Non-Commutative Ring Learning With Errors From Cyclic Algebras

by   Charles Grover, et al.

The Learning with Errors (LWE) problem is the fundamental backbone of modern lattice based cryptography, allowing one to establish cryptography on the hardness of well-studied computational problems. However, schemes based on LWE are often impractical, so Ring LWE was introduced as a form of `structured' LWE, trading off a hard to quantify loss of security for an increase in efficiency by working over a well chosen ring. Another popular variant, Module LWE, generalizes this exchange by implementing a module structure over a ring. In this work, we introduce a novel variant of LWE over cyclic algebras (CLWE) to replicate the addition of the ring structure taking LWE to Ring LWE by adding cyclic structure to Module LWE. The proposed construction is both more efficient than Module LWE and conjecturally more secure than Ring LWE, the best of both worlds. We show that the security reductions expected for an LWE problem hold, namely a reduction from certain structured lattice problems to the hardness of the decision variant of the CLWE problem. As a contribution of theoretic interest, we view CLWE as the first variant of Ring LWE which supports non-commutative multiplication operations. This ring structure compares favorably with Module LWE, and naturally allows a larger message space for error correction coding.


page 1

page 2

page 3

page 4


On Codes and Learning With Errors over Function Fields

It is a long standing open problem to find search to decision reductions...

Subfield Algorithms for Ideal- and Module-SVP Based on the Decomposition Group

Whilst lattice-based cryptosystems are believed to be resistant to quant...

Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm

We provide several reductions of Ring-LWE problems to smaller Ring-LWE p...

Ring Learning With Errors: A crossroads between postquantum cryptography, machine learning and number theory

The present survey reports on the state of the art of the different cryp...

The supersingular Endomorphism Ring and One Endomorphism problems are equivalent

The supersingular Endomorphism Ring problem is the following: given a su...

The supersingular isogeny path and endomorphism ring problems are equivalent

We prove that the path-finding problem in ℓ-isogeny graphs and the endom...

The Polynomial Learning With Errors Problem and the Smearing Condition

As quantum computing advances rapidly, guaranteeing the security of cryp...

Please sign up or login with your details

Forgot password? Click here to reset