Lossy Codes and a New Variant of the Learning-With-Errors Problem

Döttling, Nico; Müller-Quade, Jörn

doi:10.1007/978-3-642-38348-9_2

Cited by 38 publications

(56 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our construction uses private randomness, which is allowed in the fuzzy extractor setting but not in noiseless randomness extraction. Second, the code used is a random linear code, which allows us to use the Learning with Errors (LWE) assumption due to Regev [Reg05,Reg10] and derive a longer key r. Specifically, we use the recent result of Döttling and Müller-Quade [DMQ13], which shows the hardness of decoding random linear codes when the error vector comes from the uniform distribution, with each coordinate ranging over a small interval. This allows us to use w as the error vector, assuming it is uniform.…”

Section: Our Negative Resultsmentioning

confidence: 99%

Computational Fuzzy Extractors

Fuller

Meng

Reyzin

2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Fuzzy extractors derive strong keys from noisy sources. Their security is defined informationtheoretically, which limits the length of the derived key, sometimes making it too short to be useful. We ask whether it is possible to obtain longer keys by considering computational security, and show the following.• Negative Result: Noise tolerance in fuzzy extractors is usually achieved using an information reconciliation component called a "secure sketch." The security of this component, which directly affects the length of the resulting key, is subject to lower bounds from coding theory. We show that, even when defined computationally, secure sketches are still subject to lower bounds from coding theory. Specifically, we consider two computational relaxations of the information-theoretic security requirement of secure sketches, using conditional HILL entropy and unpredictability entropy. For both cases we show that computational secure sketches cannot outperform the best information-theoretic secure sketches in the case of high-entropy Hamming metric sources.• Positive Result: We show that the negative result can be overcome by analyzing computational fuzzy extractors directly. Namely, we show how to build a computational fuzzy extractor whose output key length equals the entropy of the source (this is impossible in the information-theoretic setting). Our construction is based on the hardness of the Learning with Errors (LWE) problem, and is secure when the noisy source is uniform or symbol-fixing (that is, each dimension is either uniform or fixed). As part of the security proof, we show a result of independent interest, namely that the decision version of LWE is secure even when a small number of dimensions has no error.

show abstract

Section: Our Negative Resultsmentioning

confidence: 99%

Computational Fuzzy Extractors

Fuller

Meng

Reyzin

2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

show abstract

“…Beside the use of a similar high level lossyness argument, the technical details of the proof are quite different, and the results are different as well. Just like our work, [11] proves hardness for uniformly distributed errors, and requires the number of m of samples to be fixed in advance. However, [11] requires the noise bound to be bigger than √ n (in fact, at least m √ n, where m is the number of samples,) while in our work the errors can be smaller than √ n, or even binary.…”

Section: Techniques and Comparison To Related Workmentioning

confidence: 90%

“…Just like our work, [11] proves hardness for uniformly distributed errors, and requires the number of m of samples to be fixed in advance. However, [11] requires the noise bound to be bigger than √ n (in fact, at least m √ n, where m is the number of samples,) while in our work the errors can be smaller than √ n, or even binary. On the other hand, when the magnitude of the errors is large √ nm √ n, [11] allows the number of samples m = n O (1) to be an arbitrary large polynomial, while here we require it to be linear m = Θ(n).…”

Section: Techniques and Comparison To Related Workmentioning

confidence: 90%

“…In a recent and independent work Döttling and Müller-Quade [11] also used a lossyness argument to prove new hardness results for LWE. Beside the use of a similar high level lossyness argument, the technical details of the proof are quite different, and the results are different as well.…”

Section: Techniques and Comparison To Related Workmentioning

confidence: 99%

“…On the other hand, when the magnitude of the errors is large √ nm √ n, [11] allows the number of samples m = n O (1) to be an arbitrary large polynomial, while here we require it to be linear m = Θ(n). Another (more technical) difference between the two results is that our proof is based on a fairly general counting argument that allows error distributions that are uniform over arbitrary sets (of short vectors), while [11] only applies to uniform distributions over more structured sets, e.g., all vectors within a regularly shaped convex region of space.…”

Section: Techniques and Comparison To Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Hardness of SIS and LWE with Small Parameters

Micciancio

Peikert

2013

Lecture Notes in Computer Science

213

138

View full text Add to dashboard Cite

Abstract. The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in latticebased cryptography, and are provably as hard as approximate lattice problems in the worst case. An important question from both a practical and theoretical perspective is how small their parameters can be made, while preserving their hardness.We prove two main results on SIS and LWE with small parameters. For SIS, we show that the problem retains its hardness for moduli q ≥ β · n δ for any constant δ > 0, where β is the bound on the Euclidean norm of the solution. This improves upon prior results which required q > β · √ n log n, and is close to optimal since the problem is trivially easy for q ≤ β. For LWE, we show that it remains hard even when the errors are small (e.g., uniformly random from {0, 1}), provided that the number of samples is small enough (e.g., linear in the dimension n of the LWE secret). Prior results required the errors to have magnitude at least √ n and to come from a Gaussian-like distribution.

show abstract

Obfuscation for multi‐use re‐encryption and its application in cloud computing

Cheng

Zhang

2014

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYWith the rapid development of cloud computing, more and more data are being centralized into cloud server for sharing. It is a challenge problem on how to keep them both private and accessible. Re-encryption function is a useful tool to fulfill secure cloud computing. Cloud data owners store their encrypted data on the cloud server. When other cloud users want to share the cloud data, cloud server can re-encrypt the encrypted data for them. So data on the cloud server can be both accessible and private. Secure obfuscation for reencryption function can hide all the private information in the re-encryption function, so the obfuscated program can be directly outsourced to cloud server without leaking anything about the computation task. In this paper, we study on secure obfuscation for three kinds of new re-encryption functions: multi-use re-encryption, conditional re-encryption with keyword search, and broadcast re-encryption. We utilize the obfuscated results as tools to fulfill secure cloud computing. Cloud-computing schemes based on obfuscation have better security compared with other tools.

show abstract

Lossy Codes and a New Variant of the Learning-With-Errors Problem

Cited by 38 publications

References 23 publications

Computational Fuzzy Extractors

Computational Fuzzy Extractors

Hardness of SIS and LWE with Small Parameters

Obfuscation for multi‐use re‐encryption and its application in cloud computing

Contact Info

Product

Resources

About