Subspace LWE

K.Z. Pietrzak, in:, Springer, 2012, pp. 548–563.

Conference Paper | Published | English
Series Title
The (decisional) learning with errors problem (LWE) asks to distinguish "noisy" inner products of a secret vector with random vectors from uniform. The learning parities with noise problem (LPN) is the special case where the elements of the vectors are bits. In recent years, the LWE and LPN problems have found many applications in cryptography. In this paper we introduce a (seemingly) much stronger adaptive assumption, called "subspace LWE" (SLWE), where the adversary can learn the inner product of the secret and random vectors after they were projected into an adaptively and adversarially chosen subspace. We prove that, surprisingly, the SLWE problem mapping into subspaces of dimension d is almost as hard as LWE using secrets of length d (the other direction is trivial.) This result immediately implies that several existing cryptosystems whose security is based on the hardness of the LWE/LPN problems are provably secure in a much stronger sense than anticipated. As an illustrative example we show that the standard way of using LPN for symmetric CPA secure encryption is even secure against a very powerful class of related key attacks.
Publishing Year
Date Published
Supported by the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC Starting Grant (259668-PSPC).
548 - 563
TCC: Theory of Cryptography Conference
Conference Location
Taormina, Sicily, Italy
Conference Date
2012-03-19 – 2012-03-21

Cite this

Pietrzak KZ. Subspace LWE. In: Vol 7194. Springer; 2012:548-563. doi:10.1007/978-3-642-28914-9_31
Pietrzak, K. Z. (2012). Subspace LWE (Vol. 7194, pp. 548–563). Presented at the TCC: Theory of Cryptography Conference, Taormina, Sicily, Italy: Springer.
Pietrzak, Krzysztof Z. “Subspace LWE,” 7194:548–63. Springer, 2012.
K. Z. Pietrzak, “Subspace LWE,” presented at the TCC: Theory of Cryptography Conference, Taormina, Sicily, Italy, 2012, vol. 7194, pp. 548–563.
Pietrzak KZ. 2012. Subspace LWE. TCC: Theory of Cryptography Conference, LNCS, vol. 7194, 548–563.
Pietrzak, Krzysztof Z. Subspace LWE. Vol. 7194, Springer, 2012, pp. 548–63, doi:10.1007/978-3-642-28914-9_31.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]

Link(s) to Main File(s)
Access Level
OA Open Access


Marked Publications

Open Data IST Research Explorer

Search this title in

Google Scholar