Paper 2017/140
Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples
Nina Bindel, Johannes Buchmann, Florian Göpfert, and Markus Schmidt
Abstract
The Learning with Errors problem (LWE) is one of the most important hardness assumptions lattice-based constructions base their security on. Recently, Albrecht et al. (Journal of Mathematical Cryptology, 2015) presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint.
- Keywords
- lattice-based cryptographylearning with errors problemLWEpost-quantum cryptography
- Contact author(s)
- nbindel @ cdc informatik tu-darmstadt de
- History
- 2017-07-09: revised
- 2017-02-20: received
- See all versions
- Short URL
- https://ia.cr/2017/140
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/140,
author = {Nina Bindel and Johannes Buchmann and Florian Göpfert and Markus Schmidt},
title = {Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/140},
year = {2017},
url = {https://eprint.iacr.org/2017/140}
}
