Security Considerations for Galois Non-dual RLWE Families
نویسندگان
چکیده
We explore further the hardness of the non-dual discrete variant of the Ring-LWE problem for various number rings, give improved attacks for certain rings satisfying some additional assumptions, construct a new family of vulnerable Galois number fields, and apply some number theoretic results on Gauss sums to deduce the likely failure of these attacks for 2-power cyclotomic rings and unramified moduli.
منابع مشابه
Attacks on the Search-RLWE problem with small errors
The Ring Learning-With-Errors (RLWE) problem shows great promise for post-quantum cryptography and homomorphic encryption. We describe a new attack on the non-dual search RLWE problem with small error widths, using ring homomorphisms to finite fields and the chi-square statistical test. In particular, we identify a “subfield vulnerability” (Section 5.2) and give a new attack which finds this vu...
متن کاملProvably Weak Instances of Ring-LWE Revisited
In CRYPTO 2015, Elias, Lauter, Ozman and Stange described an attack on the non-dual decision version of the ring learning with errors problem (RLWE) for two special families of defining polynomials, whose construction depends on the modulus q that is being used. For particularly chosen error parameters, they managed to solve nondual decision RLWE given 20 samples, with a success rate ranging fr...
متن کاملAttacks on Search RLWE
We describe a new attack on the Search Ring Learning-With-Errors (RLWE) problem based on the chi-square statistical test, and give examples of RLWE instances in Galois number fields which are vulnerable to our attack. We prove a search-to-decision reduction for Galois fields which applies for any unramified prime modulus q, regardless of the residue degree f of q, and we use this in our attacks...
متن کاملVulnerable Galois RLWE Families and Improved Attacks
Lattice-based cryptography was introduced in the mid 1990s in two different forms, independently by Ajtai-Dwork [AD97] and Hoffstein-Pipher-Silverman [HPSS08]. Thanks to the work of Stehlé-Steinfeld [SS11], we now understand the NTRU cryptosystem introduced by Hoffstein-Pipher-Silverman to be a variant of a cryptosystem which has security reductions to the Ring Learning With Errors (RLWE) probl...
متن کاملObfuscation of Bloom Filter Queries from Ring-LWE
We devise a virtual black-box (VBB) obfuscator for querying whether set elements are stored within Bloom filters, with security based on the Ring Learning With Errors (RLWE) problem and strongly universal hash functions. Our construction uses an abstracted encoding scheme that we instantiate using the Gentry, Gorbunov and Halevi (GGH15) multilinear map, with an explicit security reduction to RL...
متن کامل