Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples

The Learning with Errors problem (LWE) is one of the most important hardness assumptions latticebased constructions base their security on. Recently, Albrecht et al. (Journal of Mathematical Cryptology, 2015) presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.