The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in lattice-based cryptography, and are provably as hard as approximate lattice problems in the worst case. An important question from both a practical and theoretical perspective is how small their parameters can be made, while preserving their hardness. We prove two main results on SIS and LWE with small parameters. For SIS, we show that the problem retains its hardness for moduli q ≥ β·n δ for any constant δ > 0, where β is the bound on the Euclidean norm of the solution. This improves upon prior results which required q > β·√n log n, and is close to optimal since the problem is trivially easy for q ≤ β. For LWE, we show that it remains hard even when the errors are small (e.g., uniformly random from {0,1}), provided that the number of samples is small enough (e.g., linear in the dimension n of the LWE secret). Prior results required the errors to have magnitude at least √n and to come from a Gaussian-like distribution. © 2013 International Association for Cryptologic Research.
CITATION STYLE
Micciancio, D., & Peikert, C. (2013). Hardness of SIS and LWE with small parameters. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8042 LNCS, pp. 21–39). https://doi.org/10.1007/978-3-642-40041-4_2
Mendeley helps you to discover research relevant for your work.