The Learning With Error problem (LWE) is becoming more and more used in cryptography, for instance, in the design of some fully homomorphic encryption schemes. It is thus of primordial importance to find the best algorithms that might solve this problem so that concrete parameters can be proposed. The BKW algorithm was proposed by Blum et al. as an algorithm to solve the Learning Parity with No...

The Number Theoretic Transform (NTT) provides efficient algorithms for cyclic and nega-cyclic convolutions, which have many applications in computer arithmetic, e.g., for multiplying large integers and large degree polynomials. It is commonly used in cryptographic schemes that are based on the hardness of the Ring Learning With Errors (R-LWE) problem to efficiently implement modular polynomial ...

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem ; we accompany these ciphersuites with a rigorous proof of security....

We analyze the concrete security and key sizes of theoretically sound lattice-based encryption schemes based on the “learning with errors” (LWE) problem. Our main contributions are: (1) a new lattice attack on LWE that combines basis reduction with an enumeration algorithm admitting a time/success tradeoff, which performs better than the simple distinguishing attack considered in prior analyses...

Single-trace attacks are a considerable threat to implementations of classic public-key schemes, and their implications on newer lattice-based schemes still not well understood. Two recent works have presented successful single-trace targeting the Number Theoretic Transform (NTT), which is at heart many schemes. However, these either require quite powerful side-channel adversary or restricted s...

Lattice gadgets and the associated algorithms are essential building blocks of lattice-based cryptography. In past decade, they have been applied to build versatile powerful cryptosystems. However, practical optimizations designs gadget-based schemes generally lag their theoretical constructions. For example, signatures elegant design capability extending more advanced primitives, but far less ...

Administration of topical rebamipide increases the mucin level of tear film and improves the ocular surface in short break-up time type of dry eye. Lid wiper epitheliopathy (LWE) is a disorder of the marginal conjunctiva of the upper eyelid with dry eye symptoms. LWE may be related to mechanical forces during blinking resulting in inflammation of the ocular surface. Rebamipide also has various ...

The learning with errors (LWE) problem is one of the most attractive problems that lattice-based cryptosystems base their security on. Thus, assessing the hardness in theory and practice is of prime importance. Series of work investigated the hardness of LWE from a theoretical point of view. However, it is quite common that in practice one can solve lattice problems much faster than theoretical...

The (decisional) learning with errors problem (LWE) asks to distinguish “noisy” inner products of a secret vector with random vectors from uniform. The learning parities with noise problem (LPN) is the special case where the elements of the vectors are bits. In recent years, the LWE and LPN problems have found many applications in cryptography. In this paper we introduce a (seemingly) much stro...