LWE/FHE rearrangement of contents

0xPARC · Jul 9, 2024 · 232608b · 232608b
1 parent 43b3eb8
commit 232608b
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/easy/src/fhe2.typ b/easy/src/fhe2.typ
@@ -2,22 +2,17 @@
 
 = Public-Key Cryptography from LWE
 <lwe-crypto>
-The LWE problem (@lwe), like the discrete log assumption, is one of those "hard problems that you can build cryptography
-on." The problem is to solve for constants
-$ a_1, dots, a_n in ZZ \/ q ZZ, $ given a bunch of
-*approximate* equations of the form
-$ y = a_1 x_1 + dots.h + a_n x_n + epsilon.alt , $ where each
-$epsilon.alt$ is a "small" error (for simplicity, say in $\{0, 1\}$).
-
-In @lwe
+
+In @lwe-small
 we saw how even a small case of this problem ($q = 11$, $n = 4$) can be
 annoyingly tricky. In the real world, you should imagine that $n$ and
 $q$ are much bigger – maybe $n$ is in the range
 $100 lt.eq n lt.eq 1000$, and $q$ could be anywhere from $n^2$ to
 $2^(sqrt(n))$, say.
 
-Now let’s see how to turn this into a public-key cryptosystem. We’ll use
-the same numbers from the "blue set" in @lwe. In fact, that "blue
+As an example of how LWE can be used,
+let’s see how to turn LWE into a public-key cryptosystem. We’ll use
+the same numbers from the "blue set" in @lwe-small. In fact, that "blue
 set" will be exactly the public key.
 
 #figure(

diff --git a/easy/src/fhe3.typ b/easy/src/fhe3.typ
@@ -36,8 +36,9 @@ then decryption is easy: Just compute the $i$-th entry of
 $C upright(bold(v))$, and determine whether it is closer to $0$ or to
 $v_i$.
 
+#remark[
 With a bit of effort, it’s possible to make this into a public-key
-cryptosystem. Just like in @lwe-crypto,
+cryptosystem too. Just like in @lwe-crypto,
 the main idea is to release a
 table of vectors
 $upright(bold(x))$ such that
@@ -50,6 +51,7 @@ matrix. This gives a $C$ such that
 $ C upright(bold(v)) approx mu upright(bold(v)). $
 
 #problem[How do we build such a $C_0$? (One possible direction is to build it row-by-row.)]
+]
 
 == Operations on encrypted data
 

diff --git a/easy/src/lwe.typ b/easy/src/lwe.typ
@@ -16,6 +16,9 @@ they permit a small "error" --
 and instead of solving for rational or real numbers,
 you're solving for integers modulo $q$.
 
+== A small example of an LWE problem
+<lwe-small>
+
 Here’s a concrete example of an LWE problem and how one might attack it
 "by hand." This exercise will make the inherent difficulty of the
 problem quite intuitive.
@@ -117,3 +120,12 @@ With these heuristics, we can start by looking at the Red Set, and make vectors
 
 We omit the rest of the solution, which makes for some fun tinkering.
 ]
+
+== General problem
+
+The LWE problem (@lwe), like the discrete log assumption, is one of those "hard problems that you can build cryptography
+on." The problem is to solve for constants
+$ a_1, dots, a_n in ZZ \/ q ZZ, $ given a bunch of
+*approximate* equations of the form
+$ y = a_1 x_1 + dots.h + a_n x_n + epsilon.alt , $ where each
+$epsilon.alt$ is a "small" error (for simplicity, say in $\{0, 1\}$).