TY - GEN
T1 - Round5
T2 - 10th International Conference on Post-Quantum Cryptography, PQCrypto 2019
AU - Baan, Hayo
AU - Bhattacharya, Sauvik
AU - Fluhrer, Scott
AU - Garcia-Morchon, Oscar
AU - Laarhoven, Thijs M.M.
AU - Rietman, Ronald
AU - Saarinen, Markku Juhani O.
AU - Tolhuizen, Ludo
AU - Zhang, Zhenfei
PY - 2019/7/14
Y1 - 2019/7/14
N2 - We present the ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)- based IND-CPA secure public-key encryption scheme. It combines elements of the NIST candidates Round2 (use of RLWR as underlying problem, having 1 + x +... + xn with n+1 prime as reduction polynomial, allowing for a large design space) and HILA5 (the constant-time error-correction code XEf). Round5 performs part of encryption, and decryption via multiplication in Zp[x]/(xn+1−1), and uses secret-key polynomials that have a factor (x − 1). This technique reduces the failure probability and makes correlation in the decryption error negligibly low. The latter allows the effective application of error correction through XEf to further reduce the failure rate and shrink parameters, improving both security and performance. We argue for the security of Round5, both formal and concrete. We further analyze the decryption error, and give analytical as well as experimental results arguing that the decryption failure rate is lower than in Round2, with negligible correlation in errors. IND-CCA secure parameters constructed using Round5 and offering more than 232 and 256 bits of quantum and classical security respectively, under the conservative core sieving model, require only 2144 B of bandwidth. For comparison, similar, competing proposals require over 30% more bandwidth. Furthermore, the high flexilibity of Round5’s design allows choosing finely tuned parameters fitting the needs of diverse applications – ranging from the IoT to high-security levels.
AB - We present the ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)- based IND-CPA secure public-key encryption scheme. It combines elements of the NIST candidates Round2 (use of RLWR as underlying problem, having 1 + x +... + xn with n+1 prime as reduction polynomial, allowing for a large design space) and HILA5 (the constant-time error-correction code XEf). Round5 performs part of encryption, and decryption via multiplication in Zp[x]/(xn+1−1), and uses secret-key polynomials that have a factor (x − 1). This technique reduces the failure probability and makes correlation in the decryption error negligibly low. The latter allows the effective application of error correction through XEf to further reduce the failure rate and shrink parameters, improving both security and performance. We argue for the security of Round5, both formal and concrete. We further analyze the decryption error, and give analytical as well as experimental results arguing that the decryption failure rate is lower than in Round2, with negligible correlation in errors. IND-CCA secure parameters constructed using Round5 and offering more than 232 and 256 bits of quantum and classical security respectively, under the conservative core sieving model, require only 2144 B of bandwidth. For comparison, similar, competing proposals require over 30% more bandwidth. Furthermore, the high flexilibity of Round5’s design allows choosing finely tuned parameters fitting the needs of diverse applications – ranging from the IoT to high-security levels.
KW - Error correction
KW - IND-CPA
KW - Lattice cryptography
KW - Learning with Rounding
KW - Prime cyclotomic ring
KW - Public-key encryption
UR - http://www.scopus.com/inward/record.url?scp=85069802137&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-25510-7_5
DO - 10.1007/978-3-030-25510-7_5
M3 - Conference contribution
AN - SCOPUS:85069802137
SN - 978-3-030-25509-1
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 83
EP - 102
BT - Post-Quantum Cryptography - 10th International Conference, PQCrypto 2019, Revised Selected Papers
A2 - Ding, Jintai
A2 - Steinwandt, Rainer
PB - Springer
CY - Cham
Y2 - 8 May 2019 through 10 May 2019
ER -