Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions

  • Daniele Micciancio
  • Petros Mol
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)


We study the pseudorandomness of bounded knapsack functions over arbitrary finite abelian groups. Previous works consider only specific families of finite abelian groups and 0-1 coefficients. The main technical contribution of our work is a new, general theorem that provides sufficient conditions under which pseudorandomness of bounded knapsack functions follows directly from their one-wayness. Our results generalize and substantially extend previous work of Impagliazzo and Naor (J. Cryptology 1996).

As an application of the new theorem, we give sample preserving search-to-decision reductions for the Learning With Errors (LWE) problem, introduced by (Regev, STOC 2005) and widely used in lattice-based cryptography. Concretely, we show that, for a wide range of parameters, m LWE samples can be proved indistinguishable from random just under the hypothesis that search LWE is a one-way function for the same number m of samples.


Success Probability Knapsack Problem Function Family Vector Group Input Distribution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient Lattice (H)IBE in the Standard Model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Agrawal, S., Boneh, D., Boyen, X.: Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 98–115. Springer, Heidelberg (2010)Google Scholar
  3. 3.
    Akavia, A.: Learning Noisy Characters, Multiplication Codes and Hardcore Predicates. PhD thesis. MIT (February 2008)Google Scholar
  4. 4.
    Akavia, A., Goldwasser, S., Safra, S.: Proving Hard-Core Predicates Using List Decoding. In: FOCS, pp. 146–157 (2003)Google Scholar
  5. 5.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous Hardcore Bits and Cryptography against Memory Attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: ICALP (2011),
  8. 8.
    Blum, A., Furst, M.L., Jackson, J.C., Kearns, M.J., Mansour, Y., Rudich, S.: Weakly Learning DNF and Characterizing Statistical Query Learning using Fourier Analysis. In: STOC, pp. 253–262 (1994)Google Scholar
  9. 9.
    Blum, A., Furst, M.L., Kearns, M. J., Lipton, R.J.: Cryptographic Primitives Based on Hard Learning Problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai Trees, or How to Delegate a Lattice Basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Goldwasser, S., Tauman Kalai, Y., Peikert, C., Vaikuntanathan, V.: Public-Key Encryption Schemes with Auxiliary Inputs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 361–381. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Gentry, C., Halevi, S., Vaikuntanathan, V.: A Simple BGN-Type Cryptosystem from LWE. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 506–522. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for Hard Lattices and New Cryptographic Constructions. In: STOC, pp. 197–206. ACM, New York (2008)Google Scholar
  15. 15.
    Goldreich, O., Levin, L.A.: A Hard-Core Predicate for All One-Way Functions. In: STOC, pp. 25–32 (1989)Google Scholar
  16. 16.
    Goldwasser, S., Kalai, Y.T., Peikert, C., Vaikuntanathan, V.: Robustness of the Learning with Errors Assumption. In: ICS (2010)Google Scholar
  17. 17.
    Impagliazzo, R., Zuckerman, D.: How to Recycle Random Bits. In: FOCS, pp. 248–253. IEEE Computer Society, Washington, DC, USA (1989)Google Scholar
  18. 18.
    Impagliazzo, R., Naor, M.: Efficient Cryptographic Schemes Provably as Secure as Subset Sum. J. Cryptology 9(4), 199–216 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  19. 19.
    Katz, J., Shin, J.S., Smith, A.: Parallel and Concurrent Security of the HB and HB +  Protocols. J. Cryptology 23(3), 402–421 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Kawachi, A., Tanaka, K., Xagawa, K.: Multi-bit cryptosystems based on lattice problems. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 315–329. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Kushilevitz, E., Mansour, Y.: Learning Decision Trees Using the Fourier Sprectrum. In: STOC, pp. 455–464 (1991)Google Scholar
  22. 22.
    Lindner, R., Peikert, C.: Better Key Sizes (and Attacks) for LWE-Based Encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Micciancio, D.: Duality in Lattice Based Cryptography. In: Public Key Cryptography (2010) (invited talk)Google Scholar
  26. 26.
    Micciancio, D., Regev, O.: Lattice-Based Cryptography. In: Post Quantum Cryptography, pp. 147–191. Springer Publishing Company, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Mossel, E., O’Donnell, R., Servedio, R.A.: Learning Juntas. In: STOC, pp. 206–212 (2003)Google Scholar
  28. 28.
    Peikert, C.: Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem. In: STOC, pp. 333–342. ACM, New York (2009)CrossRefGoogle Scholar
  29. 29.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A Framework for Efficient and Composable Oblivious Transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  30. 30.
    Peikert, C., Waters, B.: Lossy Trapdoor Functions and Their Applications. In: STOC, pp. 187–196. ACM, New York (2008)Google Scholar
  31. 31.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. Journal of ACM 56(6), 34 (2009); Preliminary version in STOC 2005MathSciNetCrossRefGoogle Scholar
  32. 32.
    Regev, O.: The Learning with Errors Problem (Invited Survey). In: IEEE Conference on Computational Complexity, pp. 191–204 (2010)Google Scholar
  33. 33.
    Rückert, M., Schneider, M.: Estimating the Security of Lattice-based Cryptosystems. Technical Report 2010/137, IACR ePrint archive (2010)Google Scholar
  34. 34.
    Stefankovic, D.: Fourier Transform in Computer Science. Master’s thesis, University of Chicago (October 2000)Google Scholar
  35. 35.
    Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient Public Key Encryption Based on Ideal Lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Daniele Micciancio
    • 1
  • Petros Mol
    • 1
  1. 1.Department of Computer Science & EngineeringUniversity of CaliforniaSan DiegoUSA

Personalised recommendations