Subfield Algorithms for Ideal- and Module-SVP Based on the Decomposition Group

05/07/2021
by   Christian Porter, et al.
0

Whilst lattice-based cryptosystems are believed to be resistant to quantum attack, they are often forced to pay for that security with inefficiencies in implementation. This problem is overcome by ring- and module-based schemes such as Ring-LWE or Module-LWE, whose keysize can be reduced by exploiting its algebraic structure, allowing for neater and faster computations. Many rings may be chosen to define such cryptoschemes, but cyclotomic rings, due to their cyclic nature allowing for easy multiplication, are the community standard. However, there is still much uncertainty as to whether this structure may be exploited to an adversary's benefit. In this paper, we show that the decomposition group of a cyclotomic ring of arbitrary conductor may be utilised in order to significantly decrease the dimension of the ideal (or module) lattice required to solve a given instance of SVP. Moreover, we show that there exist a large number of rational primes for which, if the prime ideal factors of an ideal lie over primes of this form, give rise to an "easy" instance of SVP. However, it is important to note that this work does not break Ring-LWE or Module-LWE, since the security reduction is from worst case ideal or module SVP to average case Ring-LWE or Module-LWE respectively, and is one way.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

04/21/2020

On the ideal shortest vector problem over random rational primes

Any ideal in a number field can be factored into a product of prime idea...
08/04/2020

Non-Commutative Ring Learning With Errors From Cyclic Algebras

The Learning with Errors (LWE) problem is the fundamental backbone of mo...
06/30/2020

ON THE ANDERSON-BADAWI ωR[X](I[X]) = ωR(I) CONJECTURE

Let R be a commutative ring with an identity different from zero and n ...
12/25/2021

Cyclic Lattices, Ideal Lattices and Bounds for the Smoothing Parameter

Cyclic lattices and ideal lattices were introduced by Micciancio in <cit...
10/06/2018

Cryptanalysis of the DHDP and EGDP protocols over E_p^(m)

In this paper we break the protocol based on the Diffie-Hellman Decompos...
12/28/2021

A Generalization of Cyclic Code and Applications to Public Key Cryptosystems

In this paper, we define and discuss ϕ-cyclic code, which may be regarde...
11/12/2021

Reduction Theory of Algebraic Modules and their Successive Minima

Lattices defined as modules over algebraic rings or orders have garnered...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.