基于环的LWE误差分布

Q1 Mathematics

Lms Journal of Computation and Mathematics Pub Date : 2016-01-01 DOI:10.1112/S1461157016000280

W. Castryck, Ilia Iliashenko, F. Vercauteren

{"title":"基于环的LWE误差分布","authors":"W. Castryck, Ilia Iliashenko, F. Vercauteren","doi":"10.1112/S1461157016000280","DOIUrl":null,"url":null,"abstract":"Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the ring learning with errors problem (ring-LWE) has become a popular building block for cryptographic primitives, due to its great versatility and its hardness proof consisting of a (quantum) reduction from ideal lattice problems. But, for a given modulus q and degree n number field K, generating ring-LWE samples can be perceived as cumbersome, because the secret keys have to be taken from the reduction mod q of a certain fractional ideal O-K(V) subset of K called the codifferent or 'dual', rather than from the ring of integers O-K itself. This has led to various non-dual variants of ring-LWE, in which one compensates for the non-duality by scaling up the errors. We give a comparison of these versions, and revisit some unfortunate choices that have been made in the recent literature, one of which is scaling up by vertical bar Delta(K)vertical bar(1/2n) with Delta(K) the discriminant of K. As a main result, we provide, for any epsilon > 0, a family of number fields K for which this variant of ring-LWE can be broken easily as soon as the errors are scaled up by vertical bar Delta(K)vertical bar((1-epsilon)/n).","PeriodicalId":54381,"journal":{"name":"Lms Journal of Computation and Mathematics","volume":"19 1","pages":"130-145"},"PeriodicalIF":0.0000,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1112/S1461157016000280","citationCount":"20","resultStr":"{\"title\":\"On error distributions in ring-based LWE\",\"authors\":\"W. Castryck, Ilia Iliashenko, F. Vercauteren\",\"doi\":\"10.1112/S1461157016000280\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the ring learning with errors problem (ring-LWE) has become a popular building block for cryptographic primitives, due to its great versatility and its hardness proof consisting of a (quantum) reduction from ideal lattice problems. But, for a given modulus q and degree n number field K, generating ring-LWE samples can be perceived as cumbersome, because the secret keys have to be taken from the reduction mod q of a certain fractional ideal O-K(V) subset of K called the codifferent or 'dual', rather than from the ring of integers O-K itself. This has led to various non-dual variants of ring-LWE, in which one compensates for the non-duality by scaling up the errors. We give a comparison of these versions, and revisit some unfortunate choices that have been made in the recent literature, one of which is scaling up by vertical bar Delta(K)vertical bar(1/2n) with Delta(K) the discriminant of K. As a main result, we provide, for any epsilon > 0, a family of number fields K for which this variant of ring-LWE can be broken easily as soon as the errors are scaled up by vertical bar Delta(K)vertical bar((1-epsilon)/n).\",\"PeriodicalId\":54381,\"journal\":{\"name\":\"Lms Journal of Computation and Mathematics\",\"volume\":\"19 1\",\"pages\":\"130-145\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1112/S1461157016000280\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Lms Journal of Computation and Mathematics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1112/S1461157016000280\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Mathematics\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Lms Journal of Computation and Mathematics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1112/S1461157016000280","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 20

摘要

自2010年由Lyubashevsky, Peikert和Regev引入以来，带错误的环学习问题(ring- lwe)由于其强大的通用性和由理想晶格问题组成的(量子)约简的硬度证明，已经成为加密原语的流行构建块。但是，对于给定的模数q和n度数域K，生成环lwe样本可能会被认为是麻烦的，因为密钥必须从K的某个分数理想O-K(V)子集的约简模q中提取，称为协差或“对偶”，而不是从整数O-K本身的环中提取。这导致了环lwe的各种非对偶变体，其中通过放大误差来补偿非对偶性。我们给这些版本的比较,重新审视一些不幸的选择已经在最近的文献中,其中之一是扩大由竖线δ(K)竖线(1/2n)δ(K) K .作为一个主要的判别结果,我们提供,对于任何ε> 0,一个家庭的字段数K的变体ring-LWE就可以被很容易的错误是由竖线δ(K)扩大竖线((1 -ε)/ n)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

On error distributions in ring-based LWE

Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the ring learning with errors problem (ring-LWE) has become a popular building block for cryptographic primitives, due to its great versatility and its hardness proof consisting of a (quantum) reduction from ideal lattice problems. But, for a given modulus q and degree n number field K, generating ring-LWE samples can be perceived as cumbersome, because the secret keys have to be taken from the reduction mod q of a certain fractional ideal O-K(V) subset of K called the codifferent or 'dual', rather than from the ring of integers O-K itself. This has led to various non-dual variants of ring-LWE, in which one compensates for the non-duality by scaling up the errors. We give a comparison of these versions, and revisit some unfortunate choices that have been made in the recent literature, one of which is scaling up by vertical bar Delta(K)vertical bar(1/2n) with Delta(K) the discriminant of K. As a main result, we provide, for any epsilon > 0, a family of number fields K for which this variant of ring-LWE can be broken easily as soon as the errors are scaled up by vertical bar Delta(K)vertical bar((1-epsilon)/n).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Lms Journal of Computation and Mathematics MATHEMATICS, APPLIED-MATHEMATICS

CiteScore

2.60

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： LMS Journal of Computation and Mathematics has ceased publication. Its final volume is Volume 20 (2017). LMS Journal of Computation and Mathematics is an electronic-only resource that comprises papers on the computational aspects of mathematics, mathematical aspects of computation, and papers in mathematics which benefit from having been published electronically. The journal is refereed to the same high standard as the established LMS journals, and carries a commitment from the LMS to keep it archived into the indefinite future. Access is free until further notice.