样本数量有限的带误差学习问题的硬度估计

IF 0.5 Q4 COMPUTER SCIENCE, THEORY & METHODS

Journal of Mathematical Cryptology Pub Date : 2019-03-01 DOI:10.1515/jmc-2017-0040

Markus Schmidt, Nina Bindel

{"title":"样本数量有限的带误差学习问题的硬度估计","authors":"Markus Schmidt, Nina Bindel","doi":"10.1515/jmc-2017-0040","DOIUrl":null,"url":null,"abstract":"Abstract The Learning With Errors (LWE) problem is one of the most important hardness assumptions lattice-based constructions base their security on. In 2015, Albrecht, Player and Scott presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness, it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"13 1","pages":"47 - 67"},"PeriodicalIF":0.5000,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2017-0040","citationCount":"15","resultStr":"{\"title\":\"Estimation of the hardness of the learning with errors problem with a restricted number of samples\",\"authors\":\"Markus Schmidt, Nina Bindel\",\"doi\":\"10.1515/jmc-2017-0040\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract The Learning With Errors (LWE) problem is one of the most important hardness assumptions lattice-based constructions base their security on. In 2015, Albrecht, Player and Scott presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness, it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.\",\"PeriodicalId\":43866,\"journal\":{\"name\":\"Journal of Mathematical Cryptology\",\"volume\":\"13 1\",\"pages\":\"47 - 67\"},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2019-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1515/jmc-2017-0040\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Mathematical Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1515/jmc-2017-0040\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Mathematical Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1515/jmc-2017-0040","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 15

摘要

带误差学习(LWE)问题是基于格结构安全性的最重要的硬度假设之一。2015年，Albrecht、Player和Scott提出了一种软件工具LWE- estimator，用于估计具体LWE实例的硬度，从而使基于格元的参数选择更加容易，并且具有更好的可比性。为了给出硬度的下界，我们假设每个算法都给出了相应的最优样本数。然而，对于许多加密应用程序来说，情况并非如此。在这项工作中，我们首先分析了给定有限样本数量的LWE实例的硬度。为此，我们从文献中描述LWE求解器，并在考虑有限样本数量的情况下估计其运行时间。基于我们的理论结果，我们扩展了lwe估计量。此外，我们评估了为加密方案提出的LWE实例，并展示了限制可用样本数量的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Estimation of the hardness of the learning with errors problem with a restricted number of samples

Abstract The Learning With Errors (LWE) problem is one of the most important hardness assumptions lattice-based constructions base their security on. In 2015, Albrecht, Player and Scott presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness, it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Mathematical Cryptology COMPUTER SCIENCE, THEORY & METHODS-

CiteScore

2.70

自引率

8.30%

发文量

审稿时长

100 weeks