Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography

Channel:
United States Simons Institute for the Theory of Computing
Subscribers:
68,700
Published on ● Video Link: https://www.youtube.com/watch?v=LduOtwsfG7w


Duration: 1:01:39
813 views
10

Nicholas Genise (UC San Diego)
Lattices: Algorithms, Complexity, and Cryptography
Seminar, Apr. 7, 2020

Discrete Gaussian distributions over lattices are central to lattice-based cryptography, and to the computational and mathematical aspects of lattices more broadly. The literature contains a wealth of useful theorems about the behavior of discrete Gaussians under convolutions and related operations. Yet despite their structural similarities, most of these theorems are formally incomparable, and their proofs tend to be monolithic and written nearly “from scratch,” making them unnecessarily hard to verify, understand, and extend.

In this work we present a modular framework for analyzing linear operations on discrete Gaussian distributions. The framework abstracts away the particulars of Gaussians, and usually reduces proofs to the choice of appropriate linear transformations and elementary linear algebra. To showcase the approach, we establish several general properties of discrete Gaussians, and show how to obtain all prior convolution theorems (along with some new ones) as straightforward corollaries. As another application, we describe a self-reduction for Learning With Errors (LWE) that uses a fixed number of samples to generate an unlimited number of additional ones (having somewhat larger error). The distinguishing features of our reduction are its simple analysis in our framework, and its exclusive use of discrete Gaussians without any loss in parameters relative to a prior mixed discrete-and-continuous approach.

As a contribution of independent interest, for subgaussian random matrices we prove a singular value concentration bound with explicitly stated constants, and we give tighter heuristics for specific distributions that are commonly used for generating lattice trapdoors. These bounds yield improvements in the concrete bit-security estimates for trapdoor lattice cryptosystems.

This is joint work with Daniele Micciancio, Chris Peikert, and Michael Walter.



Other Videos By Simons Institute for the Theory of Computing


2020-04-27Signatures, Commitments, Zero-Knowledge, and Applications
2020-04-23Post-Quantum Multi-Party Computation in Constant Rounds
2020-04-23Quantum Coupon Collector
2020-04-23Laconic Function Evaluation
2020-04-20A Tale of Turing Machines, Quantum-Entangled Particles, and Operator Algebras
2020-04-15Robust Polynomial Method and a Sub-Volume Law for Locally Gapped Frustration-Free Spin Systems
2020-04-13Optimal Broadcast Encryption from Pairings and LWE
2020-04-09Secure Multi-party Quantum Computation with a Dishonest Majority
2020-04-09Quantum Speedup for Graph Sparsification, Cut Approximation and Laplacian Solving
2020-04-08NIZK from LPN and Trapdoor Hash via Correlation Intractability for Approximable Relations
2020-04-08Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography
2020-04-07The Digital Fence: Taiwan’s Response to COVID-19
2020-04-06Lattices, Post-Quantum Security and Homomorphic Encryption — Q&A
2020-04-06Lattices, Post-Quantum Security and Homomorphic Encryption
2020-04-03What Do Algorithmic Fairness and COVID-19 Case-Severity Prediction Have in Common?
2020-04-02Efficient Learning of Pauli Channels
2020-04-02Not All Benchmarks Are Created Equal
2020-04-02Cycle Benchmarking: The New Paradigm for Assessing All Relevant Errors and Error Correlations...
2020-04-02Cross-Platform Verification of Intermediate Scale Quantum Devices with Randomized Measurements
2020-04-01MIP* = RE: Putting Everything Together
2020-04-01MIP* = RE Part 2: PCPs and Introspection


Tags:
Simons Institute
theoretical computer science
UC Berkeley
Computer Science
Theory of Computation
Theory of Computing