Lattice-Based Cryptography: A Post-Quantum Solution

Jeff Phillips, Code Siren, LLC

12 August 2023 - Post Quantum News

Introduction

Quantum computing is a field that can potentially change many aspects of our lives. However, it could also be used to break existing cryptographic algorithms, which could have severe implications for the security of our data.

The most widely used cryptographic algorithms are based on the difficulty of factoring large numbers or the discrete logarithm problem. However, quantum computers could factor large numbers and solve the discrete logarithm problem exponentially faster than classical computers. This means that many of the most widely used cryptographic algorithms could be broken by quantum computers.

Lattice-based cryptography is a type of cryptography that is designed to be secure even against quantum computers. Lattice-based cryptography uses the difficulty of solving certain problems on lattices to secure communications. One of the most promising lattice-based cryptographic schemes is the Learning with Errors (LWE) problem. The LWE problem is believed to be difficult to solve even for quantum computers, and it has been used to construct several secure cryptographic schemes.

History and Background of Lattice-Based Cryptography

The history of lattice-based cryptography dates back to the early 1980s, when it was first proposed as a possible alternative to number-theoretic cryptography. However, it was only in the late 1990s that lattice-based cryptography began to gain serious attention.

In 1996, Miklós Ajtai introduced the first lattice-based cryptographic construction whose security could be based on the hardness of well-studied lattice problems. 1998 Joseph H. Silverman, Jill Pipher, and Jeffrey Hoofstein introduced a lattice-based public key encryption scheme.

Since then, there has been much research in lattice-based cryptography. Several new lattice-based cryptographic schemes have been proposed, and the security of these schemes has been analyzed in great detail.

The LWE Problem

The Learning with Errors (LWE) problem is a lattice-based problem that is considered difficult to solve even for quantum computers. The LWE problem is defined as follows:

Given a lattice Λ and a noise distribution D, the LWE problem is to find the secret key s given the public key pk=(A,b) and a set of noisy samples (ai​,bi​)∈Λ×D.

The LWE problem is believed to be difficult to solve because it is a non-linear problem. This means it is impossible to solve the LWE problem by simply applying linear operations to the noisy samples.

Why LWE is Too Complicated for Quantum Computing

The LWE problem is believed to be too complicated for quantum computers because it is a non-linear problem. Quantum computers are very good at solving linear problems but could be better at solving non-linear problems.

In addition, the LWE problem is believed to be hard even for quantum computers with large amounts of computational power. This is because the LWE problem is a statistical inference problem, and quantum computers could be better at statistical inference.

Lattice-Based Cryptographic Schemes

Several lattice-based cryptographic schemes have been proposed. Some of the most well-known lattice-based cryptographic schemes include:

NTRUEncrypt

CRYSTALS-Kyber

NewHope

Saber

These schemes are all based on the LWE problem and are all believed to be secure against quantum computers.

Conclusion

Lattice-based cryptography is promising post-quantum cryptography. The LWE problem is a lattice-based problem considered difficult to solve even for quantum computers. This makes LWE a good candidate for a post-quantum cryptographic scheme.

Footnotes:

  • [1] Ajtai, M. "Generating hard instances of the knapsack problem." Proceedings of the twenty-eight annual ACM symposium on Theory of computing. ACM, 1996.
  • [2] Silverman, J. H., Pipher, J., & Hoofstein, J. "NTRU: A new block cipher with high security against differential cryptanalysis." Advances in cryptology - ASIACRYPT'98. Springer, Berlin, Heidelberg, 1998.
  • [3] Regev, O. "On lattices, learning with errors, random linear codes, and cryptography." Journal of the ACM (JACM). ACM, 2005.