Go to DBLP homepageModule Learning with Errors with Truncated Matrices
Abstract: The Module Learning with Errors (\(\textsf{MLWE}\)) problem is one of the most commonly used hardness assumption in lattice-based cryptography. In its standard version, a matrix \(\textbf{A}\) is sampled uniformly at random over a quotient ring \(R_q\), as well as noisy linear equations in the form of \(\textbf{A}\textbf{s}+ \textbf{e}\bmod q\), where \(\textbf{s}\) is the secret, sampled uniformly at random over \(R_q\), and \(\textbf{e}\) is the error, coming from a Gaussian distribution. Many previous works have focused on variants of \(\textsf{MLWE}\), where the secret and/or the error are sampled from different distributions. Only few works have focused on different distributions for the matrix \(\textbf{A}\). One variant proposed in the literature is to consider matrix distributions, where the low-order bits of a uniform \(\textbf{A}\) are deleted. This seems a natural approach in order to save in bandwidth. We call it truncated \(\textsf{MLWE}\).
Loading