Analysis of Error-Correcting Codes for Lattice-Based Key Exchange

  • Tim FritzmannEmail author
  • Thomas Pöppelmann
  • Johanna Sepulveda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)


Lattice problems allow the construction of very efficient key exchange and public-key encryption schemes. When using the Learning with Errors (LWE) or Ring-LWE (RLWE) problem such schemes exhibit an interesting trade-off between decryption error rate and security. The reason is that secret and error distributions with a larger standard deviation lead to better security but also increase the chance of decryption failures. As a consequence, various message/key encoding or reconciliation techniques have been proposed that usually encode one payload bit into several coefficients. In this work, we analyze how error-correcting codes can be used to enhance the error resilience of protocols like NewHope, Frodo, or Kyber. For our case study, we focus on the recently introduced NewHope Simple and propose and analyze four different options for error correction: (i) BCH code; (ii) combination of BCH code and additive threshold encoding; (iii) LDPC code; and (iv) combination of BCH and LDPC code. We show that lattice-based cryptography can profit from classical and modern codes by combining BCH and LDPC codes. This way we achieve quasi-error-free communication and an increase of the estimated post-quantum bit-security level by 20.39% and a decrease of the communication overhead by 12.8%.


Post-quantum key exchange NewHope Simple Error-correcting codes 



We thank the anonymous reviewers for their valuable comments and suggestions. This work was partly funded by the Fraunhofer High Performance Center for Secure Connected Systems of Munich.

Supplementary material


  1. 1.
    Alkim, E., et al.: NewHope: Algorithm Specifications and Supporting Documentation (2017).
  2. 2.
    Alkim, E., et al.: FrodoKEM - Learning with Errors Key Encapsulation: Algorithm Specifications and Supporting Documentation (2017).
  3. 3.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. IACR Cryptology ePrint Archive 2016, 1157 (2016)Google Scholar
  4. 4.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, 10–12 August 2016, Austin, TX, USA, pp. 327–343 (2016)Google Scholar
  5. 5.
    Avanzi, R., et al.: CRYSTALS-Kyber: Algorithm Specifications and Supporting Documentation (2017).
  6. 6.
    Bai, S., Galbraith, S.D.: An improved compression technique for signatures based on learning with errors. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 28–47. Springer, Cham (2014). Scholar
  7. 7.
    Barreto, P.S., Longa, P., Naehrig, M., Ricardini, J.E., Zanon, G.: Sharper Ring-LWE signatures. IACR Cryptology ePrint Archive 2016, 1026 (2016)Google Scholar
  8. 8.
    Berlekamp, E.R.: Nonbinary BCH decoding. In: International Symposium on Information Theory, San Remo, Italy (1966)Google Scholar
  9. 9.
    Bos, J.W., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 24–28 October 2016, Vienna, Austria, pp. 1006–1018 (2016).
  10. 10.
    Bos, J.W., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. IACR Cryptology ePrint Archive 2017, 634 (2017)Google Scholar
  11. 11.
    Cheon, J.H., Kim, D., Lee, J., Song, Y.S.: Lizard: Cut off the tail! // practical post-quantum public-key encryption from LWE and LWR. IACR Cryptology ePrint Archive 2016, 1126 (2016)Google Scholar
  12. 12.
    Chien, R.T.: Cyclic decoding procedures for Bose-Chaudhuri-Hocquenghem codes. IEEE Trans. Inf. Theory 10(4), 357–363 (1964). Scholar
  13. 13.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. Cryptology ePrint Archive, Report 2013/383 (2013)Google Scholar
  14. 14.
    Fan, J.: Constrained Coding and Soft Iterative Decoding. The Springer International Series in Engineering and Computer Science. Springer, Heidelberg (2012)Google Scholar
  15. 15.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). Scholar
  16. 16.
    Gallager, R.G.: Low-density parity-check codes. IRE Trans. Inf. Theory 8(1), 21–28 (1962). Scholar
  17. 17.
    Gitlin, R., Hayes, J., Weinstein, S.: Data Communications Principles. Applications of Communications Theory. Springer, Heidelberg (2012)Google Scholar
  18. 18.
    Hamburg, M.: Supporting documentation: ThreeBears (2017).
  19. 19.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). Scholar
  20. 20.
    Hu, X., Eleftheriou, E., Arnold, D., Dholakia, A.: Efficient implementations of the sum-product algorithm for decoding LDPC codes. In: Proceedings of the Global Telecommunications Conference, GLOBECOM 2001, 25–29 November 2001, San Antonio, TX, USA, p. 1036 (2001).
  21. 21.
    Lin, S., Costello, D.J.: Error Control Coding, 2nd edn. Prentice-Hall Inc., Upper Saddle River (2004)zbMATHGoogle Scholar
  22. 22.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). Scholar
  23. 23.
    Lu, X., Liu, Y., Jia, D., Xue, H., He, J., Zhang, Z.: Supporting documentation: LAC (2017).
  24. 24.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). Scholar
  25. 25.
    National Institute of Standards and Technology: Announcing request for nominations for public-key post-quantum cryptographic algorithms (2016).
  26. 26.
    Qian, C., Lei, W., Wang, Z.: Low complexity LDPC decoder with modified Sum-Product algorithm. Tsinghua Sci. Technol. 18(1), 57–61 (2013). Scholar
  27. 27.
    Richardson, T.: Error floors of LDPC codes. In: Proceedings of the Annual Allerton Conference on Communication Control and Computing, pp. 1426–1435. The University; 1998 (2003)Google Scholar
  28. 28.
    Saarinen, M.O.: HILA5: On reliability, reconciliation, and error correction for Ring-LWE encryption. IACR Cryptology ePrint Archive 2017, 424 (2017)Google Scholar
  29. 29.
    Saarinen, M.J.O.: Supporting documentation: HILA5 (2017).
  30. 30.
    Safak, M.: Digital Communications. Wiley, Hoboken (2017)Google Scholar
  31. 31.
    Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016). Scholar
  32. 32.
    Zhao, Y., Jin, Z., Gong, B., Sui, G.: Supporting documentation: KCL (2017).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Technische Universität MünchenMunichGermany
  2. 2.Infineon Technologies AGMunichGermany

Personalised recommendations