LP Solutions of Vectorial Integer Subset Sums - Cryptanalysis of Galbraith's Binary Matrix LWE

@article{Herold2017LPSO,
  title={LP Solutions of Vectorial Integer Subset Sums - Cryptanalysis of Galbraith's Binary Matrix LWE},
  author={Gottfried Herold and Alexander May},
  journal={IACR Cryptol. ePrint Arch.},
  year={2017},
  volume={2018},
  pages={741}
}
We consider Galbraith’s space efficient LWE variant, where the \((m \times n)\)-matrix A is binary. In this binary case, solving a vectorial subset sum problem over the integers allows for decryption. We show how to solve this problem using (Integer) Linear Programming. Our attack requires only a fraction of a second for all instances in a regime for m that cannot be attacked by current lattice algorithms. E.g. we are able to solve 100 instances of Galbraith’s small LWE challenge \((n,m) = (256… 
Learning Plaintext in Galbraith's LWE Cryptosystem
TLDR
This work reports extensive experimental results on prediction accuracy and success probability as a function of number of bits removed in L, M and H within the output (based on LP relaxation) where the mis-prediction rates are low, medium or high respectively.
LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS
TLDR
The variant of Regev’s learning with errors (LWE) problem in which modular reduction is omitted is analyzed, and it is shown that the problem can be solved efficiently as long as the variance of e is not superpolynomially larger than that of \(\mathbf { a}\).
Parameter selection in lattice-based cryptography
TLDR
This thesis considers parameter selection in cryptosystems based on LWE, with a focus on security, and discusses the selection of parameters in SEAL, an implementation of the scheme by Fan and Vercauteren.
Low Weight Discrete Logarithms and Subset Sum in 20.65n with Polynomial Memory
TLDR
Two heuristic polynomial memory collision finding algorithms for the low Hamming weight discrete logarithm problem in any abelian group G using a direct adaptation of the Becker-Coron-Joux (BCJ) algorithm and a significantly improves on this adaptation for all possible weights.
A new Hybrid Lattice Attack on Galbraith's Binary LWE Cryptosystem
TLDR
A lattice-based approach guesses and removes some bits of the solution vector and maps the problem of solving the resulting sub-instance to the Closest Vector Problem in Lattice Theory.
Silver: Silent VOLE and Oblivious Transfer from Hardness of Decoding Structured LDPC Codes
TLDR
The approach boils down to constructing new families of linear codes with (plausibly) high minimum distance and extremely low encoding time, and it is hoped that initiating this approach to the design of MPC primitives will pave the way to new secure primitives with extremely attractive efficiency features.
Cryptanalysis of Compact-LWE
TLDR
Dongxi Liu recently introduced a new lattice-based encryption scheme (joint work with Li, Kim and Nepal) designed for lightweight IoT applications, based on a variant of standard LWE called Compact-LWE, but is claimed to achieve high security levels in considerably smaller dimensions than usual lattICE-based schemes.
Cryptanalysis of Compact-LWE and Related Lightweight Public Key Encryption
TLDR
This paper studies the so-called Compact-LWE problem and clarifies that under certain parameter settings it can be solved in polynomial time and leads to a practical attack against an instantiated scheme based on Compact- LWE proposed by Liu et al. in 2017.
LWE-based encryption schemes and their applications in privacy-friendly data aggregation
TLDR
LWE-Based Encryption Schemes and Their Applications in Privacy-Friendly Data Aggregation and their applications in privacy-friendly data Aggregation.
LP Solutions of Vectorial Integer Subset Sums - Cryptanalysis of Galbraith's Binary Matrix LWE
TLDR
A method is developed that identifies weak instances for Galbraith’s large LWE challenge, where the \((n,m)=(256, 640)\)-matrix A is binary, under a mild assumption that instances with \(m \le 2n\) can be broken in polynomial time via LP relaxation.

References

SHOWING 1-10 OF 17 REFERENCES
Provably Weak Instances of Ring-LWE Revisited
TLDR
This paper shows how to solve the search version of the ring learning with errors problem RLWE for the same families and error parameters, using only 7 samples with a success rate of 100i¾?% and works for every modulus$$q'$$ q' instead of the q that was used to construct the defining polynomial.
On the Hardness of LWE with Binary Error: Revisiting the Hybrid Lattice-Reduction and Meet-in-the-Middle Attack
TLDR
Concrete hardness estimations are given that can be used to select secure parameters for schemes based on LWE with binary error, by applying the Howgrave-Graham attack on NTRU to this setting.
On Ideal Lattices and Learning with Errors over Rings
TLDR
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones, by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees.
Provably Weak Instances of Ring-LWE
TLDR
This paper state and examine the Ring-LWE problem for general number rings and demonstrate provably weak instances of the Decision Ring- LWE problem, and constructs an explicit family of number fields for which they have an efficient attack.
An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices
TLDR
A new variant of the Blum, Kalai and Wasserman algorithm is introduced, relying on a quantization step that generalizes and fine-tunes modulus switching, which makes it possible to asymptotically and heuristically break the NTRU cryptosystem in subexponential time (without contradicting its security assumption).
Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers
TLDR
A compression technique that reduces the public key size of van Dijk, Gentry, Halevi and Vaikuntanathan's (DGHV) fully homomorphic scheme over the integers from O(λ7) to O( λ5) remains semantically secure, but in the random oracle model.
Space-efficient variants of cryptosystems based on learning with errors
TLDR
The aim of this paper is to investigate variants of LWE where the coefficients of the public key matrix are not chosen uniformly modulo q but are instead “small”, and to introduce some computational problems that may be interesting targets for cryptanalysis.
Key Homomorphic PRFs and Their Applications
TLDR
This work constructs the first provably secure key homomorphic PRFs in the standard model based on the learning with errors (LWE) problem and gives a constructionbased on the decision linear assumption in groups with an l-linear map.
Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems
TLDR
This work presents a signature scheme whose security is derived from the hardness of lattice problems and is based on recent theoretical advances in lattice-based cryptography and is highly optimized for practicability and use in embedded systems.
Better Key Sizes (and Attacks) for LWE-Based Encryption
TLDR
A new lattice attack on LWE that combines basis reduction with an enumeration algorithm admitting a time/success tradeoff performs better than the simple distinguishing attack considered in prior analyses.
...
...