Cryptology ePrint Archive: Report 2014/494

Hardness of k-LWE and Applications in Traitor Tracing

San Ling and Duong Hieu Phan and Damien Stehle and Ron Steinfeld

Abstract: We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to "untrusted" parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.

Category / Keywords:

Original Publication (with major differences): IACR-CRYPTO-2014

Date: received 21 Jun 2014, last revised 5 Aug 2015

Contact author: damien stehle at gmail com

Available format(s): PDF | BibTeX Citation

Note: Simplified and improved the reduction from LWE to k-LWE

Version: 20150805:092815 (All versions of this report)

Short URL: ia.cr/2014/494