Seminario: "On the equivalence between Ring-LWE and Polynomial-LWE for cyclotomic fields" - Edoardo Signorini

"On the equivalence between Ring-LWE and Polynomial-LWE for cyclotomic fields"
Edoardo Signorini - Università di Trento

Venerdì 13 Dicembre 2019 - ore 14:30
Sala Seminari, Dipartimento di Scienze Matematiche
Politecnico di Torino

Abstract: Ring-LWE and Polynomial-LWE are two algebraic variants of the Learning With Errors problem. Both variants are very attractive for cryptographic applications. RLWE is built from the ring of integers of a number field and is provably secure for any cyclotomic field. On the other hand, PLWE is a more simple and naive variant, which however can result in very efficient applications. Many cryptographic schemes, also present in the NIST's Post-Quantum Cryptography Standardization process, are based on cyclotomic fields of order a power of two, for which RLWE and PLWE are equivalent. We present a general transformation from RLWE to PLWE, analyzing the losses in the resulting reduction and focusing on the cyclotomic fields potentially useful for extending cryptographic schemes to wider scenarios.