Algebraic Aspects of Solving Ring-LWE, Including Ring-Based Improvements in the Blum--Kalai--Wasserman Algorithm
نویسندگان
چکیده
We provide a reduction of the Ring-LWE problem to problems in subrings, presence samples restricted form (i.e., $(a,b)$ such that $a$ is multiplicative coset subring). To create and exploit samples, we propose Ring-BKW, version Blum--Kalai--Wasserman (BKW) algorithm which respects ring structure. Off-the-shelf BKW dimension (including coded-BKW sieving) can be used for phase. Its primary advantage there no need back-substitution, solving/hypothesis-testing phase parallelized. also present method symmetry reduce table sizes, needed, runtime during The results apply 2-power cyclotomic with parameters proposed practical use all splitting types).
منابع مشابه
On error distributions in ring-based LWE
Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the ring learning with errors problem (ring-LWE) has become a popular building block for cryptographic primitives, due to its great versatility and its hardness proof consisting of a (quantum) reduction from ideal lattice problems. But, for a given modulus q and degree n number field K, generating ring-LWE samples can be perceiv...
متن کاملChallenges for Ring-LWE
As lattice cryptography becomes more widely used in practice, there is an increasing need for further cryptanalytic effort and higher-confidence security estimates for its underlying computational problems. Of particular interest is a class of problems used in many recent implementations, namely, Learning With Errors (LWE), its more efficient ring-based variant Ring-LWE, and their “deterministi...
متن کاملSharper Ring-LWE Signatures
We present TESLA] (pronounced “Tesla Sharp”), a digital signature scheme based on the R-LWE assumption that continues a recent line of proposals of lattice-based digital signature schemes originating in work by Lyubashevsky as well as by Bai and Galbraith. It improves upon all of its predecessors in that it attains much faster key pair generation, signing, and verification, outperforming most (...
متن کاملCompact Ring-LWE Cryptoprocessor
In this paper we propose an efficient and compact processor for a ring-LWE based encryption scheme. We present three optimizations for the Number Theoretic Transform (NTT) used for polynomial multiplication: we avoid preprocessing in the negative wrapped convolution by merging it with the main algorithm, we reduce the fixed computation cost of the twiddle factors and propose an advanced memory ...
متن کامل3 Ring LWE
The learning with errors (LWE) problem is to efficiently distinguish vectors created from a ‘noisy’ set of linear equations between uniformly random vectors. Given a matrix A ∈ Zm×n q and a vector v ∈ Zq , the goal is to determine whether v has been sampled uniformly at random from Zq or whether v = As+ e for some random s ∈ Zq and e ∈ χm, where χ is a small ‘noise’ distribution over Zq. Observ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: SIAM Journal on Applied Algebra and Geometry
سال: 2021
ISSN: ['2470-6566']
DOI: https://doi.org/10.1137/19m1280442