Improved Reduction Between SIS Problems Over Structured Lattices

Many lattice-based cryptographic schemes are constructed based on hard problems on an algebraic structured lattice, such as the short integer solution (SIS) problems. These problems are called ring-SIS (R-SIS) and its generalized version, module-SIS (M-SIS). Generally, it has been considered that pr...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2021, Vol.9, p.157083-157092
Main Authors: Koo, Zahyun, Lee, Yongwoo, Lee, Joon-Woo, No, Jong-Seon, Kim, Young-Sik
Format: Article
Language:English
Subjects:
Cryptography
Elliptic curve cryptography
Lattice-based cryptography
Lattices
learning with error (LWE)
module-short integer solution (M-SIS) problem
Modules
Reduction
ring-short integer solution (R-SIS) problem
short integer solution~(SIS) problem
Standardization
Structural rings
Upper bound
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c358t-a524dd50eb1660daed3294cd9e3a1f24c6359764c8637fbc26256937ddb3fae53
container_end_page 157092
container_issue
container_start_page 157083
container_title IEEE access
container_volume 9
creator Koo, Zahyun
Lee, Yongwoo
Lee, Joon-Woo
No, Jong-Seon
Kim, Young-Sik
description Many lattice-based cryptographic schemes are constructed based on hard problems on an algebraic structured lattice, such as the short integer solution (SIS) problems. These problems are called ring-SIS (R-SIS) and its generalized version, module-SIS (M-SIS). Generally, it has been considered that problems defined on the module lattice are more difficult than the problems defined on the ideal lattice. However, Koo, No, and Kim showed that R-SIS is more difficult than M-SIS under some norm constraints of R-SIS. However, this reduction has problems in that the rank of the module is limited to about half of the instances of R-SIS, and the comparison is not performed through the same modulus of R-SIS and M-SIS. In this paper, we propose the three reductions. First, we show that R-SIS is more difficult than M-SIS with the same modulus and ring dimension under some constraints of R-SIS. Also, we show that through the reduction from M-SIS to R-SIS with the same modulus, the rank of the module is extended as much as the number of instances of R-SIS from half of the number of instances of R-SIS compared to the previous work. Second, we show that R-SIS is more difficult than M-SIS under some constraints, which is tighter than the M-SIS in the previous work. Finally, we propose that M-SIS with the modulus prime q^{k} is more difficult than M-SIS with the composite modulus c , such that c is divided by q . Through the three reductions, we conclude that R-SIS with the modulus q is more difficult than M-SIS with the composite modulus c .
doi_str_mv 10.1109/ACCESS.2021.3128139
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9615083</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9615083</ieee_id><doaj_id>oai_doaj_org_article_94daf2a2d4064d24a8a2ccc2c8f275dd</doaj_id><sourcerecordid>2604925595</sourcerecordid><originalsourceid>FETCH-LOGICAL-c358t-a524dd50eb1660daed3294cd9e3a1f24c6359764c8637fbc26256937ddb3fae53</originalsourceid><addsrcrecordid>eNpNUEtLw0AQDqJgqf0FvQQ8p-7OPpK9WUPVQEExel42uxNJaZu6SSv-e7emFOcyw_A9Zr4omlIyo5Sou3meL8pyBgTojFHIKFMX0QioVAkTTF7-m6-jSdetSKgsrEQ6iu6Lzc63B3TxG7q97Zt2Gz9g_424jcuijF99W61x08UvB_Rx2fuA2fsAX5q-byx2N9FVbdYdTk59HH08Lt7z52T58lTk82Vimcj6xAjgzgmCFZWSOIOOgeLWKWSG1sCtZEKlkttMsrSuLEgQUrHUuYrVBgUbR8Wg61qz0jvfbIz_0a1p9N-i9Z_a-HDRGrXiztRgwHEiuQNuMgPWWrBZDalwLmjdDlrh9a89dr1etXu_DedrkIQrEEIdHdmAsr7tOo_12ZUSfUxeD8nrY_L6lHxgTQdWg4hnhpJUkIyxXxl-fn8</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2604925595</pqid></control><display><type>article</type><title>Improved Reduction Between SIS Problems Over Structured Lattices</title><source>IEEE Xplore Open Access Journals</source><creator>Koo, Zahyun ; Lee, Yongwoo ; Lee, Joon-Woo ; No, Jong-Seon ; Kim, Young-Sik</creator><creatorcontrib>Koo, Zahyun ; Lee, Yongwoo ; Lee, Joon-Woo ; No, Jong-Seon ; Kim, Young-Sik</creatorcontrib><description><![CDATA[Many lattice-based cryptographic schemes are constructed based on hard problems on an algebraic structured lattice, such as the short integer solution (SIS) problems. These problems are called ring-SIS (R-SIS) and its generalized version, module-SIS (M-SIS). Generally, it has been considered that problems defined on the module lattice are more difficult than the problems defined on the ideal lattice. However, Koo, No, and Kim showed that R-SIS is more difficult than M-SIS under some norm constraints of R-SIS. However, this reduction has problems in that the rank of the module is limited to about half of the instances of R-SIS, and the comparison is not performed through the same modulus of R-SIS and M-SIS. In this paper, we propose the three reductions. First, we show that R-SIS is more difficult than M-SIS with the same modulus and ring dimension under some constraints of R-SIS. Also, we show that through the reduction from M-SIS to R-SIS with the same modulus, the rank of the module is extended as much as the number of instances of R-SIS from half of the number of instances of R-SIS compared to the previous work. Second, we show that R-SIS is more difficult than M-SIS under some constraints, which is tighter than the M-SIS in the previous work. Finally, we propose that M-SIS with the modulus prime <inline-formula> <tex-math notation="LaTeX">q^{k} </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>, such that <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula> is divided by <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula>. Through the three reductions, we conclude that R-SIS with the modulus <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>.]]></description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3128139</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Cryptography ; Elliptic curve cryptography ; Lattice-based cryptography ; Lattices ; learning with error (LWE) ; module-short integer solution (M-SIS) problem ; Modules ; Reduction ; ring-short integer solution (R-SIS) problem ; short integer solution~(SIS) problem ; Standardization ; Structural rings ; Upper bound</subject><ispartof>IEEE access, 2021, Vol.9, p.157083-157092</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c358t-a524dd50eb1660daed3294cd9e3a1f24c6359764c8637fbc26256937ddb3fae53</cites><orcidid>0000-0001-9424-6498 ; 0000-0003-4232-5279 ; 0000-0002-4125-6331 ; 0000-0002-3946-0958 ; 0000-0003-4114-4935</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9615083$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4023,27632,27922,27923,27924,54932</link.rule.ids></links><search><creatorcontrib>Koo, Zahyun</creatorcontrib><creatorcontrib>Lee, Yongwoo</creatorcontrib><creatorcontrib>Lee, Joon-Woo</creatorcontrib><creatorcontrib>No, Jong-Seon</creatorcontrib><creatorcontrib>Kim, Young-Sik</creatorcontrib><title>Improved Reduction Between SIS Problems Over Structured Lattices</title><title>IEEE access</title><addtitle>Access</addtitle><description><![CDATA[Many lattice-based cryptographic schemes are constructed based on hard problems on an algebraic structured lattice, such as the short integer solution (SIS) problems. These problems are called ring-SIS (R-SIS) and its generalized version, module-SIS (M-SIS). Generally, it has been considered that problems defined on the module lattice are more difficult than the problems defined on the ideal lattice. However, Koo, No, and Kim showed that R-SIS is more difficult than M-SIS under some norm constraints of R-SIS. However, this reduction has problems in that the rank of the module is limited to about half of the instances of R-SIS, and the comparison is not performed through the same modulus of R-SIS and M-SIS. In this paper, we propose the three reductions. First, we show that R-SIS is more difficult than M-SIS with the same modulus and ring dimension under some constraints of R-SIS. Also, we show that through the reduction from M-SIS to R-SIS with the same modulus, the rank of the module is extended as much as the number of instances of R-SIS from half of the number of instances of R-SIS compared to the previous work. Second, we show that R-SIS is more difficult than M-SIS under some constraints, which is tighter than the M-SIS in the previous work. Finally, we propose that M-SIS with the modulus prime <inline-formula> <tex-math notation="LaTeX">q^{k} </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>, such that <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula> is divided by <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula>. Through the three reductions, we conclude that R-SIS with the modulus <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>.]]></description><subject>Cryptography</subject><subject>Elliptic curve cryptography</subject><subject>Lattice-based cryptography</subject><subject>Lattices</subject><subject>learning with error (LWE)</subject><subject>module-short integer solution (M-SIS) problem</subject><subject>Modules</subject><subject>Reduction</subject><subject>ring-short integer solution (R-SIS) problem</subject><subject>short integer solution~(SIS) problem</subject><subject>Standardization</subject><subject>Structural rings</subject><subject>Upper bound</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNUEtLw0AQDqJgqf0FvQQ8p-7OPpK9WUPVQEExel42uxNJaZu6SSv-e7emFOcyw_A9Zr4omlIyo5Sou3meL8pyBgTojFHIKFMX0QioVAkTTF7-m6-jSdetSKgsrEQ6iu6Lzc63B3TxG7q97Zt2Gz9g_424jcuijF99W61x08UvB_Rx2fuA2fsAX5q-byx2N9FVbdYdTk59HH08Lt7z52T58lTk82Vimcj6xAjgzgmCFZWSOIOOgeLWKWSG1sCtZEKlkttMsrSuLEgQUrHUuYrVBgUbR8Wg61qz0jvfbIz_0a1p9N-i9Z_a-HDRGrXiztRgwHEiuQNuMgPWWrBZDalwLmjdDlrh9a89dr1etXu_DedrkIQrEEIdHdmAsr7tOo_12ZUSfUxeD8nrY_L6lHxgTQdWg4hnhpJUkIyxXxl-fn8</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Koo, Zahyun</creator><creator>Lee, Yongwoo</creator><creator>Lee, Joon-Woo</creator><creator>No, Jong-Seon</creator><creator>Kim, Young-Sik</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-9424-6498</orcidid><orcidid>https://orcid.org/0000-0003-4232-5279</orcidid><orcidid>https://orcid.org/0000-0002-4125-6331</orcidid><orcidid>https://orcid.org/0000-0002-3946-0958</orcidid><orcidid>https://orcid.org/0000-0003-4114-4935</orcidid></search><sort><creationdate>2021</creationdate><title>Improved Reduction Between SIS Problems Over Structured Lattices</title><author>Koo, Zahyun ; Lee, Yongwoo ; Lee, Joon-Woo ; No, Jong-Seon ; Kim, Young-Sik</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c358t-a524dd50eb1660daed3294cd9e3a1f24c6359764c8637fbc26256937ddb3fae53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Cryptography</topic><topic>Elliptic curve cryptography</topic><topic>Lattice-based cryptography</topic><topic>Lattices</topic><topic>learning with error (LWE)</topic><topic>module-short integer solution (M-SIS) problem</topic><topic>Modules</topic><topic>Reduction</topic><topic>ring-short integer solution (R-SIS) problem</topic><topic>short integer solution~(SIS) problem</topic><topic>Standardization</topic><topic>Structural rings</topic><topic>Upper bound</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Koo, Zahyun</creatorcontrib><creatorcontrib>Lee, Yongwoo</creatorcontrib><creatorcontrib>Lee, Joon-Woo</creatorcontrib><creatorcontrib>No, Jong-Seon</creatorcontrib><creatorcontrib>Kim, Young-Sik</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Koo, Zahyun</au><au>Lee, Yongwoo</au><au>Lee, Joon-Woo</au><au>No, Jong-Seon</au><au>Kim, Young-Sik</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Improved Reduction Between SIS Problems Over Structured Lattices</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>157083</spage><epage>157092</epage><pages>157083-157092</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract><![CDATA[Many lattice-based cryptographic schemes are constructed based on hard problems on an algebraic structured lattice, such as the short integer solution (SIS) problems. These problems are called ring-SIS (R-SIS) and its generalized version, module-SIS (M-SIS). Generally, it has been considered that problems defined on the module lattice are more difficult than the problems defined on the ideal lattice. However, Koo, No, and Kim showed that R-SIS is more difficult than M-SIS under some norm constraints of R-SIS. However, this reduction has problems in that the rank of the module is limited to about half of the instances of R-SIS, and the comparison is not performed through the same modulus of R-SIS and M-SIS. In this paper, we propose the three reductions. First, we show that R-SIS is more difficult than M-SIS with the same modulus and ring dimension under some constraints of R-SIS. Also, we show that through the reduction from M-SIS to R-SIS with the same modulus, the rank of the module is extended as much as the number of instances of R-SIS from half of the number of instances of R-SIS compared to the previous work. Second, we show that R-SIS is more difficult than M-SIS under some constraints, which is tighter than the M-SIS in the previous work. Finally, we propose that M-SIS with the modulus prime <inline-formula> <tex-math notation="LaTeX">q^{k} </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>, such that <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula> is divided by <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula>. Through the three reductions, we conclude that R-SIS with the modulus <inline-formula> <tex-math notation="LaTeX">q </tex-math></inline-formula> is more difficult than M-SIS with the composite modulus <inline-formula> <tex-math notation="LaTeX">c </tex-math></inline-formula>.]]></abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3128139</doi><tpages>10</tpages><orcidid>https://orcid.org/0000-0001-9424-6498</orcidid><orcidid>https://orcid.org/0000-0003-4232-5279</orcidid><orcidid>https://orcid.org/0000-0002-4125-6331</orcidid><orcidid>https://orcid.org/0000-0002-3946-0958</orcidid><orcidid>https://orcid.org/0000-0003-4114-4935</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2021, Vol.9, p.157083-157092
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_9615083
source IEEE Xplore Open Access Journals
subjects Cryptography
Elliptic curve cryptography
Lattice-based cryptography
Lattices
learning with error (LWE)
module-short integer solution (M-SIS) problem
Modules
Reduction
ring-short integer solution (R-SIS) problem
short integer solution~(SIS) problem
Standardization
Structural rings
Upper bound
title Improved Reduction Between SIS Problems Over Structured Lattices
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T18%3A09%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Improved%20Reduction%20Between%20SIS%20Problems%20Over%20Structured%20Lattices&rft.jtitle=IEEE%20access&rft.au=Koo,%20Zahyun&rft.date=2021&rft.volume=9&rft.spage=157083&rft.epage=157092&rft.pages=157083-157092&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3128139&rft_dat=%3Cproquest_ieee_%3E2604925595%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c358t-a524dd50eb1660daed3294cd9e3a1f24c6359764c8637fbc26256937ddb3fae53%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2604925595&rft_id=info:pmid/&rft_ieee_id=9615083&rfr_iscdi=true