Content deleted Content added
added first reference |
No edit summary |
||
Line 29:
Using the same definitions, the Decision version of the problem can be stated as follows. Given a list of polynomial pairs <math>( a_i(x), b_i(x) )</math> determine whether the <math>b_i(x)</math> polynomials were constructed as <math>b_i(x) = (a_i(x)\cdot s(x)) + e_i(x)</math> or were generated randomly from <math>Z_q[x]/\Phi(x)</math> with coefficients from all of <math>F_q</math>.
The difficulty of this problem is parameterized by the choice of the quotient polynomial ( <math>\Phi(x)</math> ), its degree (n), the field (<math>F_q</math>), and the smallness bound (<math>b</math>). In many RLWE based public key algorithms the private key will be a pair of small polynomials <math>s(x)</math> and <math>e(x)</math>. The corresponding public key will be a pair of polynomials <math>a(x)</math>, selected randomly from <math>Z_q[x]/\Phi(x)</math>, and the polynomial <math>t(x)= (a(x)\cdot s(x)) + e(x)</math>. Given <math>a(x)</math> and <math>t(x)</math>, it should be computationally infeasible to recover the polynomial <math>s(x)</math>
=== Security Reduction ===
The difficulty of solving the RLWE problem is believed to be related to the difficulty of finding a short non-zero vector in a lattice associated with the polynomial ring <math>Z_q[x]/\Phi(x)</math> . In particular it is related to the difficulty of finding a vector shorter than an integer α times the length of the shortest vector in the lattice where α is constrained to be a polynomial function of the degree n. This is known as the "Approximate Shortest Vector Problem."
Researchers have shown that if the Approximate Shortest Vector Problem is hard to solve in the worst case then the decision version of the Ring Learning with Errors problem will be hard to solve in an average case. In other words, if any instance of the Approximate Short Vector Problem is hard in the lattice, then the RLWE will be hard for random instances of the problem.
=== RLWE Cryptography ===
__NOINDEX__
| |||