Abstract

Key Encapsulation Mechanism (KEM) is a foundational cryptography primitive, which can provide secure symmetric cryptographic key material for transmission by using public key algorithms. Until now, many Chosen-Ciphertext (IND-CCA) secure KEM schemes are constructed from Chosen-Plaintext (IND-CPA) or One-Way (OW-CPA) secure PKE via the generic Fujisaki-Okamoto (FO) transformations (TCC 2017). However, the security relies on the Random Oracle Model (ROM). To the best of our knowledge, there are no IND-CCA secure KEM schemes based on Learning Parity with Noise (LPN) assumption that can against post quantum attacks in the standard model. In this work, we propose the first direct construction of LPN-based KEM, which is secure in the standard model. In particular, we use double-trapdoor technique to answer adversary’s decryption queries correctly and a Target Collision Resistant (TCR) hash function to check the validity of the ciphertext. The encapsulated key is determined by a special LPN problem (with no random oracle required). The scheme is IND-CCA secure against post-quantum attacks under the low-noise LPN assumptions by a series of games and the security reduction is tight. Compared with previous schemes on 128-bit security level, our CCA-secure scheme only holds 50.78MB public keys, 62.50MB secret keys and 4.54KB ciphertexts, which is more efficient than the schemes of Döttling <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (ASIACRYPT 2012), Kiltz <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (PKC 2014) and Yu <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (CRYPTO 2016) ((7.27GB, 7.24GB, 7.03KB), (80.89MB, 46.23MB, 6.80KB) and (70.95MB, 70.65MB, 86.50KB) respectively).

Highlights

  • Learning Parity with Noise (LPN) problem is a significant researching area in cryptography academia

  • OUR CONTRIBUTION In this work, we construct the first IND-CCA secure Key Encapsulation Mechanism (KEM) scheme based on variants of low-noise LPN assumption [10], [30] in the standard model, the main techniques are a target collision resistant hash function and a double-trapdoor function

  • We provide specific parameters for our KEM based on the VLPN assumption

Read more

Summary

INTRODUCTION

Learning Parity with Noise (LPN) problem is a significant researching area in cryptography academia. These 7 Round-3 algorithms are constructed by using generic transformations from IND-CPA secure schemes or OW-CPA secure schemes. A. OUR CONTRIBUTION In this work, we construct the first IND-CCA secure KEM scheme based on variants of low-noise LPN assumption [10], [30] in the standard model, the main techniques are a target collision resistant hash function and a double-trapdoor function. The scheme is IND-CCA secure in the standard model under the low-noise LPN assumptions and the security reduction is tight. Compared with the work [31], our construction based on low-noise LPN problem is secure against post-quantum attacks in standard model. Consider the performance on 128-bit security level, our CCA-secure scheme only holds 50.78MB public keys, 62.50MB secret keys and 4.54KB ciphertexts, which is more efficient than the schemes of Döttling et al [10], Kiltz et al [32] and Yu et al [13] ((7.27GB, 7.24GB, 7.03KB), (80.89MB, 46.23MB, 6.80KB) and (70.95MB, 70.65MB, 86.50KB) respectively)

PRELIMINARIES
OUR CONSTRUCTION
COMPARISONS
CONCLUSION AND FUTURE WORK

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.