Results 1 
5 of
5
Hardness of SIS and LWE with Small Parameters
, 2013
"... The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in latticebased cryptography, and are provably as hard as approximate lattice problems in the worst case. A important question from both a practical and theoretical perspective is ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
(Show Context)
The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in latticebased cryptography, and are provably as hard as approximate lattice problems in the worst case. A important question from both a practical and theoretical perspective is how small their parameters can be made, while preserving their hardness. We prove two main results on SIS and LWE with small parameters. For SIS, we show that the problem retains its hardness for moduli q ≥ β · n δ for any constant δ> 0, where β is the bound on the Euclidean norm of the solution. This improves upon prior results which required q ≥ β · √ n log n, and is essentially optimal since the problem is trivially easy for q ≤ β. For LWE, we show that it remains hard even when the errors are small (e.g., uniformly random from {0, 1}), provided that the number of samples is small enough (e.g., linear in the dimension n of the LWE secret). Prior results required the errors to have magnitude at least √ n and to come from a Gaussianlike distribution. 1
Functionprivate identitybased encryption: Hiding the function in functional encryption
 Advances in Cryptology – CRYPTO ’13. Available as Cryptology ePrint Archive, Report 2013/283
, 2013
"... We put forward a new notion, function privacy, in identitybased encryption and, more generally, in functional encryption. Intuitively, our notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. This is motivated b ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
We put forward a new notion, function privacy, in identitybased encryption and, more generally, in functional encryption. Intuitively, our notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. This is motivated by the need for providing predicate privacy in publickey searchable encryption. Formalizing such a notion, however, is not straightforward as given a decryption key it is always possible to learn some information on its corresponding identity by testing whether it correctly decrypts ciphertexts that are encrypted for specific identities. In light of such an inherent difficulty, any meaningful notion of function privacy must be based on the minimal assumption that, from the adversary’s point of view, identities that correspond to its given decryption keys are sampled from somewhat unpredictable distributions. We show that this assumption is in fact sufficient for obtaining a strong and realistic notion of function privacy. Loosely speaking, our framework requires that a decryption key corresponding to an identity sampled from any sufficiently unpredictable distribution is indistinguishable from a decryption key corresponding to an independently and uniformly sampled identity. Within our framework we develop an approach for designing functionprivate identitybased encryption schemes, leading to constructions that are based on standard assumptions in bilinear groups (DBDH, DLIN) and lattices (LWE). In addition to function privacy, our schemes are also anonymous, and thus yield the first publickey searchable encryption schemes that are provably
A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem
"... We use a variant of learning with errors (LWE) problem, a simple and direct extension of the original LWE problem to the case of a small secret, which we call a small LWE problem (SLWE), to build a new simple and provably secure key exchange scheme. The basic idea behind the construction can be view ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
We use a variant of learning with errors (LWE) problem, a simple and direct extension of the original LWE problem to the case of a small secret, which we call a small LWE problem (SLWE), to build a new simple and provably secure key exchange scheme. The basic idea behind the construction can be viewed as certain type of bilinear pairing with errors (PE). We build a more efficient implementation of our scheme using a similar LWE problem but solely based on matrices, and we extend our construction further using the ring LWE problem, where the provable security is based on the hardness of the ring LWE problem.
A Decade of Lattice Cryptography
, 2015
"... DARPA or the U.S. Government, or the Sloan Foundation. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright notation thereon. Latticebased cryptography is the use of conjectured hard problems on point lattices in Rn as the fo ..."
Abstract
 Add to MetaCart
DARPA or the U.S. Government, or the Sloan Foundation. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright notation thereon. Latticebased cryptography is the use of conjectured hard problems on point lattices in Rn as the foundation for secure cryptographic constructions. Attractive features of lattice cryptography include: apparent resistance to quantum attacks (in contrast with most numbertheoretic cryptography), high asymptotic efficiency and parallelism, security under worstcase intractability assumptions, and solutions to longstanding open problems in cryptography. This work surveys most of the major developments in lattice cryptography over the past ten years. The main focus is on the foundational short integer solution (SIS) and learning with errors (LWE) problems (and their more efficient ringbased variants), their provable hardness assuming the worstcase intractability of