## Cryptology ePrint Archive: Report 2017/140

Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples

Nina Bindel and Johannes Buchmann and Florian Göpfert and Markus Schmidt

Abstract: The Learning with Errors problem (LWE) is one of the most important hardness assumptions lattice-based constructions base their security on. Recently, Albrecht et al. (Journal of Mathematical Cryptology, 2015) presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.

Category / Keywords: lattice-based cryptography, learning with errors problem, LWE, post-quantum cryptography

Date: received 15 Feb 2017, last revised 9 Jul 2017

Contact author: nbindel at cdc informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/140

[ Cryptology ePrint archive ]