Abstract
The Module Learning With Errors problem (
) has gained popularity in recent years for its security-efficiency balance,and its hardness has been established for a number of variants. In this paper, we focus on proving the hardness of (search) 
for general secret distributions, provided they carry sufficient min-entropy. This is called entropic hardness of 
. First, we adapt the line of proof of Brakerski and Döttling on 
(TCC’20) to prove that the existence of certain distributions implies the entropic hardness of 
. Then, we provide one such distribution whose required properties rely on the hardness of the decisional Module-\(\textrm{NTRU}\) problem.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
As we use both the \(R_q\)-inverse and the K-inverse, we insist on differentiating them as \(\textbf{F}_q^{-1}\) and \(\textbf{F}^{-1}\) respectively.
- 2.
The (non-average) conditional min-entropy of \(\textbf{x}\) given \(\textbf{z}\) is denoted by \(H_\infty (\textbf{x}| \textbf{z})\) instead of \(\widetilde{H}_\infty (\textbf{x}| \textbf{z})\), and given by \(H_\infty (\textbf{x}| \textbf{z}) = -\log _2 \Big ( \max _{\textbf{z}' \in Z}\max _{\textbf{x}' \in X} \mathbb {P}[\textbf{x}= \textbf{x}' | \textbf{z}= \textbf{z}'] \Big )\).
- 3.
Note that at the time of writing, the paper by Lin et al. is only accessible on ePrint and has not yet been peer-reviewed.
References
Albrecht, M.R., Deo, A., Paterson, K.G.: Cold boot attacks on ring and module LWE keys under the NTT. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 173–213 (2018)
Bernstein, D. J., et al.: NTRU prime round-3 candidate to the NIST post-quantum cryptography standardisation project (2020)
Bos, J. W., et al.: CRYSTALS - kyber: a CCA-secure module-lattice-based KEM. In: Euro S and P, pp. 353–367. IEEE (2018)
Boudgoust, K., Jeudy, C., Roux-Langlois, A., Wen, W.: Towards classical hardness of module-LWE: the linear rank case. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 289–317. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_10
Boudgoust, K., Jeudy, C., Roux-Langlois, A., Wen, W.: On the hardness of module-LWE with binary secret. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 503–526. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75539-3_21
Boudgoust, K., Jeudy, C., Roux-Langlois, A., Wen, W.: Entropic hardness of module-LWE from module-NTRU. IACR Cryptol. ePrint Arch, p. 245 (2022)
Brakerski, Z., Döttling, N.: Hardness of LWE on general entropic distributions. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 551–575. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_19
Brakerski, Z., Döttling, N.: Lossiness and entropic hardness for ring-LWE. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 1–27. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64375-1_1
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. In: ITCS, pp. 309–325. ACM (2012)
Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: STOC, pp. 575–584. ACM (2013)
Chen, C., et al.: NTRU round-3 candidate to the NIST post-quantum cryptography standardisation project (2020)
Chuengsatiansup, C., Prest, T., Stehlé, D., Wallet, A., Xagawa, K.: Modfalcon: compact signatures based on module-NTRU lattices. In: AsiaCCS, pp. 853–866. ACM (2020)
Ducas, L., et al.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238–268 (2018)
Ducas, L., Micciancio, D.: Improved short lattice signatures in the standard model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 335–352. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_19
Ducas, L., van Woerden, W.: NTRU fatigue: how stretched is overstretched? In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 3–32. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_1
Goldwasser, S., Tauman Kalai, Y., Peikert, C., Vaikuntanathan, V.: Robustness of the learning with errors assumption. In: ICS, pp. 230–240. Tsinghua University Press (2010)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015)
Lin, H., Wang, Y., Wang, M.: Hardness of module-LWE and ring-LWE on general entropic distributions. IACR Cryptol. ePrint Arch, p. 1238 (2020)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Micciancio, D.: On the hardness of learning with errors with binary secrets. Theory Comput. 14(1), 1–17 (2018)
Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_41
Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)
Peikert, C.: Limits on the hardness of lattice problems in phl\({}_{\text{ php }}\) norms. Comput. Complex. 17(2), 300–351 (2008)
Peikert, C.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283–424 (2016)
Pellet-Mary, A., Stehlé, D.: On the hardness of the NTRU problem. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 3–35. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92062-3_1
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93. ACM (2005)
Rudelson, M., Vershynin, R.: The littlewood-offord problem and invertibility of random matrices. Adv. Math. 218, 600–633 (2008)
Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_36
von Neumann, J., Goldstine, H.H.: Numerical inverting of matrices of high order. Bull. Amer. Math. Soc. 53, 1021–1099 (1947)
Acknowledgments
This work was supported by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701), by the PEPR quantique France 2030 programme (ANR-22-PETQ-0008), and further supported by the Danish Independent Research Council under project number 0165-00107B (C3PO). We thank Alexandre Wallet and Damien Stehlé for helpful discussions. We also thank our anonymous referees of Eurocrypt 2022 and Indocrypt 2022 for their thorough proof reading and constructive feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Boudgoust, K., Jeudy, C., Roux-Langlois, A., Wen, W. (2022). Entropic Hardness of Module-LWE from Module-NTRU. In: Isobe, T., Sarkar, S. (eds) Progress in Cryptology – INDOCRYPT 2022. INDOCRYPT 2022. Lecture Notes in Computer Science, vol 13774. Springer, Cham. https://doi.org/10.1007/978-3-031-22912-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-22912-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22911-4
Online ISBN: 978-3-031-22912-1
eBook Packages: Computer ScienceComputer Science (R0)