Solving LWE problem with bounded errors in polynomial time

نویسنده

  • Jintai Ding
چکیده

In this paper, we present a new algorithm, such that, for the learning with errors (LWE) problems, if the errors are bounded – the errors do not span the whole prime finite field Fq but a fixed known subset of size D (D < q), which we call the learning with bounded errors (LWBE) problems, we can solve it with complexity O(n).

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Broadcast Attack against NTRU Using Ding's Algorithm

Very recently, Ding proposed an ingenious algorithm to solve LWE problem with bounded errors in polynomial time. We find that it can be easily used to give a broadcast attack against NTRU, the most efficient lattice-based publickey cryptosystem known to date.

متن کامل

On the Efficacy of Solving LWE by Reduction to Unique-SVP

We present a study of the concrete complexity of solving instances of the unique shortest vector problem (uSVP). In particular, we study the complexity of solving the Learning with Errors (LWE) problem by reducing the Bounded-Distance Decoding (BDD) problem to uSVP and attempting to solve such instances using the ‘embedding’ approach. We experimentally derive a model for the success of the appr...

متن کامل

On the complexity of the Arora-Ge Algorithm against LWE

Arora & Ge [5] recently showed that solving LWE can be reduced to solve a high-degree non-linear system of equations. They used a linearization to solve the systems. We investigate here the possibility of using Gröbner bases to improve Arora & Ge approach. Introduction The Learning With Errors (LWE) Problem was introduced by Regev in [27, 26]. It is a generalisation for large primes of the well...

متن کامل

Learning with Errors and Extrapolated Dihedral Cosets

The hardness of the learning with errors (LWE) problem is one of the most fruitful resources of modern cryptography. In particular, it is one of the most prominent candidates for secure post-quantum cryptography. Understanding its quantum complexity is therefore an important goal. We show that under quantum polynomial time reductions, LWE is equivalent to a relaxed version of the dihedral coset...

متن کامل

Large Modulus Ring-LWE ≥ Module-LWE

We present a reduction from the module learning with errors problem (MLWE) in dimension d and with modulus q to the ring learning with errors problem (RLWE) with modulus q. Our reduction increases the LWE error rate α by a quadratic factor in the ring dimension n and a square root in the module rank d for power-of-two cyclotomics. Since, on the other hand, MLWE is at least as hard as RLWE, we c...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2010  شماره 

صفحات  -

تاریخ انتشار 2010