Lizard: Cut Off the Tail! A Practical Post-quantum Public-Key Encryption from LWE and LWR

Cheon, Jung Hee; Kim, Duhyeong; Lee, Joohee; Song, Yongsoo

doi:10.1007/978-3-319-98113-0_9

Cited by 42 publications

(47 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the vector v v v = (s s s, e e e, 1) is unbalanced since ||s s s i || is not necessarily equal to ||e e e i ||. In our case, ||s s s i || < ||e e e i ||, which can be exploited by the lattice rescaling method described by Bai et al [9], and further analysed in [22]. Analogous to [4], the primal attack is successful if the projected norm of the unique shortest vector on the last b Gram-Schmidt vectors is shorter than the (d − b) th Gram-Schmidt vector, or: is generated uniformly, z will also be uniform mod q.…”

Section: Security Analysismentioning

confidence: 89%

“…Since in our case, ||s s s i || < ||e e e i ||, we observe that the w w ws s s term will be smaller than the v v ve e e term. The weighted attack [9,22] optimizes the shortest vector so that these terms have a similar variance, by considering the weighted lattice Λ = {(x x x, y y y ) ∈ Z m × (α −1 Z) n : (x x x, αy y y ) ∈ Λ mod q}.…”

Section: Security Analysismentioning

confidence: 99%

See 1 more Smart Citation

Saber: Module-LWR Based Key Exchange, CPA-Secure Encryption and CCA-Secure KEM

D’Anvers

Karmakar

Roy

et al. 2018

Lecture Notes in Computer Science

208

126

View full text Add to dashboard Cite

In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.

show abstract

Section: Security Analysismentioning

confidence: 89%

Section: Security Analysismentioning

confidence: 99%

Saber: Module-LWR Based Key Exchange, CPA-Secure Encryption and CCA-Secure KEM

D’Anvers

Karmakar

Roy

et al. 2018

Lecture Notes in Computer Science

208

126

View full text Add to dashboard Cite

show abstract

“…For the convenience of calculations, we only sample and compute integers over Z . [15] is parameterized by positive integers ℎ, , , , , , ∈ Z and an error rate ∈ R, where the moduli , , satisfy | | . For a real number 0 < < 1, we sample values (…”

Section: Binomial Distributionmentioning

confidence: 99%

“…We implemented and tested five recent lattice-based encryption schemes and public-key exchange protocols on four web browsers, a microcontroller Tessel2, an Android phone Xperia XZ, and other JavaScript-enabled platforms on PC and Mac. We chose an encryption scheme "Lizard" which is based on the learning with errors (LWE) and the learning with rounding (LWR) problems and its ring variant "ring-Lizard" [15], a modulo-LWE based encryption scheme "Kyber" [16], and two quantum secure key exchange protocols "Frodo" [17] and "NewHope" [18], which are based on the LWE problem and the ring-LWE problem, respectively. All the cryptosystems above were implemented in JavaScript.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Portable Implementation of Postquantum Encryption Schemes and Key Exchange Protocols on JavaScript-Enabled Platforms

Yuan

Xiao

Fukushima

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Quantum computers have the potential to solve some difficult mathematical problems efficiently and thus will inevitably exert a more significant impact on the traditional asymmetric cryptography. The National Institute of Standards and Technology (NIST) has opened a formal call for the submission of proposals of quantum-resistant public-key cryptographic algorithms to set the next-generation cryptography standards. Compared to powerful machines with ample amount of hardware resources such as racks of servers and IoT devices, including the massive number of microcontrollers, smart terminals, and sensor nodes with limited computing capacity, should also have some postquantum cryptography features for security and privacy. To ensure the correct execution of encryption algorithms on any platforms, the portability of implementation becomes more important. As distinguished from C/C++, JavaScript is a popular cross-platform language that can be used for the web applications and some hardware platforms directly, and it could be one of the solutions of portability. Therefore, we investigate and implement several recent lattice-based encryption schemes and public-key exchange protocols including Lizard, ring-Lizard, Kyber, Frodo, and NewHope in JavaScript, which are the active candidates of postquantum cryptography due to their applicabilities and efficiencies. We show and compare the performance of our JavaScript implementation on web browsers, embedded device Tessel2, Android phone, and several JavaScript-enabled platforms on PC and Mac. Our work shows that implementing lattice-based cryptography on JavaScript-enabled platforms is achievable and results in desirable portability.

show abstract