A Note on Discrete Gaussian Combinations of Lattice Vectors
This work addresses a problem in lattice-based cryptography, providing incremental improvements to theoretical foundations.
The paper analyzes the distribution of sums of lattice vectors weighted by discrete Gaussian coefficients, showing that under certain constraints, the sum is statistically close to a discrete Gaussian over the lattice, simplifying and improving upon a prior result.
We analyze the distribution of $\sum_{i=1}^m v_i \bx_i$ where $\bx_1,...,\bx_m$ are fixed vectors from some lattice $\cL \subset \R^n$ (say $\Z^n$) and $v_1,...,v_m$ are chosen independently from a discrete Gaussian distribution over $\Z$. We show that under a natural constraint on $\bx_1,...,\bx_m$, if the $v_i$ are chosen from a wide enough Gaussian, the sum is statistically close to a discrete Gaussian over $\cL$. We also analyze the case of $\bx_1,...,\bx_m$ that are themselves chosen from a discrete Gaussian distribution (and fixed). Our results simplify and qualitatively improve upon a recent result by Agrawal, Gentry, Halevi, and Sahai \cite{AGHS13}.