Cryptographic primitives based on hard learning problems
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A course in computational algebraic number theory
A course in computational algebraic number theory
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Lattices that admit logarithmic worst-case to average-case connection factors
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Worst-Case to Average-Case Reductions Based on Gaussian Measures
SIAM Journal on Computing
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions
Computational Complexity
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
A Framework for Efficient and Composable Oblivious Transfer
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract
Proceedings of the forty-first annual ACM symposium on Theory of computing
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient Public Key Encryption Based on Ideal Lattices
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Lattice-based identification schemes secure under active attacks
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Asymptotically efficient lattice-based digital signatures
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Generalized compact knapsacks are collision resistant
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Bonsai trees, or how to delegate a lattice basis
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices
TCC'06 Proceedings of the Third conference on Theory of Cryptography
An efficient and parallel Gaussian sampler for lattices
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Toward basing fully homomorphic encryption on worst-case hardness
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Generic constructions for verifiably encrypted signatures without random oracles or NIZKs
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Better key sizes (and attacks) for LWE-based encryption
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Making NTRU as secure as worst-case problems over ideal lattices
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Implementing Gentry's fully-homomorphic encryption scheme
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Homomorphic signatures for polynomial functions
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
The geometry of lattice cryptography
Foundations of security analysis and design VI
Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Generalized learning problems and applications to non-commutative cryptography
ProvSec'11 Proceedings of the 5th international conference on Provable security
Can homomorphic encryption be practical?
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
(Leveled) fully homomorphic encryption without bootstrapping
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Bonsai trees, or how to delegate a lattice basis
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Functional encryption for inner product predicates from learning with errors
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A new lattice-based public-key cryptosystem mixed with a knapsack
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Cryptography from learning parity with noise
SOFSEM'12 Proceedings of the 38th international conference on Current Trends in Theory and Practice of Computer Science
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
Fully homomorphic encryption with polylog overhead
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Multiparty computation with low communication, computation and interaction via threshold FHE
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Tightly-Secure signatures from lossy identification schemes
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Trapdoors for lattices: simpler, tighter, faster, smaller
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Pseudorandom functions and lattices
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Lattice signatures without trapdoors
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Polly cracker, revisited, revisited
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
NTRUCCA: how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Strongly secure authenticated key exchange from factoring, codes, and lattices
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Towards an interpreter for efficient encrypted computation
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Lapin: an efficient authentication protocol based on Ring-LPN
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
On the design of hardware building blocks for modern lattice-based encryption schemes
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Practical lattice-based cryptography: a signature scheme for embedded systems
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Ring switching in BGV-Style homomorphic encryption
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
A ciphertext policy attribute-based encryption scheme without pairings
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Faster gaussian lattice sampling using lazy floating-point arithmetic
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Succinct non-interactive arguments via linear interactive proofs
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Anonymous lattice-based broadcast encryption
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
ML confidential: machine learning on encrypted data
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Classical hardness of learning with errors
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Secure pattern matching using somewhat homomorphic encryption
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Efficient Linear Homomorphic Encryption from LWE Over Rings
Wireless Personal Communications: An International Journal
Field switching in BGV-style homomorphic encryption
Journal of Computer Security - Advances in Security for Communication Networks
| Hi-index | 0.00 |
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives). We resolve this question in the affirmative by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms. Applications include the first truly practical lattice-based public-key cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ring-LWE. Finally, the algebraic structure of ring-LWE might lead to new cryptographic applications previously not known to be based on LWE.