Abstract
Let (D,S,χ,m)-LWEn,q be the LWE problem in matrix form (A,y=As+emodq), where A,s,e are randomly chosen respectively from the seed distribution D over Zqm×n, secret distribution S over Zqn and noise distribution χm over Zm (or Rm), i.e., A←D,s←S,e←χm. For various secret-noise distributions (S,χ), the (D,S,χ,m)-LWEn,q problem is shown to be as hard as some standard worst-case lattice problems, but most of the known results require D to be the uniform distribution over Zqm×n. In this paper, we show that under the standard LWE assumption, the problem (D,S,χ,m)-LWEn,q can still be hard for some distribution D that is not (even computationally indistinguishable from) the uniform distribution over Zqm×n. Specifically, we show that if D is a semi-uniform distribution over Zqm×n (namely, D can be publicly derived from and has a “small difference” to the uniform distribution over Zqm×n), then for appropriate choices of (S,χ), the problem (D,S,χ,m)-LWEn,q is hard under the standard LWE assumption. Moreover, we also show that the semi-uniform MLWE problem is hard under the standard MLWE assumption. As a direct application, our results pave the way to prove the security of public-key encryptions with rounded public keys under the standard (M)LWE assumption.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
