Abstract
Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the 'learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical.Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n2) and encrypting a message increases its size by Õ(n)(in previous cryptosystems these values are Õ(n4) and Õ(n2), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n2), the size of the public key can be reduced to Õ(n).
Keywords
Learning with errorsLattice problemCryptosystemLattice-based cryptographyPost-quantum cryptographyEncryptionKey sizePublic-key cryptographyCryptographyDecoding methodsTheoretical computer scienceDiscrete mathematicsComputer scienceLattice (music)MathematicsReduction (mathematics)Quantum cryptographyArithmeticQuantumAlgorithmQuantum informationQuantum mechanicsComputer security
Affiliated Institutions
Related Publications
Improved cryptographic hash functions with worst-case/average-case connection
(MATH) We define a new family of collision resistant hash functions whose security is based on the worst case hardness of approximating the covering radius of a lattice within a...
Reducing elliptic curve logarithms to logarithms in a finite field
Elliptic curve cryptosystems have the potential to provide relatively small block size, high-security public key schemes that can be efficiently implemented. As with other known...
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two import...
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two import...
Complexity-Theoretic Foundations of Quantum Supremacy Experiments
In the near future, there will likely be special-purpose quantum computers with 40-50 high-quality qubits. This paper lays general theoretical foundations for how to use such de...
Publication Info
- Year
- 2005
- Type
- article
- Citations
- 2169
- Access
- Closed
External Links
Social Impact
Altmetric
PlumX Metrics
Social media, news, blog, policy document mentions
Citation Metrics
2169
OpenAlex
Cite This
Oded Regev
(2005).
On lattices, learning with errors, random linear codes, and cryptography.
.
https://doi.org/10.1145/1060590.1060603
Identifiers
- DOI
- 10.1145/1060590.1060603