International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Evasive LWE Assumptions: Definitions, Classes, and Counterexamples

Authors:
Chris Brzuska , Aalto University
Akin Ünal , IST Austria, Klosterneuburg
Ivy K. Y. Woo , Aalto University
Download:
Search ePrint
Search Google
Conference: ASIACRYPT 2024
Abstract: The evasive LWE assumption, proposed by Wee [Eurocrypt'22 Wee] for constructing a lattice-based optimal broadcast encryption, has shown to be a powerful assumption, adopted by subsequent works to construct advanced primitives ranging from ABE variants to obfuscation for null circuits. However, a closer look reveals significant differences among the precise assumption statements involved in different works, leading to the fundamental question of how these assumptions compare to each other. In this work, we initiate a more systematic study on evasive LWE assumptions: (i) Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto'22 Tsabary, Asiacrypt'22 VWW, Crypto'23 ARYY] respectively, showing that these assumptions are unlikely to hold. (ii) Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples. (iii) We show that under our assumption formulations, the security proofs of [Asiacrypt'22 VWW] and [Crypto'23 ARYY] can be recovered, and we reason why the security proof of [Crypto'22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption.
BibTeX
@inproceedings{asiacrypt-2024-34697,
  title={Evasive LWE Assumptions: Definitions, Classes, and Counterexamples},
  publisher={Springer-Verlag},
  author={Chris Brzuska and Akin Ünal and Ivy K. Y. Woo},
  year=2024
}