John M. Schanck scite author profile

Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digitalsignature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS-Cryptographic Suite for Algebraic Lattices-a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki-Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of postquantum security. 4. Our scheme is in fact an optimization that slightly deviates from the Module-LWE assumption. We discuss this in Section 3.

show abstract

Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE

Jaques

Schanck

2019

View full text Add to dashboard Cite

Choosing Parameters for NTRUEncrypt

Hoffstein

Pipher

Schanck

et al. 2017

View full text Add to dashboard Cite

Estimating the Cost of Generic Quantum Pre-image Attacks on SHA-2 and SHA-3

Amy

Matteo

Gheorghiu

et al. 2017

View full text Add to dashboard Cite

Abstract. We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cycles. As a surface code cycle involves a significant classical processing stage, our cost estimates allow for crude, but direct, comparisons of classical and quantum algorithms. We exhibit a circuit for a pre-image attack on SHA-256 that is approximately 2 153.8 surface code cycles deep and requires approximately 2 12.6 logical qubits. This yields an overall cost of 2 166.4 logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is approximately 2 146.5 surface code cycles deep and requires approximately 2 20 logical qubits for a total cost of, again, 2 166.5 logical-qubit-cycles. Both attacks require on the order of 2 128 queries in a quantum black-box model, hence our results suggest that executing these attacks may be as much as 275 billion times more expensive than one would expect from the simple query analysis.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

John M. Schanck

CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM

Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE

Choosing Parameters for NTRUEncrypt

Estimating the Cost of Generic Quantum Pre-image Attacks on SHA-2 and SHA-3

Contact Info

Product

Resources

About