EMBLEM: (R)LWE-based key encapsulation with a new multi-bit encoding method

Minhye Seo, Suhri Kim, Dong Hoon Lee, Jong Hwan Park

Research output: Contribution to journalArticle

Abstract

Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.

Original languageEnglish
JournalInternational Journal of Information Security
DOIs
Publication statusPublished - 2019 Jan 1

Fingerprint

Encapsulation
Cryptography
Gaussian distribution
Decoding
Concretes

Keywords

  • Chosen-ciphertext security
  • Key encapsulation mechanism
  • Lattice-based cryptography
  • Small secret LWE

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

EMBLEM : (R)LWE-based key encapsulation with a new multi-bit encoding method. / Seo, Minhye; Kim, Suhri; Lee, Dong Hoon; Park, Jong Hwan.

In: International Journal of Information Security, 01.01.2019.

Research output: Contribution to journalArticle

@article{638f50d282264781b015610fb92d42ab,
title = "EMBLEM: (R)LWE-based key encapsulation with a new multi-bit encoding method",
abstract = "Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.",
keywords = "Chosen-ciphertext security, Key encapsulation mechanism, Lattice-based cryptography, Small secret LWE",
author = "Minhye Seo and Suhri Kim and Lee, {Dong Hoon} and Park, {Jong Hwan}",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/s10207-019-00456-9",
language = "English",
journal = "International Journal of Information Security",
issn = "1615-5262",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - EMBLEM

T2 - (R)LWE-based key encapsulation with a new multi-bit encoding method

AU - Seo, Minhye

AU - Kim, Suhri

AU - Lee, Dong Hoon

AU - Park, Jong Hwan

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.

AB - Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.

KW - Chosen-ciphertext security

KW - Key encapsulation mechanism

KW - Lattice-based cryptography

KW - Small secret LWE

UR - http://www.scopus.com/inward/record.url?scp=85069658235&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85069658235&partnerID=8YFLogxK

U2 - 10.1007/s10207-019-00456-9

DO - 10.1007/s10207-019-00456-9

M3 - Article

AN - SCOPUS:85069658235

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

ER -