On the Sample Complexity of solving LWE using BKW-Style Algorithms

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

Abstract

The Learning with Errors (LWE) problem receives much attention in cryptography, mainly due to its fundamental significance in post-quantum cryptography. Among its solving algorithms, the Blum-Kalai-Wasserman (BKW) algorithm, originally proposed for solving the Learning Parity with Noise (LPN) problem, performs well, especially for certain parameter settings with cryptographic importance. The BKW algorithm consists of two phases, the reduction phase and the solving phase.

In this work, we study the performance of distinguishers used in the solving phase. We show that the Fast Fourier Transform (FFT) distinguisher from Eurocrypt'15 has the same sample complexity as the optimal distinguisher, when making the same number of hypotheses. We also show that it performs much better than theory predicts and introduce an improvement of it called the pruned FFT distinguisher. Finally, we indicate, via extensive experiments, that the sample dependency due to both LF2 and sample amplification is limited.
Original languageEnglish
Title of host publicationIEEE International Symposium on Information Theory (ISIT)
PublisherIEEE - Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)978-1-5386-8209-8
ISBN (Print)978-1-5386-8210-4
DOIs
Publication statusPublished - 2021
Event2021 IEEE International Symposium on Information Theory - Melbourne, Australia
Duration: 2021 Jul 122021 Jul 20
https://2021.ieee-isit.org/

Conference

Conference2021 IEEE International Symposium on Information Theory
Abbreviated titleISIT
Country/TerritoryAustralia
CityMelbourne
Period2021/07/122021/07/20
Internet address

Subject classification (UKÄ)

  • Other Electrical Engineering, Electronic Engineering, Information Engineering

Fingerprint

Dive into the research topics of 'On the Sample Complexity of solving LWE using BKW-Style Algorithms'. Together they form a unique fingerprint.

Cite this