Oded Regev scite author profile

Oded Regev

4Publications

4,214Citation Statements Received

53Citation Statements Given

How they've been cited

3,942

4,176

How they cite others

Affiliations

New York University, Tel Aviv University, Technion – Israel Institute of Technology

Publications

Order By: Most citations

On lattices, learning with errors, random linear codes, and cryptography

Regev

2005

2,040

2,073

View full text Add to dashboard Cite

Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the 'learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical.Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based publickey cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of sizeÕ(n 2 ) and encrypting a message increases its size byÕ(n) (in previous cryptosystems these values areÕ(n 4 ) andÕ(n 2 ), respectively). In fact, under the assumption that all parties share a random bit string of lengthÕ(n 2 ), the size of the public key can be reduced toÕ(n).

show abstract

On Ideal Lattices and Learning with Errors over Rings

Lyubashevsky

Peikert

Regev

2013

J. ACM

710

774

View full text Add to dashboard Cite

The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives). We resolve this question in the affirmative by introducing an algebraic variant of LWE called ring-LWE , and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms. Applications include the first truly practical lattice-based public-key cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ring-LWE.

show abstract

Thermal equilibria of accretion disks

Abramowicz¹,

Chen²,

Katō³

et al. 1995

ApJ

673

663

View full text Add to dashboard Cite

show abstract

Adiabatic Quantum Computation is Equivalent to Standard Quantum Computation

Aharonov¹,

Dam²,

Kempe³

et al. 2007

SIAM J. Comput.

519

666

View full text Add to dashboard Cite

Adiabatic quantum computation has recently attracted attention in the physics and computer science communities, but its computational power was unknown. We describe an efficient adiabatic simulation of any given quantum algorithm, which implies that the adiabatic computation model and the conventional quantum computation model are polynomially equivalent. Our result can be extended to the physically realistic setting of particles arranged on a two-dimensional grid with nearest neighbor interactions. The equivalence between the models provides a new vantage point from which to tackle the central issues in quantum computation, namely designing new quantum algorithms and constructing fault tolerant quantum computers. In particular, by translating the main open questions in the area of quantum algorithms to the language of spectral gaps of sparse matrices, the result makes these questions accessible to a wider scientific audience, acquainted with mathematical physics, expander theory and rapidly mixing Markov chains.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Oded Regev

On lattices, learning with errors, random linear codes, and cryptography

On Ideal Lattices and Learning with Errors over Rings

Thermal equilibria of accretion disks

Adiabatic Quantum Computation is Equivalent to Standard Quantum Computation

Contact Info

Product

Resources

About