Results 1 -
9 of
9
Lattice Decoding Attacks on Binary LWE
"... Abstract. We consider the binary-LWE problem, which is the learn-ing with errors problem when the entries of the secret vector are chosen from {0, 1} or {−1, 0, 1} (and the error vector is sampled from a discrete Gaussian distribution). Our main result is an improved lattice decod-ing algorithm for ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract. We consider the binary-LWE problem, which is the learn-ing with errors problem when the entries of the secret vector are chosen from {0, 1} or {−1, 0, 1} (and the error vector is sampled from a discrete Gaussian distribution). Our main result is an improved lattice decod-ing algorithm for binary-LWE which first translates the problem to the inhomogeneous short integer solution (ISIS) problem, and then solves the closest vector problem using a re-scaling of the lattice. We also dis-cuss modulus switching as an approach to the problem. Our conclusion is that binary-LWE is easier than general LWE. We give experimental results and theoretical estimates that can be used to choose parameters for binary-LWE to achieve certain security levels.
MIMO Detection by Lagrangian Dual Maximum-Likelihood Relaxation: Reinterpreting Regularized Lattice Decoding
, 2013
"... This paper considers lattice decoding for multi-input multi-output (MIMO) detection under PAM constellations. A key aspect of lattice decoding is that it relaxes the symbol bound constraints in the optimal maximum-likelihood (ML) detector for faster implementations. It is known that such a symbol bo ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
This paper considers lattice decoding for multi-input multi-output (MIMO) detection under PAM constellations. A key aspect of lattice decoding is that it relaxes the symbol bound constraints in the optimal maximum-likelihood (ML) detector for faster implementations. It is known that such a symbol bound relaxation may lead to a damaging effect on the system performance. For this reason, regularization was proposed to mitigate the out-of-bound symbol effects in lattice decoding. However, minimum mean square error (MMSE) regularization is the only method of choice for regularization in the present literature. We propose a systematic regularization optimization approach by considering a Lagrangian dual relaxation (LDR) of the ML detection problem. As it turns out, the proposed LDR formulation is to find the best diagonally regularized lattice decoder to approximate the ML detector, and all diagonal regularizations, including the MMSE regularization, can be subsumed under the LDR formalism. We show that for the 2-PAM case, strong duality holds between the LDR and ML problems. Also, for general PAM, we prove that the LDR problem yields a duality gap no worse than that of the well-known semidefinite relaxation method. To physically realize the proposed LDR, the projected subgradient method is employed to handle the LDR problem so that the best regularization can be
New Transference Theorems on Lattices Possessing n ɛ-unique Shortest Vectors
"... Abstract. We prove three optimal transference theorems on lattices possessing n ɛ-unique shortest vectors which relate to the successive minima, the covering radius and the minimal length of generating vectors respectively. The theorems result in reductions between GapSVPγ ′ and GapSIVPγ for this cl ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract. We prove three optimal transference theorems on lattices possessing n ɛ-unique shortest vectors which relate to the successive minima, the covering radius and the minimal length of generating vectors respectively. The theorems result in reductions between GapSVPγ ′ and GapSIVPγ for this class of lattices. Furthermore, we prove a new transference theorem giving an optimal lower bound relating the successive minima of a lattice with its dual. As an application, we compare the respective advantages of current upper bounds on the smoothing parameter of discrete Gaussian measures over lattices and show a more appropriate bound for lattices whose duals possess √ n-unique shortest vectors.
Shortest lattice vectors in the presence of gaps
, 2012
"... Given a lattice L with the i-th successive minimum λi, its i-th gap λi often provides useful λ1 information for analyzing the security of cryptographic scheme related to L. This paper concerns short vectors for lattices with gaps. In the first part, a λ2-gap estimation of LWE lattices with cryptogr ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Given a lattice L with the i-th successive minimum λi, its i-th gap λi often provides useful λ1 information for analyzing the security of cryptographic scheme related to L. This paper concerns short vectors for lattices with gaps. In the first part, a λ2-gap estimation of LWE lattices with cryptographic significance is given. For some γ ′ , a better reduction from BDDγ ′ to uSV Pγ is obtained in the presence of larger λ2-gap. The second part of the paper shows that gaps among the successive minima lead to a more efficient SVP search algorithm. As far as we know, it is the first SVP algorithm exploiting lattices with gaps.
On the concrete hardness of Learning with Errors
"... Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Abstract. The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources required to run them. We consider both generic instances of LWE as well as small secret variants. Since for several methods of solving LWE we require a lattice reduction step, we also review lattice reduction algorithms and propose a refined model for estimating their running times. We also give concrete estimates for various families of LWE instances, provide a Sage module for computing these estimates and highlight gaps in the knowledge about algorithms for solving the Learning with Errors problem. 1
MIMO Detection for High Order QAM by Canonical Dual Approach
"... We develop a canonical dual approach for solving the MIMO problem. First, a special linear transformation is introduced to reformulate the original problem into a {−1, 1} constrained quadratic programming problem. Then, we derive a canonical dual problem which is piecewise continuous problem with n ..."
Abstract
- Add to MetaCart
(Show Context)
We develop a canonical dual approach for solving the MIMO problem. First, a special linear transformation is introduced to reformulate the original problem into a {−1, 1} constrained quadratic programming problem. Then, we derive a canonical dual problem which is piecewise continuous problem with no duality gap. Under certain conditions, the canonical problem becomes a concave maximization dual problem over a convex feasible domain. By getting the stationary point of the canonical dual problem, we can find either an optimal or approximate solution of the original problem. A gradient decent algorithm is proposed to solve the MIMO problem and simulation results are provided to demonstrate the effectiveness of the method.
Algorithms, Certification, and CryptographyTable of contents
"... 6.2.1. Mixed-precision fused multiply-and-add 11 6.2.2. Multiplication by rational constants versus division by a constant 11 6.2.3. Floating-point exponentiation on FPGA 11 6.2.4. Arithmetic around the bit heap 11 6.2.5. Improving computing architectures 11 ..."
Abstract
- Add to MetaCart
(Show Context)
6.2.1. Mixed-precision fused multiply-and-add 11 6.2.2. Multiplication by rational constants versus division by a constant 11 6.2.3. Floating-point exponentiation on FPGA 11 6.2.4. Arithmetic around the bit heap 11 6.2.5. Improving computing architectures 11
Cryptology
"... 3.2. Function evaluation 3 3.2.1. Towards automatic design of function programs or circuits 3 3.2.2. Mathematical tools for function evaluation 3 3.2.2.1. Challenges in function approximation 3 ..."
Abstract
- Add to MetaCart
(Show Context)
3.2. Function evaluation 3 3.2.1. Towards automatic design of function programs or circuits 3 3.2.2. Mathematical tools for function evaluation 3 3.2.2.1. Challenges in function approximation 3
