Hardness of (Semiuniform) MLWE with Short Distributions Using the Rényi Divergence

IF 1.3 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Information Security Pub Date : 2023-10-23 DOI:10.1049/2023/2104380

Wenjuan Jia, Baocang Wang

{"title":"Hardness of (Semiuniform) MLWE with Short Distributions Using the Rényi Divergence","authors":"Wenjuan Jia, Baocang Wang","doi":"10.1049/2023/2104380","DOIUrl":null,"url":null,"abstract":"The module learning with errors (MLWE) problem has attracted considerable attention for its tradeoff between security and efficiency. The quantum/classical worst-case to average-case hardness for the MLWE problem (or more exactly, a family of problems) has been established, but most of the known results require the seed distribution to be the uniform distribution. In the present paper, we show that, using the noise flooding technique based on the Rényi divergence, the search MLWE problem with uniform <math xmlns=\"http://www.w3.org/1998/Math/MathML\" id=\"M1\"> <mi>B</mi> </math> -bounded secret distribution for <math xmlns=\"http://www.w3.org/1998/Math/MathML\" id=\"M2\"> <mn>1</mn> <mo>≤</mo> <mi>B</mi> <mo>≪</mo> <mi>q</mi> </math> can still be hard for some seed distributions that are not (even computationally indistinguishable from) the uniform distribution under the standard MLWE assumption. Specifically, we show that if the seed distribution is a semiuniform distribution (namely, the seed distribution can be publicly derived from and has a “small difference” to the uniform distribution), then for suitable parameter choices, the search MLWE problem with uniform bounded secret distribution is hard under the standard MLWE assumption. Moreover, we also show that under the appropriate setting of parameters, the search MLWE problem with uniform bounded noise distribution is at least as hard as the standard MLWE assumption using a different approach than the one used by Boudgoust et al. in [JoC 2023].","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"23 6","pages":"0"},"PeriodicalIF":1.3000,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/2023/2104380","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The module learning with errors (MLWE) problem has attracted considerable attention for its tradeoff between security and efficiency. The quantum/classical worst-case to average-case hardness for the MLWE problem (or more exactly, a family of problems) has been established, but most of the known results require the seed distribution to be the uniform distribution. In the present paper, we show that, using the noise flooding technique based on the Rényi divergence, the search MLWE problem with uniform

B

-bounded secret distribution for

1 \leq B ≪ q

can still be hard for some seed distributions that are not (even computationally indistinguishable from) the uniform distribution under the standard MLWE assumption. Specifically, we show that if the seed distribution is a semiuniform distribution (namely, the seed distribution can be publicly derived from and has a “small difference” to the uniform distribution), then for suitable parameter choices, the search MLWE problem with uniform bounded secret distribution is hard under the standard MLWE assumption. Moreover, we also show that under the appropriate setting of parameters, the search MLWE problem with uniform bounded noise distribution is at least as hard as the standard MLWE assumption using a different approach than the one used by Boudgoust et al. in [JoC 2023].

查看原文本刊更多论文

用rsamnyi散度分析短分布(半均匀)MLWE的硬度

带误差模块学习(MLWE)问题因其在安全性和效率之间的权衡问题而备受关注。MLWE问题(或者更确切地说，一类问题)的量子/经典最坏情况到平均情况的硬度已经建立，但大多数已知结果要求种子分布是均匀分布。在本论文中，我们表明，使用基于r尼散度的噪声泛流技术，对于一些种子分布(甚至在计算上与标准MLWE假设下的均匀分布无法区分)来说，对于1≤B≪q的均匀B有界秘密分布的搜索MLWE问题仍然是困难的。具体来说，我们证明了如果种子分布是半均匀分布(即种子分布可以公开地从均匀分布中导出，并且与均匀分布有“小差异”)，那么对于合适的参数选择，在标准MLWE假设下，具有均匀有界秘密分布的搜索MLWE问题是困难的。此外，我们还表明，在适当的参数设置下，使用与Boudgoust等人在[JoC 2023]中使用的方法不同的方法，具有均匀有界噪声分布的搜索MLWE问题至少与标准MLWE假设一样困难。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf