Hardness of k-LWE and applications in traitor tracing

San Ling; Duong Hieu Phan; Damien Stehlé; Ron Steinfeld

doi:10.1007/978-3-662-44371-2_18

Hardness of k-LWE and applications in traitor tracing

San Ling, Duong Hieu Phan, Damien Stehlé, Ron Steinfeld

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

20 Citations (Scopus)

Abstract

We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to "untrusted" parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.

Original language	English
Title of host publication	Advances in Cryptology - CRYPTO 2014
Subtitle of host publication	34th Annual Cryptology Conference, Proceedings
Editors	Juan A. Garay, Rosario Gennaro
Place of Publication	Heidelberg
Publisher	Springer, Springer Nature
Pages	315-334
Number of pages	20
Volume	8616 LNCS
Edition	PART 1
ISBN (Electronic)	9783662443712
ISBN (Print)	9783662443705
DOIs	https://doi.org/10.1007/978-3-662-44371-2_18
Publication status	Published - 2014
Event	34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States Duration: 17 Aug 2014 → 21 Aug 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 1
Volume	8616 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	34rd Annual International Cryptology Conference, CRYPTO 2014
Country	United States
City	Santa Barbara, CA
Period	17/08/14 → 21/08/14

Fingerprint

Keywords

Lattice-based cryptography
LWE
Traitor tracing

Cite this

Ling, S., Phan, D. H., Stehlé, D., & Steinfeld, R. (2014). Hardness of k-LWE and applications in traitor tracing. In J. A. Garay, & R. Gennaro (Eds.), Advances in Cryptology - CRYPTO 2014: 34th Annual Cryptology Conference, Proceedings (PART 1 ed., Vol. 8616 LNCS, pp. 315-334). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8616 LNCS, No. PART 1). Heidelberg: Springer, Springer Nature. https://doi.org/10.1007/978-3-662-44371-2_18

Ling, San ; Phan, Duong Hieu ; Stehlé, Damien ; Steinfeld, Ron. / Hardness of k-LWE and applications in traitor tracing. Advances in Cryptology - CRYPTO 2014: 34th Annual Cryptology Conference, Proceedings. editor / Juan A. Garay ; Rosario Gennaro. Vol. 8616 LNCS PART 1. ed. Heidelberg : Springer, Springer Nature, 2014. pp. 315-334 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1).

@inproceedings{eed8294525fe42a997265ad38d7dd699,

title = "Hardness of k-LWE and applications in traitor tracing",

abstract = "We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to {"}untrusted{"} parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.",

keywords = "Lattice-based cryptography, LWE, Traitor tracing",

author = "San Ling and Phan, {Duong Hieu} and Damien Stehl{\'e} and Ron Steinfeld",

year = "2014",

doi = "10.1007/978-3-662-44371-2_18",

language = "English",

isbn = "9783662443705",

volume = "8616 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer, Springer Nature",

number = "PART 1",

pages = "315--334",

editor = "Garay, {Juan A.} and Rosario Gennaro",

booktitle = "Advances in Cryptology - CRYPTO 2014",

address = "United States",

edition = "PART 1",

}

Ling, S, Phan, DH, Stehlé, D & Steinfeld, R 2014, Hardness of k-LWE and applications in traitor tracing. in JA Garay & R Gennaro (eds), Advances in Cryptology - CRYPTO 2014: 34th Annual Cryptology Conference, Proceedings. PART 1 edn, vol. 8616 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 8616 LNCS, Springer, Springer Nature, Heidelberg, pp. 315-334, 34rd Annual International Cryptology Conference, CRYPTO 2014, Santa Barbara, CA, United States, 17/08/14. https://doi.org/10.1007/978-3-662-44371-2_18

Hardness of k-LWE and applications in traitor tracing. / Ling, San; Phan, Duong Hieu; Stehlé, Damien; Steinfeld, Ron.

Advances in Cryptology - CRYPTO 2014: 34th Annual Cryptology Conference, Proceedings. ed. / Juan A. Garay; Rosario Gennaro. Vol. 8616 LNCS PART 1. ed. Heidelberg : Springer, Springer Nature, 2014. p. 315-334 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8616 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

TY - GEN

T1 - Hardness of k-LWE and applications in traitor tracing

AU - Ling, San

AU - Phan, Duong Hieu

AU - Stehlé, Damien

AU - Steinfeld, Ron

PY - 2014

Y1 - 2014

N2 - We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to "untrusted" parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.

AB - We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to "untrusted" parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.

KW - Lattice-based cryptography

KW - LWE

KW - Traitor tracing

UR - http://www.scopus.com/inward/record.url?scp=84905388168&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-44371-2_18

DO - 10.1007/978-3-662-44371-2_18

M3 - Conference proceeding contribution

SN - 9783662443705

VL - 8616 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 315

EP - 334

BT - Advances in Cryptology - CRYPTO 2014

A2 - Garay, Juan A.

A2 - Gennaro, Rosario

PB - Springer, Springer Nature

CY - Heidelberg

ER -

Ling S, Phan DH, Stehlé D, Steinfeld R. Hardness of k-LWE and applications in traitor tracing. In Garay JA, Gennaro R, editors, Advances in Cryptology - CRYPTO 2014: 34th Annual Cryptology Conference, Proceedings. PART 1 ed. Vol. 8616 LNCS. Heidelberg: Springer, Springer Nature. 2014. p. 315-334. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). https://doi.org/10.1007/978-3-662-44371-2_18

Access to Document

10.1007/978-3-662-44371-2_18

Link to publication in Scopus