On Lattices, Learning with Errors, Random Linear Codes, and Cryptography.
Saved in:
| Title: | On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. |
|---|---|
| Authors: | REGEV, ODED |
| Source: | Journal of the ACM; Sep2009, Vol. 56 Issue 6, p34-34:40, 40p, 1 Diagram, 4 Graphs |
| Subject Terms: | LATTICE theory, ERRORS, CRYPTOGRAPHY, PUBLIC key cryptography, ALGORITHMS, MATHEMATICAL models |
| Abstract: | Our main result is a reduction from worst-case lattice problems such as GAPSVP and SIVP to a certain learning problem. This learning problem is a natural extension of the "learning from parity with error" problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for GAPSVP and SIVP. A main open question is whether this reduction can be made classical (i.e., nonquantum). We also present a (classical) public-key cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worst-case quantum hardness of GAPSVP and SIVP. The new cryptosystem is much more efficient than previous latticebased cryptosystems: the public key is of size Õ(n²) and encrypting a message increases its size by a factor of Õ(n) (in previous cryptosystems these values are Õ(n4) and Õ(n²), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n²), the size of the public key can be reduced to Õ(n). [ABSTRACT FROM AUTHOR] |
| Copyright of Journal of the ACM is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!