Algebraically Structured LWE, Revisited

IF 2.3 3区计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS

Journal of Cryptology Pub Date : 2024-06-13 DOI:10.1007/s00145-024-09508-3

Chris Peikert, Zachary Pepin

{"title":"Algebraically Structured LWE, Revisited","authors":"Chris Peikert, Zachary Pepin","doi":"10.1007/s00145-024-09508-3","DOIUrl":null,"url":null,"abstract":"In recent years, there has been a proliferation of algebraically structured Learning With Errors (LWE) variants, including Ring-LWE, Module-LWE, Polynomial-LWE, Order-LWE, and Middle-Product LWE, and a web of reductions to support their hardness, both among these problems themselves and from related worst-case problems on structured lattices. However, these reductions are often difficult to interpret and use, due to the complexity of their parameters and analysis, and most especially their (frequently large) blowup and distortion of the error distributions. In this paper, we unify and simplify this line of work. First, we give a general framework that encompasses all proposed LWE variants (over commutative base rings) and in particular unifies all prior “algebraic” LWE variants defined over number fields. We then use this framework to give much simpler, more general, and tighter reductions from Ring-LWE to other algebraic LWE variants, including Module-LWE, Order-LWE, and Middle-Product LWE. In particular, all of our reductions have easy-to-analyze and frequently small error expansion; in most cases, they even leave the error unchanged. A main message of our work is that it is straightforward to use the hardness of the original Ring-LWE problem as a foundation for the hardness of all other algebraic LWE problems defined over number fields, via simple and rather tight reductions.","PeriodicalId":54849,"journal":{"name":"Journal of Cryptology","volume":"162 1","pages":""},"PeriodicalIF":2.3000,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cryptology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00145-024-09508-3","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

In recent years, there has been a proliferation of algebraically structured Learning With Errors (LWE) variants, including Ring-LWE, Module-LWE, Polynomial-LWE, Order-LWE, and Middle-Product LWE, and a web of reductions to support their hardness, both among these problems themselves and from related worst-case problems on structured lattices. However, these reductions are often difficult to interpret and use, due to the complexity of their parameters and analysis, and most especially their (frequently large) blowup and distortion of the error distributions. In this paper, we unify and simplify this line of work. First, we give a general framework that encompasses all proposed LWE variants (over commutative base rings) and in particular unifies all prior “algebraic” LWE variants defined over number fields. We then use this framework to give much simpler, more general, and tighter reductions from Ring-LWE to other algebraic LWE variants, including Module-LWE, Order-LWE, and Middle-Product LWE. In particular, all of our reductions have easy-to-analyze and frequently small error expansion; in most cases, they even leave the error unchanged. A main message of our work is that it is straightforward to use the hardness of the original Ring-LWE problem as a foundation for the hardness of all other algebraic LWE problems defined over number fields, via simple and rather tight reductions.

Abstract Image

查看原文本刊更多论文

重新审视代数结构的 LWE

近年来，代数结构的有误差学习（LWE）变体层出不穷，包括环-LWE、模块-LWE、多项式-LWE、阶-LWE 和中积-LWE，以及支持这些问题本身和结构网格上相关最坏情况问题硬度的还原网络。然而，由于参数和分析的复杂性，尤其是误差分布的（经常是很大的）膨胀和扭曲，这些还原往往难以解释和使用。在本文中，我们将统一并简化这些工作。首先，我们给出了一个总体框架，它涵盖了所有已提出的 LWE 变体（在交换基环上），尤其是统一了所有先前定义在数域上的 "代数 "LWE 变体。然后，我们利用这个框架给出了从环-LWE 到其他代数 LWE 变体（包括模块-LWE、阶-LWE 和中积 LWE）的更简单、更一般和更严密的还原。特别是，我们所有的还原都易于分析，而且误差扩展往往很小；在大多数情况下，它们甚至保持误差不变。我们工作的一个主要启示是，通过简单而严密的还原，可以直接利用原始环-LWE 问题的难易程度，作为定义在数域上的所有其他代数 LWE 问题难易程度的基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cryptology 工程技术-工程：电子与电气

CiteScore

7.10

自引率

3.30%

发文量

审稿时长

18 months

期刊介绍： The Journal of Cryptology is a forum for original results in all areas of modern information security. Both cryptography and cryptanalysis are covered, including information theoretic and complexity theoretic perspectives as well as implementation, application, and standards issues. Coverage includes such topics as public key and conventional algorithms and their implementations, cryptanalytic attacks, pseudo-random sequences, computational number theory, cryptographic protocols, untraceability, privacy, authentication, key management and quantum cryptography. In addition to full-length technical, survey, and historical articles, the journal publishes short notes.