Skip to main content

A Trace Map Attack Against Special Ring-LWE Samples

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12835))

Included in the following conference series:

  • 472 Accesses

Abstract

The learning with errors (LWE) problem is one of the hard problems supporting the security of modern lattice-based cryptography. Ring-LWE is the analog of LWE over the ring of integers of a cyclotomic field, and it has provided efficient cryptosystems. In this paper, we give cryptanalysis against ring-LWE using the trace map over the ring of integers of a cyclotomic field, without using any reduction to other structured lattice problems. Since it maps to a ring of a smaller degree, a trace map attack is expected to be able to decrease the hardness of ring-LWE. However, the trace map does not necessarily transform ring-LWE samples to samples over the smaller ring with a common secret. We give a sufficient and necessary condition on a pair of ring-LWE samples for which the trace map attack is applicable. We call such a pair of samples special. We demonstrate how efficiently the trace map attack can solve ring-LWE when a special pair of samples is given. Specifically, we compare blocksizes of the Blockwise Korkine-Zolotarev (BKZ) algorithm required for solving ring-LWE in the trace map attack and a standard attack. Moreover, we discuss the (in)feasibility of the trace map attack for random ring-LWE samples to evaluate how the trace map attack can give a threat against ring-LWE-based cryptosystems on a practical side.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ajtai, M.: Generating hard instances of lattice problems. In: Symposium on Theory of Computing (STOC 1996), pp. 99–108. ACM (1996)

    Google Scholar 

  2. Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_6

    Chapter  Google Scholar 

  3. Albrecht, M.R.: Estimate all the LWE, NTRU schemes!. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_19

    Chapter  Google Scholar 

  4. Albrecht, M.R., Deo, A.: Large modulus ring-LWE \(\ge \) module-LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 267–296. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_10

    Chapter  Google Scholar 

  5. Albrecht, M.R., Fitzpatrick, R., Göpfert, F.: On the efficacy of solving LWE by reduction to unique-SVP. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 293–310. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12160-4_18

    Chapter  Google Scholar 

  6. Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_11

    Chapter  Google Scholar 

  7. Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)

    Article  MathSciNet  Google Scholar 

  8. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange: a new hope. In: 25th USENIX Security Symposium, pp. 327–343 (2016)

    Google Scholar 

  9. Bai, S., Miller, S., Wen, W.: A refined analysis of the cost for solving LWE via uSVP. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 181–205. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_10

    Chapter  Google Scholar 

  10. Boudgoust, K., Jeudy, C., Roux-Langlois, A., Wen, W.: Towards classical hardness of module-LWE: The linear rank case. IACR ePrint Archive: Report 2020/1020 (2020)

    Google Scholar 

  11. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theor. (TOCT) 6(3), 1–36 (2014)

    Article  MathSciNet  Google Scholar 

  12. Bremner, M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011)

    Google Scholar 

  13. Chen, Y.: Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Ph.D. thesis, Paris 7 (2013)

    Google Scholar 

  14. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  15. Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(A), 255–266 (2016)

    Google Scholar 

  16. Developers, T.S.: Sagemath (2016). https://www.sagemath.org/

  17. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3

    Chapter  Google Scholar 

  18. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868

    Chapter  Google Scholar 

  19. Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_9

    Chapter  MATH  Google Scholar 

  20. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)

    Article  MathSciNet  Google Scholar 

  21. Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565–599 (2014). https://doi.org/10.1007/s10623-014-9938-4

    Article  MathSciNet  MATH  Google Scholar 

  22. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  Google Scholar 

  23. López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Symposium on Theory of Computing (STOC 2012), pp. 1219–1234. ACM (2012)

    Google Scholar 

  24. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  25. Micciancio, D., Goldwasser, S.: Complexity of lattice problems: A cryptographic perspective, vol. 671. Springer Science & Business Media (2012)

    Google Scholar 

  26. Micciancio, D., Regev, O.: Lattice-based cryptography. In: Post-Quantum Cryptography, pp. 147–191 (2009)

    Google Scholar 

  27. Moody, D., et al.: NISTIR 8309: Status report on the second round of the NIST Post-Quantum Cryptography standardization process (2020). https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf

  28. Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: The LLL Algorithm, pp. 19–69. Springer (2009). https://doi.org/10.1007/978-3-642-02295-1_2

  29. Peikert, C.: How (Not) to instantiate ring-LWE. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 411–430. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44618-9_22

    Chapter  Google Scholar 

  30. Peikert, C., Pepin, Z.: Algebraically structured LWE, revisited. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 1–23. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_1

    Chapter  Google Scholar 

  31. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Symposium on Theory of Computing (STOC 2005), pp. 84–93. ACM (2005)

    Google Scholar 

  32. Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)

    Article  MathSciNet  Google Scholar 

  33. The National Institute of Standards and Technology (NIST): Post-quantum cryptography. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization

  34. Wang, Y., Wang, M.: Module-LWE versus ring-LWE, revisited. IACR ePrint Archive: Report 2019/930 (2019)

    Google Scholar 

  35. Washington, L.C.: Introduction to cyclotomic fields, vol. 83. Springer Science & Business Media (1997). https://doi.org/10.1007/978-1-4612-1934-7

  36. Yasuda, M.: A survey of solving SVP algorithms and recent strategies for solving the SVP challenge. In: Takagi, T., Wakayama, M., Tanaka, K., Kunihiro, N., Kimoto, K., Ikematsu, Y. (eds.) International Symposium on Mathematics, Quantum Theory, and Cryptography. MI, vol. 33, pp. 189–207. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-5191-8_15

    Chapter  Google Scholar 

  37. Yu, Y., Ducas, L.: Second order statistical behavior of LLL and BKZ. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 3–22. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_1

    Chapter  Google Scholar 

Download references

Acknowledgments

This work was supported by JSPS KAKENHI Grant Numbers JP19K20266 and JP20H04142, Japan.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Masaya Yasuda .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ikematsu, Y., Nakamura, S., Yasuda, M. (2021). A Trace Map Attack Against Special Ring-LWE Samples. In: Nakanishi, T., Nojima, R. (eds) Advances in Information and Computer Security. IWSEC 2021. Lecture Notes in Computer Science(), vol 12835. Springer, Cham. https://doi.org/10.1007/978-3-030-85987-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85987-9_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85986-2

  • Online ISBN: 978-3-030-85987-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics