Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

On the Hardness of Module-LWE with Binary Secret

Abstract : We prove that the Module Learning With Errors $\mathrm {M\text {-}LWE}$ problem with binary secrets and rank $d$ is at least as hard as the standard version of $\mathrm {M\text {-}LWE}$ with uniform secret and rank $k$, where the rank increases from $d \ge (k+1)\log _2 q + \omega (\log _2 n)$, and the Gaussian noise from $\alpha$ to $\beta = \alpha \cdot \varTheta (n^2\sqrt{d})$, where $n$ is the ring degree and $q$ the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of $\sqrt{md}$ in the Gaussian noise, where $m$ is the number of given $\mathrm {M\text {-}LWE}$ samples, when $q$ fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. Theproof applies to cyclotomic fields, but most results hold for a larger classof number fields, and may be of independent interest.
Document type :
Conference papers
Complete list of metadata
Contributor : Katharina Boudgoust Connect in order to contact the contributor
Submitted on : Friday, June 18, 2021 - 8:41:38 AM
Last modification on : Monday, April 4, 2022 - 9:28:31 AM
Long-term archiving on: : Sunday, September 19, 2021 - 6:12:46 PM


Files produced by the author(s)



Katharina Boudgoust, Corentin Jeudy, Adeline Roux-Langlois, Weiqiang Wen. On the Hardness of Module-LWE with Binary Secret. Topics in Cryptology – CT-RSA 2021, Cryptographers’ Track at the RSA Conference 2021, May 2021, San Francisco, United States. pp.503-526, ⟨10.1007/978-3-030-75539-3_21⟩. ⟨hal-03264223⟩



Record views


Files downloads