Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices


We describe a public-key encryption scheme based on lattices — specifically, based on the hardness of the learning with error (LWE) problem — that is secure against chosen-ciphertext attacks while admitting (a variant of) smooth projective hashing. This encryption scheme suffices to construct a protocol for password-based authenticated key exchange (PAKE) that can be proven secure based on the LWE assumption in the standard model. We thus obtain the first PAKE protocol whose security relies on a lattice-based assumption.