Relating Different Polynomial-LWE Problems

  • Madalina BolboceanuEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


In this paper we focus on Polynomial Learning with Errors (PLWE). This problem is parametrized by a polynomial and we are interested in relating the hardness of the \(\text {PLWE}^f\) and \(\text {PLWE}^h\) problems for different polynomials f and h. More precisely, our main result shows that for a fixed monic polynomial f, \(\text {PLWE}^{f\circ g}\) is at least as hard as than \(\text {PLWE}^f\), in both search and decision variants, for any monic polynomial g. As a consequence, \(\text {PLWE}^{\phi _n}\) is harder than \(\text {PLWE}^{f},\) for a minimal polynomial f of an algebraic integer from the cyclotomic field \(\mathbb {Q}(\zeta _n)\) with specific properties.


Lattice-based cryptography LWE PLWE 



We thank Miruna Rosca and Radu Titiu for helpful discussions. Finally, we thank the anonymous reviewers for comments.


  1. [ABB10]
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). Scholar
  2. [ADPS16]
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: USENIX, pp. 327–343 (2016)Google Scholar
  3. [BGV11]
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. Cryptology ePrint Archive, Report 2011/277 (2011)Google Scholar
  4. [BP14]
    Banerjee, A., Peikert, C.: New and improved key-homomorphic pseudorandom functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 353–370. Springer, Heidelberg (2014). Scholar
  5. [BV11]
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). Scholar
  6. [CDPR16]
    Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016). Scholar
  7. [CDW17]
    Cramer, R., Ducas, L., Wesolowski, B.: Short stickelberger class relations and application to ideal-SVP. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 324–348. Springer, Cham (2017). Scholar
  8. [CLS15]
    Chen, H., Lauter, K., Stange, K.E.: Attacks on search RLWE. SIAM J. Appl. Algebra Geom. (SIAGA) (2015, to appear)Google Scholar
  9. [EHL14]
    Eisenträger, K., Hallgren, S., Lauter, K.: Weak instances of PLWE. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 183–194. Springer, Cham (2014). Scholar
  10. [Gen09]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of STOC, pp. 169–178. ACM (2009)Google Scholar
  11. [GHPS12]
    Gentry, C., Halevi, S., Peikert, C., Smart, N.P.: Ring switching in BGV-style homomorphic encryption. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 19–37. Springer, Heidelberg (2012). Scholar
  12. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. Cryptology ePrint Archive, Report 2013/340 (2013).
  13. [GVW15]
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. Cryptology ePrint Archive, Report 2015/029 (2015).
  14. [LPR10]
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. JACM 60(6), 43 (2010, 2013)MathSciNetCrossRefGoogle Scholar
  15. [LPR13]
    Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35–54. Springer, Heidelberg (2013). Scholar
  16. [PRSD17]
    Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: STOC (2017)Google Scholar
  17. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of STOC, pp. 84–93 (2005)Google Scholar
  18. [RSSS17]
    Roşca, M., Sakzad, A., Stehlé, D., Steinfeld, R.: Middle-product learning with errors. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 283–297. Springer, Cham (2017). Scholar
  19. [RSW18]
    Rosca, M., Stehlé, D., Wallet, A.: On the ring-LWE and polynomial-LWE problems. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 146–173. Springer, Cham (2018). Scholar
  20. [SE94]
    Schnorr, C.-P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)MathSciNetCrossRefGoogle Scholar
  21. [SSTX09]
    Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). Scholar
  22. [SSZ17]
    Steinfeld, R., Sakzad, A., Zhao, R.K.: Proposal for a NIST post-quantum public-key encryption and KEM standard (2017).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.BitdefenderBucharestRomania

Personalised recommendations