Welcome to the resource topic for 2021/865

Title:
Quantum Key Search for Ternary LWE

Authors: Iggy van Hoof, Elena Kirshanova, Alexander May

Ternary LWE, i.e., LWE with coefficients of the secret and the error vectors taken from \{-1, 0, 1\}, is a popular choice among NTRU-type cryptosystems and some signatures schemes like BLISS and GLP. In this work we consider quantum combinatorial attacks on ternary LWE. Our algorithms are based on the quantum walk framework of Magniez-Nayak-Roland-Santha. At the heart of our algorithms is a combinatorial tool called the representation technique that appears in algorithms for the subset sum problem. This technique can also be applied to ternary LWE resulting in faster attacks. The focus of this work is quantum speed-ups for such representation-based attacks on LWE. When expressed in terms of the search space \mathcal{S} for LWE keys, the asymptotic complexity of the representation attack drops from \mathcal{S}^{0.24} (classical) down to \mathcal{S}^{0.19} (quantum). This translates into noticeable attack’s speed-ups for concrete NTRU instantiations like NTRU-HRSS and NTRU Prime. Our algorithms do not undermine current security claims for NTRU or other ternary LWE based schemes, yet they can lay ground for improvements of the combinatorial subroutines inside hybrid attacks on LWE.

ePrint: https://eprint.iacr.org/2021/865

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .