### Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples

Nina Bindel, Johannes Buchmann, Florian Göpfert, and Markus Schmidt

##### Abstract

The Learning with Errors problem (LWE) is one of the most important hardness assumptions lattice-based constructions base their security on. Recently, Albrecht et al. (Journal of Mathematical Cryptology, 2015) presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.

Available format(s)
Publication info
Preprint.
Keywords
lattice-based cryptographylearning with errors problemLWEpost-quantum cryptography
Contact author(s)
nbindel @ cdc informatik tu-darmstadt de
History
2017-07-09: revised
See all versions
Short URL
https://ia.cr/2017/140

CC BY

BibTeX

@misc{cryptoeprint:2017/140,
author = {Nina Bindel and Johannes Buchmann and Florian Göpfert and Markus Schmidt},
title = {Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples},
howpublished = {Cryptology ePrint Archive, Paper 2017/140},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/140}},
url = {https://eprint.iacr.org/2017/140}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.