You are looking at a specific version 20190513:204421 of this paper. See the latest version.

Paper 2019/183

Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm

Katherine E. Stange

Abstract

We provide a reduction of the Ring-LWE problem to Ring-LWE problems in subrings, in the presence of samples of a restricted form (i.e. (a,b) such that a is restricted to a multiplicative coset of the subring). To create and exploit such restricted samples, we propose Ring-BKW, a version of the Blum-Kalai-Wasserman algorithm which respects the ring structure. Off-the-shelf BKW dimension reduction (including coded-BKW and sieving) can be used for the reduction phase. Its primary advantage is that there is no need for back-substitution, and the solving/hypothesis-testing phase can be parallelized. There is also the opportunity to exploit symmetry to reduce table sizes. The results apply to two-power cyclotomic Ring-LWE with parameters proposed for practical use (including all splitting types).

Note: Completely rewritten for simplicity and correctness.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
ring learning with errorslearning with errorsRing-LWEBKWBlum-Kalai-Wassermancyclotomic
Contact author(s)
kstange @ math colorado edu
History
2020-07-10: last of 2 revisions
2019-02-26: received
See all versions
Short URL
https://ia.cr/2019/183
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.