Skip to main content
SpringerLink
Log in

Estimated Cost for Solving Generalized Learning with Errors Problem via Embedding Techniques

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11049))

Included in the following conference series:

Abstract

Estimating for the computational cost of solving learning with errors (LWE) problem is an indispensable research topic to the lattice-based cryptography in practice. For this purpose, the embedding approach is usually employed. The technique first constructs a basis matrix by embedding an LWE instance. At this stage, Kannan’s and Bai-Galbraith’s embeddings are believed to be the most efficient approaches for the standard and the binary LWE with secret vectors in \(\mathbb {Z}_q^n\) and \(\{0,1\}^n\), respectively. Indeed, both methods work well with sufficiently many LWE samples. After the embedding phase, solving the unique shortest vector problem (uSVP) in the lattice spanned by the basis matrix results in solving the LWE. Recently, there are several lattice-based schemes whose secret vectors have special distributions, e.g., small elements and/or sparse vectors, have been proposed to realize efficient implementations. In this paper, to capture such settings and more, we study the LWE problem in a general setting. We analyze the LWE problem whose secret vectors are sampled from arbitrary distributions. Furthermore, we also study the problem when the number of samples is restricted. We believe that our work provides more general understanding of the hardness of LWE. Moreover, we propose a half-twisted embedding that contains the existing two embedding methods as special cases. This proposal enables us to analyze the hardness of LWE in a generic manner and sometimes provides improved attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: Proceedings of the STOC 2001, pp. 601–610. ACM (2001)

    Google Scholar 

  2. Albrecht, M.R., Cid, C., Faugère, J., Fitzpatrick, R., Perret, L.: Algebraic algorithms for LWE problems. ACM Commun. Comput. Algebra 49(2), 62 (2015)

    Article  Google Scholar 

  3. Albrecht, M.R., Cid, C., Faugère, J., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325–354 (2015)

    Article  MathSciNet  Google Scholar 

  4. Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_11

    Chapter  Google Scholar 

  5. Alkim, E., et al.: Revisiting TESLA in the quantum random oracle model. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 143–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_9

    Chapter  Google Scholar 

  6. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange–a new hope. In: Proceedings of the USENIX Security 2016, pp. 327–343. USENIX Association (2016)

    Google Scholar 

  7. Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322–337. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08344-5_21

    Chapter  Google Scholar 

  8. Bindel, N., Buchmann, J.A., Göpfert, F., Schmidt, M.: Estimation of the hardness of the learning with errors problem with a restricted number of samples. IACR Cryptology ePrint Archive 2017/140 (2017)

    Google Scholar 

  9. Bos, J.W., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security 2016, pp. 1006–1018. ACM (2016)

    Google Scholar 

  10. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: IEEE Symposium on Security and Privacy 2015, pp. 553–570. IEEE Computer Society (2015)

    Google Scholar 

  11. Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé.: Classical hardness of learning with errors. In: STOC 2013, pp. 575–584 (2013)

    Google Scholar 

  12. Chen, Y.: Réduction de réseau et sécurité concrète du chiffrement complètement homomorphe. Ph.D. thesis, Paris 7 (2013)

    Google Scholar 

  13. Cheon, J.H., Kim, D., Lee, J., Song, Y.S.: Lizard: cut off the tail! // practical post-quantum public-key encryption from LWE and LWR. IACR Cryptology ePrint Archive 2016/1126 (2016)

    Google Scholar 

  14. Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology ePrint Archive 2012/688 (2012)

    Google Scholar 

  15. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3

    Chapter  Google Scholar 

  16. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the STOC 2008, pp. 197–206. ACM (2008)

    Google Scholar 

  17. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)

    Article  MathSciNet  Google Scholar 

  18. Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving. Ph.D. thesis, Eindhoven University of Technology (2015)

    Google Scholar 

  19. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  Google Scholar 

  20. Micciancio, D., Walter, M.: Fast lattice point enumeration with minimal overhead. SODA 2015, 276–294 (2015)

    MathSciNet  MATH  Google Scholar 

  21. Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_12

    Chapter  MATH  Google Scholar 

  22. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the STOC 2005, pp. 84–93. ACM (2005)

    Google Scholar 

  23. Schnorr, C.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201–224 (1987)

    Article  MathSciNet  Google Scholar 

  24. Schnorr, C.: Lattice reduction by random sampling and birthday methods. In: Proceedings of the STACS 2003, pp. 145–156. ACM (2003)

    Google Scholar 

  25. Schnorr, C., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)

    Article  MathSciNet  Google Scholar 

  26. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgement

This work was supported by JSPS KAKENHI Grant Number JP17H06571, and JST CREST Grant Number JPMJCR14D6, Japan. The second author is supported by a JSPS fellowship for Young Scientists (JP17J01987).

Author information

Authors and Affiliations

  1. Department of Mathematical Informatics, The University of Tokyo, Tokyo, Japan

    Weiyao Wang, Yuntao Wang, Atsushi Takayasu & Tsuyoshi Takagi

  2. Graduate School of Mathematics, Kyushu University, Fukuoka, Japan

    Yuntao Wang

  3. National Institute of Advanced Industrial Science and Technology, Tokyo, Japan

    Atsushi Takayasu

Authors
  1. Weiyao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuntao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atsushi Takayasu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiyao Wang .

Editor information

Editors and Affiliations

  1. Tokyo Denki University, Tokyo, Japan

    Atsuo Inomata

  2. Nippon Telegraph and Telephone Corporation, Tokyo, Japan

    Kan Yasuda

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, W., Wang, Y., Takayasu, A., Takagi, T. (2018). Estimated Cost for Solving Generalized Learning with Errors Problem via Embedding Techniques. In: Inomata, A., Yasuda, K. (eds) Advances in Information and Computer Security. IWSEC 2018. Lecture Notes in Computer Science(), vol 11049. Springer, Cham. https://doi.org/10.1007/978-3-319-97916-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97916-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97915-1

  • Online ISBN: 978-3-319-97916-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation