the same length and are embedded in our extended lattice, our extension could increase the success probability of solving the ring-based LWE problem by using the Block Korkine-Zorotarev (BKZ) algorithm that is widely used in cryptanalysis. We demonstrate the efficacy of our extension by experiments for solving various ring-based LWE instances.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albrecht, M.R., et al.: Estimate all the {LWE, NTRU} schemes! In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_19
Albrecht, M.R., Ducas, L.: Lattice attacks on NTRU and LWE: a history of refinements. IACR ePrint 2021/799 (2021)
Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_11
Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange: a new hope. In: 25th USENIX Security Symposium, pp. 327–343 (2016)
Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 789–819. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_30
Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322–337. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08344-5_21
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory (TOCT) 6(3), 1–36 (2014)
Bremner, M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011)
Castryck, W., Iliashenko, I., Vercauteren, F.: On error distributions in ring-based LWE. LMS J. Comput. Math. 19(A), 130–145 (2016)
Chen, Y.: Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Ph.D. thesis, Paris 7 (2013)
Developers, T Sage: Sagemath (2016). https://www.sagemath.org/
Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_13
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)
Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015). https://doi.org/10.1007/s10623-014-9938-4
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_5
Molinari, L.G.: Determinants of block tridiagonal matrices. Linear Algebra Appl. 429(8–9), 2221–2226 (2008)
Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: Nguyen, P., Vallée, B. (eds.) The LLL Algorithm, pp. 19–69. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02295-1_2
Postlethwaite, E.W., Virdia, F.: On the success probability of solving unique SVP via BKZ. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 68–98. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_4
Schnorr, C.P.: Block Korkin-Zolotarev bases and successive minima. International Computer Science Institute (1992)
Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36494-3_14
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)
Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_36
The FPLLL development team: FPyLLL, a Python wrapper for the FPLLL lattice reduction library, Version: 0.5.6 (2021). https://github.com/fplll/fpylll
Yasuda, M.: A survey of solving SVP algorithms and recent strategies for solving the SVP challenge. In: Takagi, T., Wakayama, M., Tanaka, K., Kunihiro, N., Kimoto, K., Ikematsu, Y. (eds.) International Symposium on Mathematics, Quantum Theory, and Cryptography. MI, vol. 33, pp. 189–207. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-5191-8_15
Yu, Y., Ducas, L.: Second order statistical behavior of LLL and BKZ. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 3–22. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_1
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A A Sample Code for Our Extended Kannan’s Embedding
A A Sample Code for Our Extended Kannan’s Embedding
Here we give a sample Python code in SageMath [12] of our extended Kannan’s embedding for solving a ring-based LWE instance. (We use the ring-LWE oracle generator in SageMath to generate ring-LWE samples, and also BKZ 2.0 in fpylll for BKZ. See also Subsect. 4.1 for details.)
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Nakamura, S., Yasuda, M. (2021). An Extension of Kannan’s Embedding for Solving Ring-Based LWE Problems. In: Paterson, M.B. (eds) Cryptography and Coding. IMACC 2021. Lecture Notes in Computer Science(), vol 13129. Springer, Cham. https://doi.org/10.1007/978-3-030-92641-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-92641-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92640-3
Online ISBN: 978-3-030-92641-0
eBook Packages: Computer ScienceComputer Science (R0)