Ring-LWE in Polynomial Rings

11 years 2 months ago
Ring-LWE in Polynomial Rings
Abstract. The Ring-LWE problem, introduced by Lyubashevsky, Peikert, and Regev (Eurocrypt 2010), has been steadily finding many uses in numerous cryptographic applications. Still, the Ring-LWE problem defined in [LPR10] involves the fractional ideal R∨ , the dual of the ring R, which is the source of many theoretical and implementation technicalities. Until now, getting rid of R∨ , required some relatively complex transformation that substantially increase the magnitude of the error polynomial and the practical complexity to sample it. It is only for rings R = Z[X]/(Xn + 1) where n a power of 2, that this transformation is simple and benign. In this work we show that by applying a different, and much simpler transformation, one can transfer the results from [LPR10] into an “easyto-use” Ring-LWE setting (i.e. without the dual ring R∨ ), with only a very slight increase in the magnitude of the noise coefficients. Additionally, we show that creating the correct noise distribu...
Léo Ducas, Alain Durmus
Added 29 Sep 2012
Updated 29 Sep 2012
Type Journal
Year 2012
Where PKC
Authors Léo Ducas, Alain Durmus
Comments (0)