Lattice Problems

Date: Sun, 01 Oct 2023 12:00:00 GMT

Cryptography relies on certain problems that we assume to be hard for computers to solve. These are the problems that we base encryption schemes on. For example, the factoring problem (restated generically): given two large primes

p

and

q

, it is hard to find

p

q

given

N = pq

. Currently, we do not have efficient algorithms for classical computers to solve this problem, which makes it a great candidate for encryption and keeping our information safe from prying eyes.

That being said quantum computers are changing the game. They enable new algorithms to be developed that can solve the hidden subgroup problem (see Lomont, Chris. (2004). The Hidden Subgroup Problem - Review and Open Problems.). Although they are currently in their infancy, quantum computers can break classical cryptography as we know it.

There are certain assumptions that are believed to be post-quantum secure. A class of these problems are called lattice problems, which are believed to be hard for even quantum computers (there currently doesn't exist any efficient algorithms to solve these problems). The most well known of these problems is the Learning with Errors Problem [1]:

Given

m

independent samples

(a_i,b_i) \in \mathbb{Z_q^n} \times \mathbb{Z}_q

drawn from

A_{s,\chi}

for a uniformly random

s \in \mathbb{Z}^n_q

(fixed for all samples), find

s

.

This problem is related to other lattice problems (notably equivalent to SIS) and can be used to create cryptosystems like CRYSTALS Kyber and many others.

The big question is why are lattice problems post-quantum secure? Meaning why are they difficult for even quantum computers to solve.

Citations
[1] Chris Peikert, A Decade of Lattice Cryptography, 2016, doi: 10.1561/0400000074.