Sciweavers

STOC
2005
ACM

On lattices, learning with errors, random linear codes, and cryptography

14 years 11 months ago
On lattices, learning with errors, random linear codes, and cryptography
Our main result is a reduction from worst-case lattice problems such as GAPSVP and SIVP to a certain learning problem. This learning problem is a natural extension of the `learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for GAPSVP and SIVP. A main open question is whether this reduction can be made classical (i.e., non-quantum). We also present a (classical) public-key cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worst-case quantum hardness of GAPSVP and SIVP. The new cryptosystem is much more efficient than previous lattice-based cryptosystems: the public key is of size ~O(n2 ) and encrypting a message increases its size...
Oded Regev
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2005
Where STOC
Authors Oded Regev
Comments (0)