Results 1 
4 of
4
Structural lattice reduction: Generalized worstcase to averagecase reductions. Eprint report 2014/283
, 2014
"... In lattice cryptography, worstcase to averagecase reductions rely on two problems: Ajtai’s SIS and Regev’s LWE, which refer to a very small class of random lattices related to the group G = Znq. We generalize worstcase to averagecase reductions to (almost) all integer lattices, by allowing G to ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
In lattice cryptography, worstcase to averagecase reductions rely on two problems: Ajtai’s SIS and Regev’s LWE, which refer to a very small class of random lattices related to the group G = Znq. We generalize worstcase to averagecase reductions to (almost) all integer lattices, by allowing G to be any (sufficiently large) finite abelian group. In particular, we obtain a partition of the set of fullrank integer lattices of large volume such that finding short vectors in a lattice chosen uniformly at random from any of the partition cells is as hard as finding short vectors in any integer lattice. Our main tool is a novel group generalization of lattice reduction, which we call structural lattice reduction: given a finite abelian group G and a lattice L, it finds a short basis of some lattice L ̄ such that L ⊆ L ̄ and L̄/L ' G. Our group generalizations of SIS and LWE allow us to abstract lattice cryptography, yet preserve worstcase assumptions. 1
On the concrete hardness of Learning with Errors
"... Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources required to run them. We consider both generic instances of LWE as well as small secret variants. Since for several methods of solving LWE we require a lattice reduction step, we also review lattice reduction algorithms and propose a refined model for estimating their running times. We also give concrete estimates for various families of LWE instances, provide a Sage module for computing these estimates and highlight gaps in the knowledge about algorithms for solving the Learning with Errors problem. 1
A Deterministic Polynomial Space Construction for nets under any Norm
, 2013
"... We give a deterministic polynomial space construction for nearly optimal nets with respect to any input ndimensional convex body K and norm ‖ · ‖. More precisely, our algorithm can build and iterate over an net of K with respect to ‖ · ‖ in time 2O(n) × ( size of the optimal net) using only ..."
Abstract
 Add to MetaCart
We give a deterministic polynomial space construction for nearly optimal nets with respect to any input ndimensional convex body K and norm ‖ · ‖. More precisely, our algorithm can build and iterate over an net of K with respect to ‖ · ‖ in time 2O(n) × ( size of the optimal net) using only poly(n)space. This improves on previous constructions of [ASL+13] which achieve either a 2O(n) approximation or an nO(n) approximation of the optimal net size using 2n space and poly(n)space respectively. As in [ASL+13], our algorithm relies on the mathematically classical approach of building thin lattice coverings of space, which reduces the task of constructing nets to the problem of enumerating lattice points. Our main technical contribution is a deterministic 2O(n)time and poly(n)space construction of thin lattice coverings of space with respect to any convex body, where enumeration in these lattices can be efficiently performed using poly(n)space. This also yields the first existential construction of poly(n)space enumerable thin covering lattices for general convex bodies, which we believe is of independent interest. Our construction combines the use of the Mellipsoid from convex geometry [Mil86] with lattice sparsification and densification techniques [Rog50, DK13]. As an application, we give a 2O(n)(1 + 1/)n time and poly(n)space deterministic algorithm for computing a (1 + )n approximation to the volume of a general convex body, which nearly matches the lower bounds for volume estimation in the oracle model (the dependence on is larger by a factor 2 in the exponent). This improves on the previous results of [DV13], which gave the above result only for symmetric bodies and achieved a dependence on of (1 + log5/2(1/)/2)n.
Improved Parameters and an Implementation of Graded Encoding Schemes from Ideal Lattices
"... Abstract. We discuss how to set parameters for GGHlike graded encoding schemes approximating cryptographic multilinear maps from ideal lattices and propose a strategy which reduces parameter sizes for concrete instances. Secondly, we discuss a first software implementation of a graded encoding sche ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We discuss how to set parameters for GGHlike graded encoding schemes approximating cryptographic multilinear maps from ideal lattices and propose a strategy which reduces parameter sizes for concrete instances. Secondly, we discuss a first software implementation of a graded encoding scheme based on GGHLite, an improved variant of Garg, Gentry and Halevi’s construction (GGH) due to Langlois, Stehle ́ and Steinfeld. Thirdly, we provide an implementation of noninteractive Npartite DiffieHellman key exchange. We discuss our implementation strategies and show that our implementation outperforms previous work. 1