Middle-Product Learning with Errors

We introduce a new variant \(\mathsf {MP}\text {-}\mathsf {LWE}\) of the Learning With Errors problem (\(\mathsf {LWE}\)) making use of the Middle Product between polynomials modulo an integer q. We exhibit a reduction from the Polynomial-\(\mathsf {LWE}\) problem (\(\mathsf {PLWE}\)) parametrized by a polynomial f, to \(\mathsf {MP}\text {-}\mathsf {LWE}\) which is defined independently of any such f. The reduction only requires f to be monic with constant coefficient coprime with q. It incurs a noise growth proportional to the so-called expansion factor of f. We also describe a public-key encryption scheme with quasi-optimal asymptotic efficiency (the bit-sizes of the keys and the run-times of all involved algorithms are quasi-linear in the security parameter), which is secure against chosen plaintext attacks under the \(\mathsf {MP}\text {-}\mathsf {LWE}\) hardness assumption. The scheme is hence secure under the assumption that \(\mathsf {PLWE}\) is hard for at least one polynomial f of degree n among a family of f’s which is exponential in n.

[1]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[2]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[3]  Tanja Lange,et al.  NTRU Prime , 2016, IACR Cryptol. ePrint Arch..

[4]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[5]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[6]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.

[7]  Kristin E. Lauter,et al.  Provably Weak Instances of Ring-LWE , 2015, CRYPTO.

[8]  Wouter Castryck,et al.  On the tightness of the error bound in Ring-LWE , 2016, IACR Cryptol. ePrint Arch..

[9]  Hao Chen,et al.  Attacks on Search RLWE , 2015, IACR Cryptol. ePrint Arch..

[10]  Vadim Lyubashevsky,et al.  Digital Signatures Based on the Hardness of Ideal Lattice Problems in All Rings , 2016, ASIACRYPT.

[11]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[12]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[13]  Chris Peikert,et al.  How (Not) to Instantiate Ring-LWE , 2016, SCN.

[14]  Victor Shoup Efficient computation of minimal polynomials in algebraic extensions of finite fields , 1999, ISSAC '99.

[15]  Hao Chen,et al.  Vulnerable Galois RLWE Families and Improved Attacks , 2016, IACR Cryptol. ePrint Arch..

[16]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[17]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[18]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[19]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[20]  Wouter Castryck,et al.  Provably Weak Instances of Ring-LWE Revisited , 2016, EUROCRYPT.

[21]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[22]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[23]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[24]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[25]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[26]  Kristin E. Lauter,et al.  Weak Instances of PLWE , 2014, Selected Areas in Cryptography.

[27]  Guillaume Hanrot,et al.  The Middle Product Algorithm I , 2004, Applicable Algebra in Engineering, Communication and Computing.

[28]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[29]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.