Evasive LWE Assumptions: Definitions, Classes, and Counterexamples

Chris Brzuska; Akin Ünal; Ivy K.Y. Woo

doi:10.1007/978-981-96-0894-2_14

Evasive LWE Assumptions: Definitions, Classes, and Counterexamples

Chris Brzuska^*, Akin Ünal, Ivy K.Y. Woo

^*Tämän työn vastaava kirjoittaja

Institute of Science and Technology Austria

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

1 Sitaatiot (Scopus)

Abstrakti

The evasive LWE assumption, proposed by Wee [Eurocrypt’22 Wee] for constructing a lattice-based optimal broadcast encryption, has shown to be a powerful assumption, adopted by subsequent works to construct advanced primitives ranging from ABE variants to obfuscation for null circuits. However, a closer look reveals significant differences among the precise assumption statements involved in different works, leading to the fundamental question of how these assumptions compare to each other. In this work, we initiate a more systematic study on evasive LWE assumptions: Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold.Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples.We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption. Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold. Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples. We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption.

Alkuperäiskieli	Englanti
Otsikko	Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
Toimittajat	Kai-Min Chung, Yu Sasaki
Kustantaja	Springer
Sivut	418-449
Sivumäärä	32
Vuosikerta	4
ISBN (elektroninen)	978-981-96-0894-2
ISBN (painettu)	978-981-96-0893-5
DOI - pysyväislinkit	https://doi.org/10.1007/978-981-96-0894-2_14
Tila	Julkaistu - 2025
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	International Conference on the Theory and Application of Cryptology and Information Security - Kolkata, Intia Kesto: 9 jouluk. 2024 → 13 jouluk. 2024 Konferenssinumero: 30

Julkaisusarja

Nimi	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Kustantaja	Springer
Vuosikerta	15487 LNCS
ISSN (painettu)	0302-9743
ISSN (elektroninen)	1611-3349

Conference

Conference	International Conference on the Theory and Application of Cryptology and Information Security
Lyhennettä	ASIACRYPT
Maa/Alue	Intia
Kaupunki	Kolkata
Ajanjakso	09/12/2024 → 13/12/2024

Pääsy asiakirjaan

10.1007/978-981-96-0894-2_14

https://eprint.iacr.org/2024/2000Lisenssi: CC BY

Muut tiedostot ja linkit

Linkki julkaisuun Scopuksessa

Brzuska ICT: Limits of Lattice-based Cryptography: A New Era of Hinted and Structured Assumptions
Brzuska, C. (Vastuullinen tutkija)
01/01/2024 → 31/12/2026
Projekti: RCF Academy Project targeted call

Siteeraa tätä

Brzuska, C., Ünal, A., & Woo, I. K. Y. (2025). Evasive LWE Assumptions: Definitions, Classes, and Counterexamples. teoksessa K.-M. Chung, & Y. Sasaki (Toimittajat), Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings (Vuosikerta 4, Sivut 418-449). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vuosikerta 15487 LNCS). Springer. https://doi.org/10.1007/978-981-96-0894-2_14

Brzuska, Chris ; Ünal, Akin ; Woo, Ivy K.Y. / Evasive LWE Assumptions: Definitions, Classes, and Counterexamples. Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Toimittaja / Kai-Min Chung ; Yu Sasaki. Vuosikerta 4 Springer, 2025. Sivut 418-449 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{29dd0a13aaeb439cb0348c0467ea4f4a,

title = "Evasive LWE Assumptions: Definitions, Classes, and Counterexamples",

abstract = "The evasive LWE assumption, proposed by Wee [Eurocrypt{\textquoteright}22 Wee] for constructing a lattice-based optimal broadcast encryption, has shown to be a powerful assumption, adopted by subsequent works to construct advanced primitives ranging from ABE variants to obfuscation for null circuits. However, a closer look reveals significant differences among the precise assumption statements involved in different works, leading to the fundamental question of how these assumptions compare to each other. In this work, we initiate a more systematic study on evasive LWE assumptions: Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto{\textquoteright}22 Tsabary, Asiacrypt{\textquoteright}22 VWW, Crypto{\textquoteright}23 ARYY] respectively, showing that these assumptions are unlikely to hold.Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples.We show that under our assumption formulations, the security proofs of [Asiacrypt{\textquoteright}22 VWW] and [Crypto{\textquoteright}23 ARYY] can be recovered, and we reason why the security proof of [Crypto{\textquoteright}22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption. Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto{\textquoteright}22 Tsabary, Asiacrypt{\textquoteright}22 VWW, Crypto{\textquoteright}23 ARYY] respectively, showing that these assumptions are unlikely to hold. Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples. We show that under our assumption formulations, the security proofs of [Asiacrypt{\textquoteright}22 VWW] and [Crypto{\textquoteright}23 ARYY] can be recovered, and we reason why the security proof of [Crypto{\textquoteright}22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption.",

author = "Chris Brzuska and Akin {\"U}nal and Woo, {Ivy K.Y.}",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT ; Conference date: 09-12-2024 Through 13-12-2024",

year = "2025",

doi = "10.1007/978-981-96-0894-2_14",

language = "English",

isbn = "978-981-96-0893-5",

volume = "4",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "418--449",

editor = "Kai-Min Chung and Yu Sasaki",

booktitle = "Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings",

address = "Germany",

}

Brzuska, C, Ünal, A & Woo, IKY 2025, Evasive LWE Assumptions: Definitions, Classes, and Counterexamples. julkaisussa K-M Chung & Y Sasaki (toim), Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Vuosikerta 4, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vuosikerta 15487 LNCS, Springer, Sivut 418-449, International Conference on the Theory and Application of Cryptology and Information Security, Kolkata, Intia, 09/12/2024. https://doi.org/10.1007/978-981-96-0894-2_14

Evasive LWE Assumptions: Definitions, Classes, and Counterexamples. / Brzuska, Chris; Ünal, Akin; Woo, Ivy K.Y.
Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. toim. / Kai-Min Chung; Yu Sasaki. Vuosikerta 4 Springer, 2025. s. 418-449 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vuosikerta 15487 LNCS).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - Evasive LWE Assumptions: Definitions, Classes, and Counterexamples

AU - Brzuska, Chris

AU - Ünal, Akin

AU - Woo, Ivy K.Y.

N1 - Conference code: 30

PY - 2025

Y1 - 2025

N2 - The evasive LWE assumption, proposed by Wee [Eurocrypt’22 Wee] for constructing a lattice-based optimal broadcast encryption, has shown to be a powerful assumption, adopted by subsequent works to construct advanced primitives ranging from ABE variants to obfuscation for null circuits. However, a closer look reveals significant differences among the precise assumption statements involved in different works, leading to the fundamental question of how these assumptions compare to each other. In this work, we initiate a more systematic study on evasive LWE assumptions: Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold.Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples.We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption. Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold. Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples. We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption.

AB - The evasive LWE assumption, proposed by Wee [Eurocrypt’22 Wee] for constructing a lattice-based optimal broadcast encryption, has shown to be a powerful assumption, adopted by subsequent works to construct advanced primitives ranging from ABE variants to obfuscation for null circuits. However, a closer look reveals significant differences among the precise assumption statements involved in different works, leading to the fundamental question of how these assumptions compare to each other. In this work, we initiate a more systematic study on evasive LWE assumptions: Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold.Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples.We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption. Based on the standard LWE assumption, we construct simple counterexamples against three private-coin evasive LWE variants, used in [Crypto’22 Tsabary, Asiacrypt’22 VWW, Crypto’23 ARYY] respectively, showing that these assumptions are unlikely to hold. Based on existing evasive LWE variants and our counterexamples, we propose and define three classes of plausible evasive LWE assumptions, suitably capturing all existing variants for which we are not aware of non-obfuscation-based counterexamples. We show that under our assumption formulations, the security proofs of [Asiacrypt’22 VWW] and [Crypto’23 ARYY] can be recovered, and we reason why the security proof of [Crypto’22 Tsabary] is also plausibly repairable using an appropriate evasive LWE assumption.

UR - http://www.scopus.com/inward/record.url?scp=85213299854&partnerID=8YFLogxK

U2 - 10.1007/978-981-96-0894-2_14

DO - 10.1007/978-981-96-0894-2_14

M3 - Conference article in proceedings

AN - SCOPUS:85213299854

SN - 978-981-96-0893-5

VL - 4

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 418

EP - 449

BT - Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings

A2 - Chung, Kai-Min

A2 - Sasaki, Yu

PB - Springer

T2 - International Conference on the Theory and Application of Cryptology and Information Security

Y2 - 9 December 2024 through 13 December 2024

ER -

Brzuska C, Ünal A, Woo IKY. Evasive LWE Assumptions: Definitions, Classes, and Counterexamples. julkaisussa Chung KM, Sasaki Y, toimittajat, Advances in Cryptology – ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings. Vuosikerta 4. Springer. 2025. s. 418-449. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Epub 2024 joulu 13. doi: 10.1007/978-981-96-0894-2_14