Cryptology ePrint Archive: Report 2014/494
Hardness of k-LWE and Applications in Traitor Tracing
San Ling and Duong Hieu Phan and Damien Stehle and Ron Steinfeld
Abstract: We introduce the k-LWE problem, a Learning With Errors variant of the
k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to "untrusted" parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling
family are quite general that they may have applications in other areas.
Category / Keywords:
Original Publication (with major differences): IACR-CRYPTO-2014
Date: received 21 Jun 2014, last revised 5 Aug 2015
Contact author: damien stehle at gmail com
Available format(s): PDF | BibTeX Citation
Note: Simplified and improved the reduction from LWE to k-LWE
Version: 20190217:224315 (All versions of this report)
Short URL: ia.cr/2014/494
[ Cryptology ePrint archive ]