Cryptology ePrint Archive: Report 2020/1185

Lossiness and Entropic Hardness for Ring-LWE

Zvika Brakerski and Nico D�ttling

Abstract: The hardness of the Ring Learning with Errors problem (RLWE) is a central building block for efficiency-oriented lattice-based cryptography. Many applications use an ``entropic'' variant of the problem where the so-called ``secret'' is not distributed uniformly as prescribed but instead comes from some distribution with sufficient min-entropy. However, the hardness of the entropic variant has not been substantiated thus far.

For standard LWE (not over rings) entropic results are known, using a ``lossiness approach'' but it was not known how to adapt this approach to the ring setting. In this work we present the first such results, where entropic security is established either under RLWE or under the Decisional Small Polynomial Ratio (DSPR) assumption which is a mild variant of the NTRU assumption.

In the context of general entropic distributions, our results in the ring setting essentially match the known lower bounds (Bolboceanu et al., Asiacrypt 2019; Brakerski and D�ttling, Eurocrypt 2020).

Category / Keywords: foundations / Ring LWE, Entropic Hardness

Original Publication (with major differences): IACR-TCC-2020

Date: received 28 Sep 2020

Contact author: zvika brakerski at weizmann ac il

Available format(s): PDF | BibTeX Citation

Version: 20200930:074722 (All versions of this report)

Short URL: ia.cr/2020/1185

[ Cryptology ePrint archive ]