Error Correction and Ciphertext Quantization in Lattice Cryptography.

Recent work in the design of rate 1 - o ( 1 ) lattice-based cryptosystems have used two distinct design paradigms, namely replacing the noise-tolerant encoding m ↦ ( q / 2 ) m present in many lattice-based cryptosystems with a more efficient encoding, and post-processing traditional lattice-based ciphertexts with a lossy compression algorithm, using a technique very similar to the technique of “vector quantization” within coding theory. We introduce a framework for the design of lattice-based encryption that captures both of these paradigms, and prove information-theoretic rate bounds within this framework. These bounds separate the settings of trivial and non-trivial quantization, and show the impossibility of rate 1 - o ( 1 ) encryption using both trivial quantization and polynomial modulus. They furthermore put strong limits on the rate of constructions that utilize lattices built by tensoring a lattice of small dimension with Z k , which is ubiquitous in the literature. We additionally introduce a new cryptosystem, that matches the rate of the highest-rate currently known scheme, while encoding messages with a “gadget”, which may be useful for constructions of Fully Homomorphic Encryption.