RLWE and PLWE over cyclotomic fields are not equivalent

Antonio J. Di Scala; Carlo Sanna; Edoardo Signorini

arXiv:2201.04365·math.NT·January 13, 2022·Appl. Algebra Eng. Commun. Comput.

RLWE and PLWE over cyclotomic fields are not equivalent

Antonio J. Di Scala, Carlo Sanna, Edoardo Signorini

PDF

Open Access 1 Repo

TL;DR

This paper demonstrates that RLWE and PLWE problems over cyclotomic fields are fundamentally different by showing that reducing one to the other significantly amplifies noise, with implications for cryptographic security.

Contribution

It proves the non-equivalence of RLWE and PLWE over cyclotomic fields and establishes a lower bound on the condition number of related Vandermonde matrices.

Findings

01

RLWE and PLWE are not equivalent over cyclotomic fields

02

Reducing one problem to the other increases noise super-polynomially

03

Lower bound on Vandermonde matrix condition number for infinitely many n

Abstract

We prove that the Ring Learning With Errors (RLWE) and the Polynomial Learning With Errors (PLWE) problems over the cyclotomic field $Q (ζ_{n})$ are not equivalent. Precisely, we show that reducing one problem to the other increases the noise by a factor that is more than polynomial in $n$ . We do so by providing a lower bound, holding for infinitely many positive integers $n$ , for the condition number of the Vandermonde matrix of the $n$ th cyclotomic polynomial.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

edoars/cyclovandermonde
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsCoding theory and cryptography · Quantum Computing Algorithms and Architecture · semigroups and automata theory