# Learning with Errors and Extrapolated Dihedral Cosets

@article{Brakerski2017LearningWE, title={Learning with Errors and Extrapolated Dihedral Cosets}, author={Zvika Brakerski and Elena Kirshanova and Damien Stehl{\'e} and Weiqiang Wen}, journal={ArXiv}, year={2017}, volume={abs/1710.08223} }

The hardness of the learning with errors (LWE) problem is one of the most fruitful resources of modern cryptography. In particular, it is one of the most prominent candidates for secure post-quantum cryptography. Understanding its quantum complexity is therefore an important goal. We show that under quantum polynomial time reductions, LWE is equivalent to a relaxed version of the dihedral coset problem (DCP), which we call extrapolated DCP (eDCP). The extent of extrapolation varies with the LWE…

## 13 Citations

### Quantum Algorithms for Variants of Average-Case Lattice Problems via Filtering

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2021

Polynomial-time quantum algorithms for variants of SIS and EDCP use the existing quantum reductions from those problems to LWE, or more precisely, to the problem of solving LWE given LWE-like quantum states with interesting parameters.

### Post-Quantum $\kappa$-to-1 Trapdoor Claw-free Functions from Extrapolated Dihedral Cosets

- Computer Science, Mathematics
- 2022

This work attempts to further extend the NTCF 12 to achieve a κ to-1 function with poly -bounded preimage size and gives a similar interactive protocol for proving quantumness from the N TCF 1 κ.

### Quantum algorithms for typical hard problems: a perspective of cryptanalysis

- Computer Science, MathematicsQuantum Inf. Process.
- 2020

This paper discussed the designing methodology, algorithm framework and latest progress of the mathematic hard problems on which the typical cryptosystems depend, including integer factorization problem, discrete logarithmic problem and its variants, lattice problem, dihedral hidden subgroup problems and extrapolated dihedral coset problem.

### An efficient quantum algorithm for lattice problems achieving subexponential approximation factor

- Computer Science, MathematicsArXiv
- 2022

We give a quantum algorithm for solving the Bounded Distance Decoding (BDD) problem with a subexponential approximation factor on a class of integer lattices. The quantum algorithm uses a well-known…

### Quantum computation capability verification protocol for NISQ devices with dihedral coset problem

- Computer Science, Physics
- 2022

This article proposes an interactive protocol for one party (the veriﬁer) holding a quantum computer to verify the quantum computation power of another party’s device via a one-way quantum channel via the dihedral coset problem (DCP) challenge.

### Efficient Quantum Public-Key Encryption From Learning With Errors

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2020

Our main result is a quantum public-key encryption scheme based on the Extrapolated Dihedral Coset problem (EDCP) which is equivalent, under quantum polynomial-time reductions, to the Learning With…

### Quantum computation capability verification protocol for noisy intermediate-scale quantum devices with the dihedral coset problem

- Computer SciencePhysical Review A
- 2022

This article proposes an interactive protocol for one party (the veriﬁer) holding a quantum computer to verify the quantum computation power of another party’s device via a one-way quantum channel via the dihedral coset problem (DCP) challenge.

### An Optimized GHV-Type HE Scheme: Simpler, Faster, and More Versatile

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

An optimized variant of Gentry, Halevi and Vaikuntanathan (GHV)′s Homomorphic Encryption (HE) scheme is presented, which can achieve asymptotically optimal time complexity and avoid generating and storing the inverse of the used trapdoor.

### Leveraging the hardness of dihedral coset problem for quantum cryptography

- Computer Science, Materials ScienceQuantum Information Processing
- 2022

This work proposes a bipartite quantum key agreement protocol based on dihedral coset states, and by using it it is demonstrated that bits of information can be transmitted securely in a quantum secure communication scenario.

### Advances in Quantum Cryptography

- Computer Science
- 2019

This review begins by reviewing protocols of quantum key distribution based on discrete variable systems, and considers aspects of device independence, satellite challenges, and high rate protocols based on continuous variable systems.

## References

SHOWING 1-10 OF 32 REFERENCES

### C R ] 2 3 O ct 2 01 7 Learning With Errors and Extrapolated Dihedral Cosets

- Computer Science
- 2017

It is shown that under quantum polynomial time reductions, LWE is equivalent to a relaxed version of the dihedral coset problem (DCP), which it is called extrapolated DCP (eDCP); the extent of extrapolation varies with the LWE noise rate.

### On lattices, learning with errors, random linear codes, and cryptography

- Computer ScienceSTOC '05
- 2005

A public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP, and an efficient solution to the learning problem implies a <i>quantum</i>, which can be made classical.

### Classical hardness of learning with errors

- Computer Science, MathematicsSTOC '13
- 2013

It is shown that the Learning with Errors (LWE) problem is classically at least as hard as standard worst-case lattice problems, and the techniques captured the tradeoff between the dimension and the modulus of LWE instances, leading to a much better understanding of the landscape of the problem.

### Public-key cryptosystems from the worst-case shortest vector problem: extended abstract

- Computer Science, MathematicsSTOC '09
- 2009

The main technical innovation is a reduction from variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem; previously, only a quantum reduction of this kind was known.

### Quantum rejection sampling

- Computer ScienceITCS '12
- 2012

A quantum analogue of rejection sampling is defined: given a black box producing a coherent superposition of (possibly unknown) quantum states with some amplitudes, the problem is to prepare a coherentsuperposition of the same states, albeit with different target amplitudes of this quantum state generation problem.

### On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem

- Computer Science, MathematicsCRYPTO
- 2009

This work proves the equivalence, up to a small polynomial approximation factor, of the lattice problems uSVP, BDD and GapSVP and the Ajtai-Dwork and the Regev cryptosystems, which were previously only known to be based on the hardness of USVP.

### New lattice-based cryptographic constructions

- Mathematics, Computer ScienceJACM
- 2004

A new public key cryptosystem whose security guarantee is considerably stronger than previous results is provided, and a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem is proposed.

### A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem

- Computer ScienceSIAM J. Comput.
- 2005

A quantum algorithm for the dihedral hidden subgroup problem (DHSP) with time and query complexity $2^{O(\sqrt{\log\ N})}$.

### Efficient Public Key Encryption Based on Ideal Lattices

- Computer Science, MathematicsASIACRYPT
- 2009

This work achieves CPA-security against subexponential attacks, with (quasi-)optimal asymptotic performance, in public key encryption schemes with security provably based on the worst case hardness of the approximate Shortest Vector Problem in some structured lattices, called ideal lattices.

### Optimal measurements for the dihedral hidden subgroup problem

- Mathematics, Computer ScienceChic. J. Theor. Comput. Sci.
- 2006

It is proved that the success probability of this optimal measurement exhibits a sharp threshold as a function of the density nu=k/log N, where k is the number of copies of the hidden subgroup state and 2N is the order of the dihedral group.