Sciweavers

TCC
2012
Springer

Subspace LWE

12 years 7 months ago
Subspace LWE
The (decisional) learning with errors problem (LWE) asks to distinguish “noisy” inner products of a secret vector with random vectors from uniform. In recent years, the LWE problem has found many applications in cryptography. In this paper we introduce (seemingly) much stronger adaptive assumptions, called “subspace LWE” (SLWE), where the adversary can learn the inner product of the secret and random vectors after they were projected into an adaptively and adversarially chosen subspace. We prove that SLWE mapping into subspaces of dimension d is almost as hard as LWE using secrets of length d. We discuss some applications of the new subspace LWE problem to related-key attacks and to cryptosystems using weak random sources. In subsequent work the main result from this paper was used to construct new cryptosystems like efficient MACs whose security can be reduced to the LPN problem (LPN is LWE over a field of size 2.)
Krzysztof Pietrzak
Added 25 Apr 2012
Updated 25 Apr 2012
Type Journal
Year 2012
Where TCC
Authors Krzysztof Pietrzak
Comments (0)