Efficient Identity-Based Encryption from LWR

  • Jung Hee Cheon
  • Haejin Cho
  • Jaewook Jung
  • Joohee LeeEmail author
  • Keewoo Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11975)


The Learning with Rounding (LWR) problem is a deterministic variant of the classical Learning with Errors (LWE) problem, for which sampling an instance does not involve discrete Gaussian sampling. We propose the first probabilistic Identity-Based Encryption (IBE) from the LWR problem which is secure in the standard model. The encryption of our IBE scheme does not require discrete Gaussian sampling as it is based on the LWR problem, and hence it is simpler and faster than that of LWE-based IBEs such as ABB scheme. We also present an efficient instantiation employing algebraic ring structure and MP12 trapdoor sampling algorithms with an implementation result. With our proposed parameter sets, the ciphertext sizes can be reduced in a large extent compared to the ABB scheme with the same security level.


Lattice Identity-Based Encryption Learning with Rounding 


  1. [ABB10]
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). Scholar
  2. [ADPS16]
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange—a new hope. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 327–343. USENIX Association, Austin, August 2016Google Scholar
  3. [AFL16]
    Apon, D., Fan, X., Liu, F.: Compact identity based encryption from LWE. Cryptology ePrint Archive 2016 (2016)Google Scholar
  4. [AGVW17]
    Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). Scholar
  5. [Ajt96]
    Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM (1996)Google Scholar
  6. [Ajt99]
    Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999). Scholar
  7. [AKPW13]
    Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57–74. Springer, Heidelberg (2013). Scholar
  8. [Alb17]
    Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. IACR Cryptology ePrint Archive 2017:047 (2017)Google Scholar
  9. [AP11]
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535–553 (2011)MathSciNetCrossRefGoogle Scholar
  10. [APS15]
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)MathSciNetCrossRefGoogle Scholar
  11. [BBF+19]
    Baan, H., et al.: Round5: KEM and PKE based on (ring) learning with rounding (2019).
  12. [BF01]
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  13. [BFRLS18]
    Bert, P., Fouque, P.-A., Roux-Langlois, A., Sabt, M.: Practical implementation of ring-SIS/LWE based signature and IBE. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 271–291. Springer, Cham (2018). Scholar
  14. [BG14]
    Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322–337. Springer, Cham (2014). Scholar
  15. [BGM+16]
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209–224. Springer, Heidelberg (2016). Scholar
  16. [BPR12]
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). Scholar
  17. [CHK+16]
    Cheon, J.H., Han, K., Kim, J., Lee, C., Son, Y.: A practical post-quantum public-key cryptosystem based on \(\sf {spLWE}\). In: Hong, S., Park, J.H. (eds.) ICISC 2016. LNCS, vol. 10157, pp. 51–74. Springer, Cham (2017). https://eprint.iacr.orgCrossRefGoogle Scholar
  18. [CKKS17]
    Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). Scholar
  19. [CKLS18]
    Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! a practical post-quantum public-key encryption from LWE and LWR. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 160–177. Springer, Cham (2018). Scholar
  20. [CN11]
    Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). Scholar
  21. [CS17]
    Costache, A., Smart, N.P.: Homomorphic encryption without gaussian noise. IACR Cryptology ePrint Archive 2017:163 (2017)Google Scholar
  22. [EBB13]
    El Bansarkhani, R., Buchmann, J.: Improvement and efficient implementation of a lattice-based signature scheme. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 48–67. Springer, Heidelberg (2014). Scholar
  23. [FLL+16]
    Fang, F., Li, B., Lu, X., Liu, Y., Jia, D., Xue, H.: (Deterministic) hierarchical identity-based encryption from learning with rounding over small modulus. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 907–912. ACM (2016)Google Scholar
  24. [GM18]
    Genise, N., Micciancio, D.: Faster gaussian sampling for trapdoor lattices with arbitrary modulus. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 174–203. Springer, Cham (2018). Scholar
  25. [GPR+18]
    Gür, K.D., Polyakov, Y., Rohloff, K., Ryan, G.W., Savas, E.: Implementation and evaluation of improved gaussian sampling for lattice trapdoors. In: Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 61–71. ACM (2018)Google Scholar
  26. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, pp. 197–206. ACM (2008)Google Scholar
  27. [Kan87]
    Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)MathSciNetCrossRefGoogle Scholar
  28. [LKL+18]
    Lee, J., Kim, D., Lee, H., Lee, Y., Cheon, J.H.: Rlizard: post-quantum key encapsulation mechanism for IoT devices. IEEE Access 7, 2080–2091 (2018)CrossRefGoogle Scholar
  29. [LPR10]
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). Scholar
  30. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237. Springer, Berlin (2012). Scholar
  31. [PRR]
    Polyakov, Y., Rohloff, K., Ryan, G.: Palisade lattice cryptography library. Accessed 2019 Sept 04
  32. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, STOC 2005, pp. 84–93. ACM, New York (2005)Google Scholar
  33. [Reg09]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)MathSciNetCrossRefGoogle Scholar
  34. [Sch03]
    Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003). Scholar
  35. [SE94]
    Schnorr, C.-P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1–3), 181–199 (1994)MathSciNetCrossRefGoogle Scholar
  36. [Sha85]
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Jung Hee Cheon
    • 1
  • Haejin Cho
    • 2
  • Jaewook Jung
    • 2
  • Joohee Lee
    • 1
    Email author
  • Keewoo Lee
    • 1
  1. 1.Seoul National UniversitySeoulRepublic of Korea
  2. 2.LG Electronics Seocho R&D CampusSeoulRepublic of Korea

Personalised recommendations