Abstract
Key Encapsulation Mechanism (KEM) is a foundational cryptography primitive, which can provide secure symmetric cryptographic key material for transmission by using public key algorithms. Until now, many Chosen-Ciphertext (IND-CCA) secure KEM schemes are constructed from Chosen-Plaintext (IND-CPA) or One-Way (OW-CPA) secure PKE via the generic Fujisaki-Okamoto (FO) transformations (TCC 2017). However, the security relies on the Random Oracle Model (ROM). To the best of our knowledge, there are no IND-CCA secure KEM schemes based on Learning Parity with Noise (LPN) assumption that can against post quantum attacks in the standard model. In this work, we propose the first direct construction of LPN-based KEM, which is secure in the standard model. In particular, we use double-trapdoor technique to answer adversary’s decryption queries correctly and a Target Collision Resistant (TCR) hash function to check the validity of the ciphertext. The encapsulated key is determined by a special LPN problem (with no random oracle required). The scheme is IND-CCA secure against post-quantum attacks under the low-noise LPN assumptions by a series of games and the security reduction is tight. Compared with previous schemes on 128-bit security level, our CCA-secure scheme only holds 50.78MB public keys, 62.50MB secret keys and 4.54KB ciphertexts, which is more efficient than the schemes of Döttling <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (ASIACRYPT 2012), Kiltz <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (PKC 2014) and Yu <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (CRYPTO 2016) ((7.27GB, 7.24GB, 7.03KB), (80.89MB, 46.23MB, 6.80KB) and (70.95MB, 70.65MB, 86.50KB) respectively).
Highlights
Learning Parity with Noise (LPN) problem is a significant researching area in cryptography academia
OUR CONTRIBUTION In this work, we construct the first IND-CCA secure Key Encapsulation Mechanism (KEM) scheme based on variants of low-noise LPN assumption [10], [30] in the standard model, the main techniques are a target collision resistant hash function and a double-trapdoor function
We provide specific parameters for our KEM based on the VLPN assumption
Summary
Learning Parity with Noise (LPN) problem is a significant researching area in cryptography academia. These 7 Round-3 algorithms are constructed by using generic transformations from IND-CPA secure schemes or OW-CPA secure schemes. A. OUR CONTRIBUTION In this work, we construct the first IND-CCA secure KEM scheme based on variants of low-noise LPN assumption [10], [30] in the standard model, the main techniques are a target collision resistant hash function and a double-trapdoor function. The scheme is IND-CCA secure in the standard model under the low-noise LPN assumptions and the security reduction is tight. Compared with the work [31], our construction based on low-noise LPN problem is secure against post-quantum attacks in standard model. Consider the performance on 128-bit security level, our CCA-secure scheme only holds 50.78MB public keys, 62.50MB secret keys and 4.54KB ciphertexts, which is more efficient than the schemes of Döttling et al [10], Kiltz et al [32] and Yu et al [13] ((7.27GB, 7.24GB, 7.03KB), (80.89MB, 46.23MB, 6.80KB) and (70.95MB, 70.65MB, 86.50KB) respectively)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
