@MISC{04onlattices,, author = {}, title = {On Lattices, Learning with Errors,Random Linear Codes, and Cryptography}, year = {2004} }

Share

OpenURL

Abstract

Abstract Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certainlearning problem. This learning problem is a natural extension of the `learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code.This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP andSIVP. A main open question is whether this reduction can be made classical. Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystemis much more efficient than previous cryptosystems: the public key is of size ~ O(n2) and encryptinga message increases its size by ~ O(n) (in previous cryptosystems these values are ~O(n4) and ~O(n2),respectively). 1 Introduction Main theorem. Let n be some integer and let "> = 0 be some real. Consider the `learning from parity witherror ' problem, defined as follows: find s 2 Zn2 given a list of `equations with errors'