Paper 2017/140

Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples

Nina Bindel, Johannes Buchmann, Florian Göpfert, and Markus Schmidt


The Learning with Errors problem (LWE) is one of the most important hardness assumptions lattice-based constructions base their security on. Recently, Albrecht et al. (Journal of Mathematical Cryptology, 2015) presented the software tool LWE-Estimator to estimate the hardness of concrete LWE instances, making the choice of parameters for lattice-based primitives easier and better comparable. To give lower bounds on the hardness it is assumed that each algorithm has given the corresponding optimal number of samples. However, this is not the case for many cryptographic applications. In this work we first analyze the hardness of LWE instances given a restricted number of samples. For this, we describe LWE solvers from the literature and estimate their runtime considering a limited number of samples. Based on our theoretical results we extend the LWE-Estimator. Furthermore, we evaluate LWE instances proposed for cryptographic schemes and show the impact of restricting the number of available samples.

Available format(s)
Publication info
lattice-based cryptographylearning with errors problemLWEpost-quantum cryptography
Contact author(s)
nbindel @ cdc informatik tu-darmstadt de
2017-07-09: revised
2017-02-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nina Bindel and Johannes Buchmann and Florian Göpfert and Markus Schmidt},
      title = {Estimation of the Hardness of the Learning with Errors Problem with a Restricted Number of Samples},
      howpublished = {Cryptology ePrint Archive, Paper 2017/140},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.