On the Hardness of Module-LWE with Binary Secret

Katharina Boudgoust; Corentin Jeudy; Adeline Roux-Langlois; Weiqiang Wen

doi:10.1007/978-3-030-75539-3_21

On the Hardness of Module-LWE with Binary Secret

Katharina Boudgoust, Corentin Jeudy, Adeline Roux-Langlois, Weiqiang Wen

IRISA

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We prove that the Module Learning With Errors (M - LWE ) problem with binary secrets and rank d is at least as hard as the standard version of M - LWE with uniform secret and rank k, where the rank increases from k to d≥ (k+ 1 ) log ₂q+ ω(log ₂n), and the Gaussian noise from α to β=α·Θ(n2d), where n is the ring degree and q the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of md in the Gaussian noise, where m is the number of given M - LWE samples, when q fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. The proof applies to cyclotomic fields, but most results hold for a larger class of number fields, and may be of independent interest.

Original language	English
Title of host publication	Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings
Editors	Kenneth G. Paterson
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	503-526
Number of pages	24
ISBN (Print)	9783030755386
DOIs	https://doi.org/10.1007/978-3-030-75539-3_21
Publication status	Published - 1 Jan 2021
Externally published	Yes
Event	Cryptographer's Track at the RSA Conference, CT-RSA 2021 - Virtual, Online Duration: 17 May 2021 → 20 May 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12704 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Cryptographer's Track at the RSA Conference, CT-RSA 2021
City	Virtual, Online
Period	17/05/21 → 20/05/21

Keywords

Binary secret
Lattice-based cryptography
Module learning with errors

Access to Document

10.1007/978-3-030-75539-3_21

Cite this

Boudgoust, K., Jeudy, C., Roux-Langlois, A., & Wen, W. (2021). On the Hardness of Module-LWE with Binary Secret. In K. G. Paterson (Ed.), Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings (pp. 503-526). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12704 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-75539-3_21

Boudgoust, Katharina ; Jeudy, Corentin ; Roux-Langlois, Adeline et al. / On the Hardness of Module-LWE with Binary Secret. Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings. editor / Kenneth G. Paterson. Springer Science and Business Media Deutschland GmbH, 2021. pp. 503-526 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5d8d3436122247e39a989a4786426353,

title = "On the Hardness of Module-LWE with Binary Secret",

abstract = "We prove that the Module Learning With Errors (M - LWE ) problem with binary secrets and rank d is at least as hard as the standard version of M - LWE with uniform secret and rank k, where the rank increases from k to d≥ (k+ 1 ) log 2q+ ω(log 2n), and the Gaussian noise from α to β=α·Θ(n2d), where n is the ring degree and q the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of md in the Gaussian noise, where m is the number of given M - LWE samples, when q fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. The proof applies to cyclotomic fields, but most results hold for a larger class of number fields, and may be of independent interest.",

keywords = "Binary secret, Lattice-based cryptography, Module learning with errors",

author = "Katharina Boudgoust and Corentin Jeudy and Adeline Roux-Langlois and Weiqiang Wen",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; Cryptographer's Track at the RSA Conference, CT-RSA 2021 ; Conference date: 17-05-2021 Through 20-05-2021",

year = "2021",

month = jan,

day = "1",

doi = "10.1007/978-3-030-75539-3\_21",

language = "English",

isbn = "9783030755386",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "503--526",

editor = "Paterson, \{Kenneth G.\}",

booktitle = "Topics in Cryptology-CT-RSA 2021 - Cryptographers{\textquoteright} Track at the RSA Conference, Proceedings",

}

Boudgoust, K, Jeudy, C, Roux-Langlois, A & Wen, W 2021, On the Hardness of Module-LWE with Binary Secret. in KG Paterson (ed.), Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12704 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 503-526, Cryptographer's Track at the RSA Conference, CT-RSA 2021, Virtual, Online, 17/05/21. https://doi.org/10.1007/978-3-030-75539-3_21

On the Hardness of Module-LWE with Binary Secret. / Boudgoust, Katharina; Jeudy, Corentin; Roux-Langlois, Adeline et al.
Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings. ed. / Kenneth G. Paterson. Springer Science and Business Media Deutschland GmbH, 2021. p. 503-526 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12704 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the Hardness of Module-LWE with Binary Secret

AU - Boudgoust, Katharina

AU - Jeudy, Corentin

AU - Roux-Langlois, Adeline

AU - Wen, Weiqiang

PY - 2021/1/1

Y1 - 2021/1/1

N2 - We prove that the Module Learning With Errors (M - LWE ) problem with binary secrets and rank d is at least as hard as the standard version of M - LWE with uniform secret and rank k, where the rank increases from k to d≥ (k+ 1 ) log 2q+ ω(log 2n), and the Gaussian noise from α to β=α·Θ(n2d), where n is the ring degree and q the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of md in the Gaussian noise, where m is the number of given M - LWE samples, when q fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. The proof applies to cyclotomic fields, but most results hold for a larger class of number fields, and may be of independent interest.

AB - We prove that the Module Learning With Errors (M - LWE ) problem with binary secrets and rank d is at least as hard as the standard version of M - LWE with uniform secret and rank k, where the rank increases from k to d≥ (k+ 1 ) log 2q+ ω(log 2n), and the Gaussian noise from α to β=α·Θ(n2d), where n is the ring degree and q the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of md in the Gaussian noise, where m is the number of given M - LWE samples, when q fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. The proof applies to cyclotomic fields, but most results hold for a larger class of number fields, and may be of independent interest.

KW - Binary secret

KW - Lattice-based cryptography

KW - Module learning with errors

U2 - 10.1007/978-3-030-75539-3_21

DO - 10.1007/978-3-030-75539-3_21

M3 - Conference contribution

AN - SCOPUS:85111007868

SN - 9783030755386

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 503

EP - 526

BT - Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings

A2 - Paterson, Kenneth G.

PB - Springer Science and Business Media Deutschland GmbH

T2 - Cryptographer's Track at the RSA Conference, CT-RSA 2021

Y2 - 17 May 2021 through 20 May 2021

ER -

Boudgoust K, Jeudy C, Roux-Langlois A, Wen W. On the Hardness of Module-LWE with Binary Secret. In Paterson KG, editor, Topics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 503-526. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-75539-3_21