LWE "oracle"?
247 views
Skip to first unread message
D. J. Bernstein
Jul 26, 2015, 7:32:20 AM7/26/15
to cryptanalyti...@googlegroups.com
https://eprint.iacr.org/2015/736.pdf claims to "solve search version of
LWE" in "probabilistic polynomial time".
However, at first glance (see "Theorem 2" on page 7), it's breaking
merely an "LWE oracle" that returns a noisy dot product of the secret
with an input vector. This is trivial and well known (repeat an input
many times and average the results to eliminate the noise) and doesn't
break the version of LWE used in cryptography.
---Dan
LWE" in "probabilistic polynomial time".
However, at first glance (see "Theorem 2" on page 7), it's breaking
merely an "LWE oracle" that returns a noisy dot product of the secret
with an input vector. This is trivial and well known (repeat an input
many times and average the results to eliminate the noise) and doesn't
break the version of LWE used in cryptography.
---Dan
Reply all
Reply to author
Forward
0 new messages