A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Cryptographic primitives based on hard learning problems
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A course in computational algebraic number theory
A course in computational algebraic number theory
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Lattices that admit logarithmic worst-case to average-case connection factors
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Worst-Case to Average-Case Reductions Based on Gaussian Measures
SIAM Journal on Computing
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions
Computational Complexity
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
A Framework for Efficient and Composable Oblivious Transfer
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Computational Introduction to Number Theory and Algebra
A Computational Introduction to Number Theory and Algebra
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract
Proceedings of the forty-first annual ACM symposium on Theory of computing
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient Public Key Encryption Based on Ideal Lattices
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Lattice-based identification schemes secure under active attacks
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Asymptotically efficient lattice-based digital signatures
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Proceedings of the forty-second ACM symposium on Theory of computing
Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Better key sizes (and attacks) for LWE-based encryption
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Making NTRU as secure as worst-case problems over ideal lattices
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Efficient Fully Homomorphic Encryption from (Standard) LWE
FOCS '11 Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science
(Leveled) fully homomorphic encryption without bootstrapping
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Generalized compact knapsacks are collision resistant
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Bonsai trees, or how to delegate a lattice basis
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices
TCC'06 Proceedings of the Third conference on Theory of Cryptography
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
Trapdoors for lattices: simpler, tighter, faster, smaller
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Lattice signatures without trapdoors
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
New directions in cryptography
IEEE Transactions on Information Theory
Classical hardness of learning with errors
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Hi-index | 0.00 |
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives). We resolve this question in the affirmative by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms. Applications include the first truly practical lattice-based public-key cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ring-LWE.