# Algebraic aspects of solving Ring-LWE, including ring-based improvements   in the Blum-Kalai-Wasserman algorithm

**Authors:** Katherine E. Stange

arXiv: 1902.07140 · 2020-07-14

## TL;DR

This paper introduces a reduction technique for Ring-LWE problems using ring-structured samples and proposes Ring-BKW, a ring-aware variant of the BKW algorithm, enhancing efficiency and parallelization for cryptographic applications.

## Contribution

It presents a novel reduction of Ring-LWE to subring problems and introduces Ring-BKW, a ring-structured BKW algorithm that improves efficiency and parallelization.

## Key findings

- Reduction of Ring-LWE to subring problems using restricted samples
- Ring-BKW algorithm respects ring structure and enables parallelization
- Exploits symmetry to reduce computational resources

## Abstract

We provide a reduction of the Ring-LWE problem to Ring-LWE problems in subrings, in the presence of samples of a restricted form (i.e. $(a,b)$ such that $a$ is restricted to a multiplicative coset of the subring). To create and exploit such restricted samples, we propose Ring-BKW, a version of the Blum-Kalai-Wasserman algorithm which respects the ring structure. Off-the-shelf BKW dimension reduction (including coded-BKW and sieving) can be used for the reduction phase. Its primary advantage is that there is no need for back-substitution, and the solving/hypothesis-testing phase can be parallelized. We also present a method to exploit symmetry to reduce table sizes, samples needed, and runtime during the reduction phase. The results apply to two-power cyclotomic Ring-LWE with parameters proposed for practical use (including all splitting types).

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.07140/full.md

## References

28 references — full list in the complete paper: https://tomesphere.com/paper/1902.07140/full.md

---
Source: https://tomesphere.com/paper/1902.07140