Paper 2015/483

Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance

Shi Bai and Adeline Langlois and Tancrëde Lepoint and Amin Sakzad and Damien Stehle and Ron Steinfeld

Abstract

The Rényi divergence is a measure of closeness of two probability distributions. We show that it can often be used as an alternative to the statistical distance in security proofs for lattice-based cryptography. Using the Rényi divergence is particularly suited for security proofs of primitives in which the attacker is required to solve a search problem (e.g., forging a signature). We show that it may also be used in the case of distinguishing problems (e.g., semantic security of encryption schemes), when they enjoy a public sampleability property. The techniques lead to security proofs for schemes with smaller parameters, and sometimes to simpler security proofs than the existing ones.

Note: Added a correction to our claims in a previous version regarding the first dimension-preserving reduction for LWR: we have recently become aware that [BGM+16] already gave a dimension-preserving reduction for prime modulus q. Our reduction works for composite q.