Cryptology ePrint Archive: Report 2012/636
On the Complexity of the BKW Algorithm on LWE
Martin R. Albrecht and Carlos Cid and Jean-Charles Faugère and Robert Fitzpatrick and Ludovic Perret
Abstract: This work presents a study of the complexity of the Blum-Kalai-Wasserman (BKW) algorithm when applied to the Learning with Errors (LWE) problem, by providing refined estimates for the data and computational effort requirements for solving concrete instances of the LWE problem. We apply this refined analysis to suggested parameters for various LWE-based cryptographic schemes from the literature and compare with alternative approaches based on lattice reduction. As a result, we provide new upper bounds for the concrete hardness of these LWE-based schemes. Rather surprisingly, it appears that BKW algorithm outperforms known estimates for lattice reduction algorithms starting in dimension n ≈ 250 when LWE is reduced to SIS. However, this assumes access to an unbounded number of LWE samples.
Category / Keywords: BKW, LWE, Lattice-based Cryptography
Date: received 8 Nov 2012, last revised 12 Jul 2013
Contact author: robert fitzpatrick 2010 at live rhul ac uk
Available format(s): PDF | BibTeX Citation
Note: Final version - accepted to Designs, Codes and Cryptography. Mainly stylistic revisions.
Version: 20130712:110002 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]