Results 1 
9 of
9
Lattice Decoding Attacks on Binary LWE
"... Abstract. We consider the binaryLWE problem, which is the learning with errors problem when the entries of the secret vector are chosen from {0, 1} or {−1, 0, 1} (and the error vector is sampled from a discrete Gaussian distribution). Our main result is an improved lattice decoding algorithm for ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the binaryLWE problem, which is the learning with errors problem when the entries of the secret vector are chosen from {0, 1} or {−1, 0, 1} (and the error vector is sampled from a discrete Gaussian distribution). Our main result is an improved lattice decoding algorithm for binaryLWE which first translates the problem to the inhomogeneous short integer solution (ISIS) problem, and then solves the closest vector problem using a rescaling of the lattice. We also discuss modulus switching as an approach to the problem. Our conclusion is that binaryLWE is easier than general LWE. We give experimental results and theoretical estimates that can be used to choose parameters for binaryLWE to achieve certain security levels.
MIMO Detection by Lagrangian Dual MaximumLikelihood Relaxation: Reinterpreting Regularized Lattice Decoding
, 2013
"... This paper considers lattice decoding for multiinput multioutput (MIMO) detection under PAM constellations. A key aspect of lattice decoding is that it relaxes the symbol bound constraints in the optimal maximumlikelihood (ML) detector for faster implementations. It is known that such a symbol bo ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper considers lattice decoding for multiinput multioutput (MIMO) detection under PAM constellations. A key aspect of lattice decoding is that it relaxes the symbol bound constraints in the optimal maximumlikelihood (ML) detector for faster implementations. It is known that such a symbol bound relaxation may lead to a damaging effect on the system performance. For this reason, regularization was proposed to mitigate the outofbound symbol effects in lattice decoding. However, minimum mean square error (MMSE) regularization is the only method of choice for regularization in the present literature. We propose a systematic regularization optimization approach by considering a Lagrangian dual relaxation (LDR) of the ML detection problem. As it turns out, the proposed LDR formulation is to find the best diagonally regularized lattice decoder to approximate the ML detector, and all diagonal regularizations, including the MMSE regularization, can be subsumed under the LDR formalism. We show that for the 2PAM case, strong duality holds between the LDR and ML problems. Also, for general PAM, we prove that the LDR problem yields a duality gap no worse than that of the wellknown semidefinite relaxation method. To physically realize the proposed LDR, the projected subgradient method is employed to handle the LDR problem so that the best regularization can be
New Transference Theorems on Lattices Possessing n ɛunique Shortest Vectors
"... Abstract. We prove three optimal transference theorems on lattices possessing n ɛunique shortest vectors which relate to the successive minima, the covering radius and the minimal length of generating vectors respectively. The theorems result in reductions between GapSVPγ ′ and GapSIVPγ for this cl ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We prove three optimal transference theorems on lattices possessing n ɛunique shortest vectors which relate to the successive minima, the covering radius and the minimal length of generating vectors respectively. The theorems result in reductions between GapSVPγ ′ and GapSIVPγ for this class of lattices. Furthermore, we prove a new transference theorem giving an optimal lower bound relating the successive minima of a lattice with its dual. As an application, we compare the respective advantages of current upper bounds on the smoothing parameter of discrete Gaussian measures over lattices and show a more appropriate bound for lattices whose duals possess √ nunique shortest vectors.
Shortest lattice vectors in the presence of gaps
, 2012
"... Given a lattice L with the ith successive minimum λi, its ith gap λi often provides useful λ1 information for analyzing the security of cryptographic scheme related to L. This paper concerns short vectors for lattices with gaps. In the first part, a λ2gap estimation of LWE lattices with cryptogr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Given a lattice L with the ith successive minimum λi, its ith gap λi often provides useful λ1 information for analyzing the security of cryptographic scheme related to L. This paper concerns short vectors for lattices with gaps. In the first part, a λ2gap estimation of LWE lattices with cryptographic significance is given. For some γ ′ , a better reduction from BDDγ ′ to uSV Pγ is obtained in the presence of larger λ2gap. The second part of the paper shows that gaps among the successive minima lead to a more efficient SVP search algorithm. As far as we know, it is the first SVP algorithm exploiting lattices with gaps.
On the concrete hardness of Learning with Errors
"... Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources required to run them. We consider both generic instances of LWE as well as small secret variants. Since for several methods of solving LWE we require a lattice reduction step, we also review lattice reduction algorithms and propose a refined model for estimating their running times. We also give concrete estimates for various families of LWE instances, provide a Sage module for computing these estimates and highlight gaps in the knowledge about algorithms for solving the Learning with Errors problem. 1
MIMO Detection for High Order QAM by Canonical Dual Approach
"... We develop a canonical dual approach for solving the MIMO problem. First, a special linear transformation is introduced to reformulate the original problem into a {−1, 1} constrained quadratic programming problem. Then, we derive a canonical dual problem which is piecewise continuous problem with n ..."
Abstract
 Add to MetaCart
(Show Context)
We develop a canonical dual approach for solving the MIMO problem. First, a special linear transformation is introduced to reformulate the original problem into a {−1, 1} constrained quadratic programming problem. Then, we derive a canonical dual problem which is piecewise continuous problem with no duality gap. Under certain conditions, the canonical problem becomes a concave maximization dual problem over a convex feasible domain. By getting the stationary point of the canonical dual problem, we can find either an optimal or approximate solution of the original problem. A gradient decent algorithm is proposed to solve the MIMO problem and simulation results are provided to demonstrate the effectiveness of the method.
Algorithms, Certification, and CryptographyTable of contents
"... 6.2.1. Mixedprecision fused multiplyandadd 11 6.2.2. Multiplication by rational constants versus division by a constant 11 6.2.3. Floatingpoint exponentiation on FPGA 11 6.2.4. Arithmetic around the bit heap 11 6.2.5. Improving computing architectures 11 ..."
Abstract
 Add to MetaCart
(Show Context)
6.2.1. Mixedprecision fused multiplyandadd 11 6.2.2. Multiplication by rational constants versus division by a constant 11 6.2.3. Floatingpoint exponentiation on FPGA 11 6.2.4. Arithmetic around the bit heap 11 6.2.5. Improving computing architectures 11
Cryptology
"... 3.2. Function evaluation 3 3.2.1. Towards automatic design of function programs or circuits 3 3.2.2. Mathematical tools for function evaluation 3 3.2.2.1. Challenges in function approximation 3 ..."
Abstract
 Add to MetaCart
(Show Context)
3.2. Function evaluation 3 3.2.1. Towards automatic design of function programs or circuits 3 3.2.2. Mathematical tools for function evaluation 3 3.2.2.1. Challenges in function approximation 3