Advertisement

EMBLEM: (R)LWE-based key encapsulation with a new multi-bit encoding method

  • Minhye Seo
  • Suhri Kim
  • Dong Hoon Lee
  • Jong Hwan ParkEmail author
Regular Contribution
  • 26 Downloads

Abstract

Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.

Keywords

Lattice-based cryptography Chosen-ciphertext security Key encapsulation mechanism Small secret LWE 

Notes

Acknowledgements

This work was supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD).

Funding

This study was funded by Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD) (UD170109ED).

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

References

  1. 1.
    Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM (1996)Google Scholar
  2. 2.
    Albrecht, M.R.: On dual lattice attacks against small-secret lwe and parameter choices in helib and seal. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 103–129. Springer (2017)Google Scholar
  3. 3.
    Albrecht, M.R., Curtis, B.R., Deo, A., Davidson, A., Player, R., Postlethwaite, E.W., Virdia, F., Wunderer, T.: Estimate all the LWE, NTRU schemes!. Secur. Cryptogr. Netw. SCN 2018, 351–367 (2018)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Albrecht, M.R., Orsini, E., Paterson, K.G., Peer, G., Smart, N.P.: Tightly secure ring-lwe based key encapsulation with short ciphertexts. In: Computer Security-ESORICS 2017, Part I, pp. 29–46. Springer (2017)Google Scholar
  5. 5.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Alkim, E., Avanzi, R., Bos, J., Ducas, L., Piedra, A., Pöppelmann, T., Schwabe, P., Stebila, D.: Newhope–algorithm specifications and supporting documentation (2017). URL https://newhopecrypto.org/data/NewHope_2017_12_21.pdf. Accessed 01 Nov 2018
  7. 7.
    Alkim, E., Bos, J., Ducas, L., Longa, P., Mironov, I., Naehrig, M., Nikolaenko, V., Peikert, C., Raghunathan, A., Stebila, D., Easterbrook, K., LaMacchia, B.: Frodokem–learning with errors key encapsulation (2017). URL https://frodokem.org/files/FrodoKEM-specification-20171130.pdf. Accessed 01 Nov 2018
  8. 8.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange-a new hope. In: USENIX Security Symposium, pp. 327–343 (2016)Google Scholar
  9. 9.
    Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Advances in Cryptology–CRYPTO 2013, pp. 57–74. Springer (2013)Google Scholar
  10. 10.
    Baan, H., Bhattacharya, S., Fluhrer, S., Garcia-Morchon, O., Laarhoven, T., Rietman, R., Saarinen, M.J.O., Tolhuizen, L., Zhang, Z.: Round5: Compact and fast post-quantum public-key encryption. Cryptology ePrint Archive, Report 2019/090 (2019). https://eprint.iacr.org/2019/090. Accessed 01 Apr 2019
  11. 11.
    Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary lwe. In: Australasian Conference on Information Security and Privacy, pp. 322–337. Springer (2014)Google Scholar
  12. 12.
    Banaszczyk, W.: Inequalities for convex bodies and polar reciprocal lattices in r n. Discrete Comput. Geom. 13(1), 217–231 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. Adv. Cryptol. EUROCRYPT 2012, 719–737 (2012)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Bhattacharya, S., Garcia-Morchon, O., Laarhoven, T., Rietman, R., Saarinen, M.J.O., Tolhuizen, L., Zhang, Z.: Round5: Compact and fast post-quantum public-key encryption. Submitted for publication, August (2018)Google Scholar
  15. 15.
    Bodrato, M.: Towards optimal toom-cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0. In: International Workshop on the Arithmetic of Finite Fields, pp. 116–133. Springer (2007)Google Scholar
  16. 16.
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Theory of Cryptography Conference, pp. 209–224. Springer (2016)Google Scholar
  17. 17.
    Bos, J., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: Take off the ring! practical, quantum-secure key exchange from lwe. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018. ACM (2016)Google Scholar
  18. 18.
    Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., Stehlé, D.: Crystals-kyber: a cca-secure module-lattice-based kem. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE (2018)Google Scholar
  19. 19.
    Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the tls protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 553–570. IEEE (2015)Google Scholar
  20. 20.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6(3), 13 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Proceedings of the forty-fifth annual ACM symposium on Theory of computing, pp. 575–584. ACM (2013)Google Scholar
  22. 22.
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-lwe and security for key dependent messages. In: Annual cryptology conference, pp. 505–524. Springer (2011)Google Scholar
  23. 23.
    Bruinderink, L.G., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload–a cache attack on the bliss lattice-based signature scheme. In: International Conference on Cryptographic Hardware and Embedded Systems, pp. 323–345. Springer (2016)Google Scholar
  24. 24.
    Castryck, W., Iliashenko, I., Vercauteren, F.: Provably weak instances of ring-lwe revisited. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 147–167. Springer (2016)Google Scholar
  25. 25.
    Chen, L., Chen, L., Jordan, S., Liu, Y.K., Moody, D., Peralta, R., Perlner, R., Smith-Tone, D.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)Google Scholar
  26. 26.
    Cheon, J.H., Han, K., Kim, J., Lee, C., Son, Y.: A practical post-quantum public-key cryptosystem based on spLWE. In: International Conference on Information Security and Cryptology, pp. 51–74. Springer (2016)Google Scholar
  27. 27.
    Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: Cut off the tail! a practical post-quantum public-key encryption from lwe and lwr. In: International Conference on Security and Cryptography for Networks, pp. 160–177. Springer (2018)Google Scholar
  28. 28.
    D’Anvers, J.P., Karmakar, A., Roy, S.S., Vercauteren, F.: Saber: Module-lwr based key exchange, cpa-secure encryption and cca-secure kem. In: International Conference on Cryptology in Africa, pp. 282–305. Springer (2018)Google Scholar
  29. 29.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptol. EPrint Arch. 2012, 688 (2012)Google Scholar
  31. 31.
    Elias, Y., Lauter, K.E., Ozman, E., Stange, K.E.: Provably weak instances of ring-lwe. In: Annual Cryptology Conference, pp. 63–92. Springer (2015)Google Scholar
  32. 32.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the aes circuit. In: Advances in cryptology–crypto 2012, pp. 850–867. Springer (2012)Google Scholar
  33. 33.
    Goldwasser, S., Kalai, Y.T., Peikert, C., Vaikuntanathan, V.: Robustness of the learning with errors assumption (2010)Google Scholar
  34. 34.
    Halevi, S., Shoup, V.: Algorithms in helib. In: International Cryptology Conference, pp. 554–571. Springer (2014)Google Scholar
  35. 35.
    Hamburg, M.: Module-lwe key exchange and encryption: The three bears (2017)Google Scholar
  36. 36.
    Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the fujisaki-okamoto transformation. In: Theory of Cryptography Conference, pp. 341–371. Springer (2017)Google Scholar
  37. 37.
    Impagliazzo, R., Zuckerman, D.: How to recycle random bits. In: 30th Annual Symposium on Foundations of Computer Science, pp. 248–253. IEEE (1989)Google Scholar
  38. 38.
    Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: Ind-cca-secure key encapsulation mechanism in the quantum random oracle model, revisited. In: Annual International Cryptology Conference, pp. 96–125. Springer (2018)Google Scholar
  39. 39.
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for lwe-based encryption. In: CT-RSA, vol. 6558, pp. 319–339. Springer (2011)Google Scholar
  41. 41.
    Lyubashevsky, V.: Digital signatures based on the hardness of ideal lattice problems in all rings. In: Advances in Cryptology–ASIACRYPT 2016: 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, Dec 4–8, 2016, Proceedings, Part II 22, pp. 196–214. Springer (2016)Google Scholar
  42. 42.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 1–23. Springer (2010)Google Scholar
  43. 43.
    Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-lwe cryptography. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 35–54. Springer (2013)Google Scholar
  44. 44.
    Micciancio, D., Peikert, C.: Hardness of sis and lwe with small parameters. In: Advances in Cryptology–CRYPTO 2013, pp. 21–39. Springer (2013)Google Scholar
  45. 45.
    Peikert, C.: Lattice cryptography for the internet. In: International Workshop on Post-Quantum Cryptography, pp. 197–219. Springer (2014)Google Scholar
  46. 46.
    Peikert, C.: How (not) to instantiate ring-lwe. In: International Conference on Security and Cryptography for Networks, pp. 411–430. Springer (2016)Google Scholar
  47. 47.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Crypto, vol. 5157, pp. 554–571. Springer (2008)Google Scholar
  48. 48.
    Phong, L.T., Hayashi, T., Aono, Y., Moriai, S.: Lotus: Algorithm specifications and supporting documentation (2017). URL https://www2.nict.go.jp/security/lotus/LOTUS_specifications.pdf. Accessed 01 Nov 2018
  49. 49.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: In STOC (2005)Google Scholar
  50. 50.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  51. 51.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  52. 52.
    Saarinen, M.J.O.: Hila5: On reliability, reconciliation, and error correction for ring-lwe encryption. In: International Conference on Selected Areas in Cryptography, pp. 192–212. Springer (2017)Google Scholar
  53. 53.
    Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 520–551. Springer (2018)Google Scholar
  54. 54.
    Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 1994 Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994)Google Scholar
  55. 55.
    Steinfeld, R., Sakzad, A., Zhao, R.K.: Titanium: Proposal for a nist post-quantum public-key encryption and kem standard (2017)Google Scholar
  56. 56.
    Targhi, E.E., Unruh, D.: Post-quantum security of the fujisaki-okamoto and oaep transforms. In: Theory of Cryptography Conference, pp. 192–216. Springer (2016)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  • Minhye Seo
    • 1
  • Suhri Kim
    • 1
  • Dong Hoon Lee
    • 1
  • Jong Hwan Park
    • 2
    Email author
  1. 1.Graduate School of Information SecurityKorea UniversitySeoulKorea
  2. 2.Department of Computer ScienceSangmyung UniversitySeoulKorea

Personalised recommendations