Towards Classical Hardness of Module-LWE: The Linear Rank Case

Katharina Boudgoust; Corentin Jeudy; Adeline Roux-Langlois; Weiqiang Wen

doi:10.1007/978-3-030-64834-3_10

Towards Classical Hardness of Module-LWE: The Linear Rank Case

Katharina Boudgoust, Corentin Jeudy, Adeline Roux-Langlois, Weiqiang Wen

IRISA

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We prove that the module learning with errors (M - LWE ) problem with arbitrary polynomial-sized modulus p is classically at least as hard as standard worst-case lattice problems, as long as the module rank d is not smaller than the number field degree n. Previous publications only showed the hardness under quantum reductions. We achieve this result in an analogous manner as in the case of the learning with errors (LWE ) problem. First, we show the classical hardness of M - LWE with an exponential-sized modulus. In a second step, we prove the hardness of M - LWE using a binary secret. And finally, we provide a modulus reduction technique. The complete result applies to the class of power-of-two cyclotomic fields. However, several tools hold for more general classes of number fields and may be of independent interest.

Original language	English
Title of host publication	Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
Editors	Shiho Moriai, Huaxiong Wang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	289-317
Number of pages	29
ISBN (Print)	9783030648336
DOIs	https://doi.org/10.1007/978-3-030-64834-3_10
Publication status	Published - 1 Jan 2020
Externally published	Yes
Event	26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020 - Daejeon, Korea, Republic of Duration: 7 Dec 2020 → 11 Dec 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12492 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020
Country/Territory	Korea, Republic of
City	Daejeon
Period	7/12/20 → 11/12/20

Keywords

Binary secret
Classical hardness
Lattice-based cryptography
Module learning with errors

Access to Document

10.1007/978-3-030-64834-3_10

Cite this

Boudgoust, K., Jeudy, C., Roux-Langlois, A., & Wen, W. (2020). Towards Classical Hardness of Module-LWE: The Linear Rank Case. In S. Moriai, & H. Wang (Eds.), Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings (pp. 289-317). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12492 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-64834-3_10

Boudgoust, Katharina ; Jeudy, Corentin ; Roux-Langlois, Adeline et al. / Towards Classical Hardness of Module-LWE : The Linear Rank Case. Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. editor / Shiho Moriai ; Huaxiong Wang. Springer Science and Business Media Deutschland GmbH, 2020. pp. 289-317 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{94b44b03c265419b93aac160150b816c,

title = "Towards Classical Hardness of Module-LWE: The Linear Rank Case",

abstract = "We prove that the module learning with errors (M - LWE ) problem with arbitrary polynomial-sized modulus p is classically at least as hard as standard worst-case lattice problems, as long as the module rank d is not smaller than the number field degree n. Previous publications only showed the hardness under quantum reductions. We achieve this result in an analogous manner as in the case of the learning with errors (LWE ) problem. First, we show the classical hardness of M - LWE with an exponential-sized modulus. In a second step, we prove the hardness of M - LWE using a binary secret. And finally, we provide a modulus reduction technique. The complete result applies to the class of power-of-two cyclotomic fields. However, several tools hold for more general classes of number fields and may be of independent interest.",

keywords = "Binary secret, Classical hardness, Lattice-based cryptography, Module learning with errors",

author = "Katharina Boudgoust and Corentin Jeudy and Adeline Roux-Langlois and Weiqiang Wen",

note = "Publisher Copyright: {\textcopyright} 2020, International Association for Cryptologic Research.; 26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020 ; Conference date: 07-12-2020 Through 11-12-2020",

year = "2020",

month = jan,

day = "1",

doi = "10.1007/978-3-030-64834-3\_10",

language = "English",

isbn = "9783030648336",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "289--317",

editor = "Shiho Moriai and Huaxiong Wang",

booktitle = "Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings",

}

Boudgoust, K, Jeudy, C, Roux-Langlois, A & Wen, W 2020, Towards Classical Hardness of Module-LWE: The Linear Rank Case. in S Moriai & H Wang (eds), Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12492 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 289-317, 26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020, Daejeon, Korea, Republic of, 7/12/20. https://doi.org/10.1007/978-3-030-64834-3_10

Towards Classical Hardness of Module-LWE: The Linear Rank Case. / Boudgoust, Katharina; Jeudy, Corentin; Roux-Langlois, Adeline et al.
Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. ed. / Shiho Moriai; Huaxiong Wang. Springer Science and Business Media Deutschland GmbH, 2020. p. 289-317 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12492 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards Classical Hardness of Module-LWE

T2 - 26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020

AU - Boudgoust, Katharina

AU - Jeudy, Corentin

AU - Roux-Langlois, Adeline

AU - Wen, Weiqiang

PY - 2020/1/1

Y1 - 2020/1/1

N2 - We prove that the module learning with errors (M - LWE ) problem with arbitrary polynomial-sized modulus p is classically at least as hard as standard worst-case lattice problems, as long as the module rank d is not smaller than the number field degree n. Previous publications only showed the hardness under quantum reductions. We achieve this result in an analogous manner as in the case of the learning with errors (LWE ) problem. First, we show the classical hardness of M - LWE with an exponential-sized modulus. In a second step, we prove the hardness of M - LWE using a binary secret. And finally, we provide a modulus reduction technique. The complete result applies to the class of power-of-two cyclotomic fields. However, several tools hold for more general classes of number fields and may be of independent interest.

AB - We prove that the module learning with errors (M - LWE ) problem with arbitrary polynomial-sized modulus p is classically at least as hard as standard worst-case lattice problems, as long as the module rank d is not smaller than the number field degree n. Previous publications only showed the hardness under quantum reductions. We achieve this result in an analogous manner as in the case of the learning with errors (LWE ) problem. First, we show the classical hardness of M - LWE with an exponential-sized modulus. In a second step, we prove the hardness of M - LWE using a binary secret. And finally, we provide a modulus reduction technique. The complete result applies to the class of power-of-two cyclotomic fields. However, several tools hold for more general classes of number fields and may be of independent interest.

KW - Binary secret

KW - Classical hardness

KW - Lattice-based cryptography

KW - Module learning with errors

U2 - 10.1007/978-3-030-64834-3_10

DO - 10.1007/978-3-030-64834-3_10

M3 - Conference contribution

AN - SCOPUS:85097831946

SN - 9783030648336

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 289

EP - 317

BT - Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings

A2 - Moriai, Shiho

A2 - Wang, Huaxiong

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 7 December 2020 through 11 December 2020

ER -

Boudgoust K, Jeudy C, Roux-Langlois A, Wen W. Towards Classical Hardness of Module-LWE: The Linear Rank Case. In Moriai S, Wang H, editors, Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 289-317. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-64834-3_10