Article

On lattices, learning with errors, random linear codes, and cryptography

Author:

Oded RegevAuthors Info & Claims

STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing

Pages 84 - 93

https://doi.org/10.1145/1060590.1060603

Published: 22 May 2005 Publication History

Abstract

Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the 'learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical.Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n²) and encrypting a message increases its size by Õ(n)(in previous cryptosystems these values are Õ(n⁴) and Õ(n²), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n²), the size of the public key can be reduced to Õ(n).

References

[1]

D. Aharonov and O. Regev. Lattice problems in NP intersect coNP. In Proc. 45th Annual IEEE Symp. on Foundations of Computer Science (FOCS), pages 362--371, 2004.

Digital Library

[2]

M. Ajtai. Generating hard instances of lattice problems. In ECCCTR: Electronic Colloquium on Computational Complexity, technical reports, 1996.

[3]

M. Ajtai. Representing hard lattices with O(n log n) bits. In Proc. 37th Annual ACM Symp. on Theory of Computing (STOC), 2005.

Digital Library

[4]

M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In Proc. 29th Annual ACM Symp. on Theory of Computing (STOC), pages 284--293, 1997.

Digital Library

[5]

M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33rd ACM Symp. on Theory of Computing, pages 601--610, 2001.

Digital Library

[6]

M. Alekhnovich. More on average case vs approximation complexity. In Proc. 44th Annual IEEE Symp. on Foundations of Computer Science (FOCS), pages 298--307, 2003.

Digital Library

[7]

A. Blum, M. Furst, M. Kearns, and R. J. Lipton. Cryptographic primitives based on hard learning problems. In Advances in cryptology---CRYPTO '93 (Santa Barbara, CA, 1993), volume 773 of Lecture Notes in Comput. Sci., pages 278--291. Springer, Berlin, 1994.

Digital Library

[8]

A. Blum, A. Kalai, and H. Wasserman. Noise-tolerant learning, the parity problem, and the statistical query model. Journal of the ACM, 50(4):506--519, 2003.

Digital Library

[9]

J.-Y. Cai and A. Nerurkar. An improved worst-case to average-case connection for lattice problems. In Proc. 38th Annual IEEE Symp. on Foundations of Computer Science (FOCS), pages 468--477, 1997.

Digital Library

[10]

W. Ebeling. Lattices and codes. Advanced Lectures in Mathematics. Friedr. Vieweg & Sohn, Braunschweig, revised edition, 2002. A course partially based on lectures by F. Hirzebruch.

Digital Library

[11]

U. Feige. Relations between average case complexity and approximation complexity. In Proc. 34th Annual ACM Symp. on Theory of Computing (STOC), pages 534--543, 2002.

Digital Library

[12]

R. Kumar and D. Sivakumar. On polynomial approximation to the shortest lattice vector length. In Proc. 12th Annual ACM-SIAM Symp. on Discrete Algorithms, pages 126--127, 2001.

Digital Library

[13]

D. Micciancio. Improved cryptographic hash functions with worst-case/average-case connection. In Proc. 34th Annual ACM Symp. on Theory of Computing (STOC), pages 609--618, 2002.

Digital Library

[14]

D. Micciancio. Almost perfect lattices, the covering radius problem, and applications to Ajtai's connection factor. SIAM Journal on Computing, 2004. Accepted for publication. Available from author's web page at URL http://www.cse.ucsd.edu/users/daniele.

Digital Library

[15]

D. Micciancio and S. Goldwasser. Complexity of Lattice Problems: A Cryptographic Perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, Massachusetts, Mar. 2002.

Digital Library

[16]

D. Micciancio and O. Regev. Worst-case to average-case reductions based on Gaussian measures. In Proc. 45th Annual IEEE Symp. on Foundations of Computer Science (FOCS), 2004.

Digital Library

[17]

O. Regev. New lattice based cryptographic constructions. In Proc. 35th Annual ACM Symp. on Theory of Computing (STOC), pages 407--416, 2003.

Digital Library

Cited By

Lee K(2024)Bit Security as Cost to Demonstrate AdvantageIACR Communications in Cryptology10.62056/an5txol7Online publication date: 9-Apr-2024
https://doi.org/10.62056/an5txol7
Bock EBrzuska CLai R(2024)Simple Watermarking Pseudorandom Functions from Extractable Pseudorandom GeneratorsIACR Communications in Cryptology10.62056/aevur-10kOnline publication date: 8-Jul-2024
https://doi.org/10.62056/aevur-10k
Kolby SRavi DYakoubov S(2024)Constant-Round YOSO MPC Without SetupIACR Communications in Cryptology10.62056/ae5w4fe-3Online publication date: 7-Oct-2024
https://doi.org/10.62056/ae5w4fe-3
Show More Cited By

Index Terms

On lattices, learning with errors, random linear codes, and cryptography
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
2. Theory of computation
  1. Design and analysis of algorithms

Recommendations

On Ideal Lattices and Learning with Errors over Rings

The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent ...
On lattices, learning with errors, random linear codes, and cryptography

Our main result is a reduction from worst-case lattice problems such as GapSVP and SIVP to a certain learning problem. This learning problem is a natural extension of the “learning from parity with error” problem to higher moduli. It can also be viewed ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing

May 2005

778 pages

ISBN:1581139608

DOI:10.1145/1060590

General Chair:
Hal Gabow
University of Colorado
,
Program Chair:
Ronald Fagin
IBM Almaden Research Center

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 May 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

STOC05

Sponsor:

STOC05: Symposium on Theory of Computing

May 22 - 24, 2005

MD, Baltimore, USA

Acceptance Rates

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1,473
Total Citations
View Citations
4,907
Total Downloads

Downloads (Last 12 months)444
Downloads (Last 6 weeks)62

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lee K(2024)Bit Security as Cost to Demonstrate AdvantageIACR Communications in Cryptology10.62056/an5txol7Online publication date: 9-Apr-2024
https://doi.org/10.62056/an5txol7
Bock EBrzuska CLai R(2024)Simple Watermarking Pseudorandom Functions from Extractable Pseudorandom GeneratorsIACR Communications in Cryptology10.62056/aevur-10kOnline publication date: 8-Jul-2024
https://doi.org/10.62056/aevur-10k
Kolby SRavi DYakoubov S(2024)Constant-Round YOSO MPC Without SetupIACR Communications in Cryptology10.62056/ae5w4fe-3Online publication date: 7-Oct-2024
https://doi.org/10.62056/ae5w4fe-3
Cao JCheng QWeng J(2024)Optimizing $c$-sum BKW and Faster Quantum Variant for LWEIACR Communications in Cryptology10.62056/a6qj5w7sfOnline publication date: 7-Oct-2024
https://doi.org/10.62056/a6qj5w7sf
Guo QMårtensson EÅström A(2024)The Perils of Limited Key Reuse: Adaptive and Parallel Mismatch Attacks with Post-processing Against KyberIACR Communications in Cryptology10.62056/a3n5qj888Online publication date: 7-Oct-2024
https://doi.org/10.62056/a3n5qj888
Takhanov R(2024)Almost pairwise independence and resilience to deep learning attacksIACR Communications in Cryptology10.62056/a3ksa69p1Online publication date: 7-Oct-2024
https://doi.org/10.62056/a3ksa69p1
Al Badawi A(2024)Private SVM Inference on Encrypted DataSupport Vector Machines - Algorithms, Optimizations, and Real-World Applications [Working Title]10.5772/intechopen.1006690Online publication date: 4-Sep-2024
https://doi.org/10.5772/intechopen.1006690
Maqousi AAlauthman MAlmomani A(2024)Homomorphic Encryption Enabling Computation on Encrypted Data for Secure Cloud ComputingInnovations in Modern Cryptography10.4018/979-8-3693-5330-1.ch009(215-240)Online publication date: 12-Jul-2024
https://doi.org/10.4018/979-8-3693-5330-1.ch009
Lee Y(2024)LMKCDEY Revisited: Speeding Up Blind Rotation with Signed Evaluation KeysMathematics10.3390/math1218290912:18(2909)Online publication date: 18-Sep-2024
https://doi.org/10.3390/math12182909
Li DZhong JCheng SZhang YGao SCui Y(2024)High-Performance Hardware Implementation of the Saber Key Encapsulation ProtocolElectronics10.3390/electronics1304067513:4(675)Online publication date: 6-Feb-2024
https://doi.org/10.3390/electronics13040675
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents