Item type |
SIG Technical Reports(1) |
公開日 |
2018-07-18 |
タイトル |
|
|
タイトル |
A New Embedding Method for Generalized LWE |
タイトル |
|
|
言語 |
en |
|
タイトル |
A New Embedding Method for Generalized LWE |
言語 |
|
|
言語 |
eng |
資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_18gh |
|
資源タイプ |
technical report |
著者所属 |
|
|
|
東京大学大学院情報理工学系研究科 |
著者所属 |
|
|
|
東京大学大学院情報理工学系研究科/九州大学大学院数理学府 |
著者所属 |
|
|
|
東京大学大学院情報理工学系研究科/国立研究開発法人産業技術総合研究所 |
著者所属 |
|
|
|
東京大学大学院情報理工学系研究科 |
著者所属(英) |
|
|
|
en |
|
|
Graduate School of Information Science and Technology, The University of Tokyo |
著者所属(英) |
|
|
|
en |
|
|
Graduate School of Information Science and Technology, The University of Tokyo / Graduate School of Mathematics, Kyushu University |
著者所属(英) |
|
|
|
en |
|
|
Graduate School of Information Science and Technology, The University of Tokyo / National Institute of Advanced Industrial Science and Technology, |
著者所属(英) |
|
|
|
en |
|
|
Graduate School of Information Science and Technology, The University of Tokyo |
著者名 |
王, 偉尭
王, 贇トウ
高安, 敦
高木, 剛
|
著者名(英) |
Weiyao, Wang
Yuntao, Wang
Atsushi, Takayasu
Tsuyoshi, Takagi
|
論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Estimating for the computational cost of solving learning with errors (LWE) problem is an indispensable research topic to the lattice-based cryptography in practice. For this purpose, the embedding approach is usually employed. The technique first constructs a basis matrix by embedding an LWE instance. At this stage, Kannan's and Bai-Galbraith's embeddings are believed to be the most efficient approaches for the standard and the binary LWE with secret vectors in Znq and {0,1}ⁿ, respectively. Indeed, both methods work well with sufficiently many LWE samples. After the embedding phase, solving the unique shortest vector problem (uSVP) in the lattice spanned by the basis matrix results in solving the LWE. Recently, there are several lattice-based schemes whose secret vectors have special distributions, e.g., small elements and / or sparse vectors, have been proposed to realize efficient implementations. In this paper, to capture such settings and more, we study the LWE problem in a general setting. We analyze the LWE problem whose secret vectors are sampled from arbitrary distributions. Furthermore, we also study the problem when the number of samples is restricted. We believe that our work provides more general understanding of the hardness of LWE. Moreover, we propose a half-twisted embedding that contains the existing two embedding methods as special cases. This proposal enables us to analyze the hardness of LWE in a generic manner and sometimes provides improved attacks. |
論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Estimating for the computational cost of solving learning with errors (LWE) problem is an indispensable research topic to the lattice-based cryptography in practice. For this purpose, the embedding approach is usually employed. The technique first constructs a basis matrix by embedding an LWE instance. At this stage, Kannan's and Bai-Galbraith's embeddings are believed to be the most efficient approaches for the standard and the binary LWE with secret vectors in Znq and {0,1}ⁿ, respectively. Indeed, both methods work well with sufficiently many LWE samples. After the embedding phase, solving the unique shortest vector problem (uSVP) in the lattice spanned by the basis matrix results in solving the LWE. Recently, there are several lattice-based schemes whose secret vectors have special distributions, e.g., small elements and / or sparse vectors, have been proposed to realize efficient implementations. In this paper, to capture such settings and more, we study the LWE problem in a general setting. We analyze the LWE problem whose secret vectors are sampled from arbitrary distributions. Furthermore, we also study the problem when the number of samples is restricted. We believe that our work provides more general understanding of the hardness of LWE. Moreover, we propose a half-twisted embedding that contains the existing two embedding methods as special cases. This proposal enables us to analyze the hardness of LWE in a generic manner and sometimes provides improved attacks. |
書誌レコードID |
|
|
収録物識別子タイプ |
NCID |
|
収録物識別子 |
AA12628305 |
書誌情報 |
研究報告セキュリティ心理学とトラスト(SPT)
巻 2018-SPT-29,
号 56,
p. 1-8,
発行日 2018-07-18
|
ISSN |
|
|
収録物識別子タイプ |
ISSN |
|
収録物識別子 |
2188-8671 |
Notice |
|
|
|
SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc. |
出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |