Non-Commutative Ring Learning With Errors From Cyclic Algebras

The Learning with Errors (LWE) problem is the fundamental backbone of modern lattice based cryptography, allowing one to establish cryptography on the hardness of well-studied computational problems. However, schemes based on LWE are often impractical, so Ring LWE was introduced as a form of `structured' LWE, trading off a hard to quantify loss of security for an increase in efficiency by working over a well chosen ring. Another popular variant, Module LWE, generalizes this exchange by implementing a module structure over a ring. In this work, we introduce a novel variant of LWE over cyclic algebras (CLWE) to replicate the addition of the ring structure taking LWE to Ring LWE by adding cyclic structure to Module LWE. The proposed construction is both more efficient than Module LWE and conjecturally more secure than Ring LWE, the best of both worlds. We show that the security reductions expected for an LWE problem hold, namely a reduction from certain structured lattice problems to the hardness of the decision variant of the CLWE problem. As a contribution of theoretic interest, we view CLWE as the first variant of Ring LWE which supports non-commutative multiplication operations. This ring structure compares favorably with Module LWE, and naturally allows a larger message space for error correction coding.

[1]  F. Pérez-González,et al.  On Ring Learning with Errors over the Tensor Product of Number Fields , 2016 .

[2]  Chris Peikert,et al.  Algebraically Structured LWE, Revisited , 2019, IACR Cryptol. ePrint Arch..

[3]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[4]  Jean-François Biasse,et al.  On the quantum attacks against schemes relying on the hardness of finding a short generator of an ideal in ℚ(𝜁2𝑠 ) , 2019, J. Math. Cryptol..

[5]  Vladimir Shpilrain,et al.  Generalized Learning Problems and Applications to Non-commutative Cryptography , 2011, ProvSec.

[6]  Chris Peikert,et al.  Challenges for Ring-LWE , 2016, IACR Cryptol. ePrint Arch..

[7]  Qi Cheng,et al.  LWE from non-commutative group rings , 2016, Designs, Codes and Cryptography.

[8]  Fernando Pérez-González,et al.  On Ideal Lattices over the Tensor Product of Number Fields and Ring Learning with Errors over Multivariate Rings , 2016, ArXiv.

[9]  Yu-Chih Huang,et al.  Layered Space- Time Index Coding , 2018, 2018 IEEE International Symposium on Information Theory (ISIT).

[10]  Frédérique E. Oggier,et al.  Quotients of orders in cyclic algebras and space-time codes , 2013, Adv. Math. Commun..

[11]  Chris Peikert,et al.  How (Not) to Instantiate Ring-LWE , 2016, SCN.

[12]  Hsiao-feng Lu,et al.  Constructions of Multiblock Space–Time Coding Schemes That Achieve the Diversity–Multiplexing Tradeoff , 2008, IEEE Transactions on Information Theory.

[13]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[14]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[15]  Jyrki T. Lahtonen,et al.  Construction of Multiblock Space–Time Codes From Division Algebras With Roots of Unity as Nonnorm Elements , 2008, IEEE Transactions on Information Theory.

[16]  Carl Bootland,et al.  On the Security of the Multivariate Ring Learning with Errors Problem , 2018, IACR Cryptol. ePrint Arch..

[17]  Frédérique E. Oggier,et al.  Cyclic Division Algebras: A Tool for Space-Time Coding , 2007, Found. Trends Commun. Inf. Theory.

[18]  Cong Ling,et al.  Almost Universal Codes for MIMO Wiretap Channels , 2018, IEEE Transactions on Information Theory.

[19]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[20]  Fernando Pérez-González,et al.  Revisiting Multivariate Ring Learning with Errors and its Applications on Lattice-based Cryptography , 2021, IACR Cryptol. ePrint Arch..

[21]  P. Vijay Kumar,et al.  Perfect Space–Time Codes for Any Number of Antennas , 2007, IEEE Transactions on Information Theory.

[22]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[23]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[24]  Jean-François Biasse,et al.  On the quantum attacks against schemes relying on the hardness of finding a short generator of an ideal in Q ( ζ p n ) ( extended abstract ) , 2015 .

[25]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[26]  Daniel Apon,et al.  Status report on the first round of the NIST post-quantum cryptography standardization process , 2019 .

[27]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[28]  Abhishek Banerjee,et al.  New and Improved Key-Homomorphic Pseudorandom Functions , 2014, CRYPTO.

[29]  Richard Jozsa,et al.  Quantum factoring, discrete logarithms, and the hidden subgroup problem , 1996, Comput. Sci. Eng..

[30]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[31]  P. Campbell,et al.  SOLILOQUY: A CAUTIONARY TALE , 2014 .

[32]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[33]  Xavier Caruso,et al.  Fast Multiplication for Skew Polynomials , 2017, ISSAC.

[34]  Yu-Chih Huang,et al.  Lattice Index Codes From Algebraic Number Fields , 2015, IEEE Transactions on Information Theory.

[35]  Dingding Jia,et al.  LAC: Practical Ring-LWE Based Public-Key Encryption with Byte-Level Modulus , 2018, IACR Cryptol. ePrint Arch..

[36]  Zvika Brakerski,et al.  Order-LWE and the Hardness of Ring-LWE with Entropic Secrets , 2018, IACR Cryptol. ePrint Arch..

[37]  Sven Puchinger,et al.  Fast Operations on Linearized Polynomials and their Applications in Coding Theory , 2015, J. Symb. Comput..

[38]  Damien Stehlé,et al.  CRYSTALS-Kyber Algorithm Specifications And Supporting Documentation , 2017 .

[39]  Vadim Lyubashevsky,et al.  NTTRU: Truly Fast NTRU Using NTT , 2019, IACR Cryptol. ePrint Arch..

[40]  Camilla Hollanti,et al.  Maximal Orders in the Design of Dense Space-Time Lattice Codes , 2008, IEEE Transactions on Information Theory.

[41]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[42]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[43]  F. Oggier,et al.  An Introduction to Central Simple Algebras and Their Applications to Wireless Communication , 2013 .

[44]  Camilla Hollanti,et al.  On the Densest MIMO Lattices From Cyclic Division Algebras , 2007, IEEE Transactions on Information Theory.

[45]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[46]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[47]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..