Round5: compact and fast post-quantum public-key encryption

Hayo Baan, Sauvik Bhattacharya, Scott Fluhrer, Oscar Garcia-Morchon, Thijs M.M. Laarhoven, Ronald Rietman, Markku Juhani O. Saarinen, Ludo Tolhuizen, Zhenfei Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

15 Citations (Scopus)
1 Downloads (Pure)


We present the ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)- based IND-CPA secure public-key encryption scheme. It combines elements of the NIST candidates Round2 (use of RLWR as underlying problem, having 1 + x +... + xn with n+1 prime as reduction polynomial, allowing for a large design space) and HILA5 (the constant-time error-correction code XEf). Round5 performs part of encryption, and decryption via multiplication in Zp[x]/(xn+1−1), and uses secret-key polynomials that have a factor (x − 1). This technique reduces the failure probability and makes correlation in the decryption error negligibly low. The latter allows the effective application of error correction through XEf to further reduce the failure rate and shrink parameters, improving both security and performance. We argue for the security of Round5, both formal and concrete. We further analyze the decryption error, and give analytical as well as experimental results arguing that the decryption failure rate is lower than in Round2, with negligible correlation in errors. IND-CCA secure parameters constructed using Round5 and offering more than 232 and 256 bits of quantum and classical security respectively, under the conservative core sieving model, require only 2144 B of bandwidth. For comparison, similar, competing proposals require over 30% more bandwidth. Furthermore, the high flexilibity of Round5’s design allows choosing finely tuned parameters fitting the needs of diverse applications – ranging from the IoT to high-security levels.

Original languageEnglish
Title of host publicationPost-Quantum Cryptography - 10th International Conference, PQCrypto 2019, Revised Selected Papers
EditorsJintai Ding, Rainer Steinwandt
Place of PublicationCham
Number of pages20
ISBN (Electronic)978-3-030-25510-7
ISBN (Print)978-3-030-25509-1
Publication statusPublished - 14 Jul 2019
Event10th International Conference on Post-Quantum Cryptography, PQCrypto 2019 - Chongquin, China
Duration: 8 May 201910 May 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11505 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference10th International Conference on Post-Quantum Cryptography, PQCrypto 2019


  • Error correction
  • Lattice cryptography
  • Learning with Rounding
  • Prime cyclotomic ring
  • Public-key encryption


Dive into the research topics of 'Round5: compact and fast post-quantum public-key encryption'. Together they form a unique fingerprint.

Cite this