IACR News item: 04 March 2016
Wouter Castryck, Ilia Iliashenko, Frederik Vercauteren
ePrint Report
Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the Ring Learning With Errors problem (Ring-LWE) has been widely used as a building block for cryptographic primitives, due to its great versatility and its hardness proof consisting of a (quantum) reduction to ideal lattice problems. This reduction assumes a lower bound on the width of the error distribution that is often violated in practice. In this paper we show that caution is needed when doing so, by providing for any $\varepsilon > 0$, a family of number fields $K$ of increasing degree $n$ for which Ring-LWE can be broken easily as soon as the errors required by the reduction are scaled down by $|\Delta_K|^{\varepsilon/n}$ with $\Delta_K$ the discriminant of $K$.
Additional news items may be found on the IACR news page.