HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption

Markku Juhani O. Saarinen

doi:10.1007/978-3-319-72565-9_10

HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption

Markku Juhani O. Saarinen^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

20 Citations (Scopus)

Abstract

We describe a new reconciliation method for Ring-LWE that has a significantly smaller failure rate than previous proposals while reducing ciphertext size and the amount of randomness required. It is based on a simple, deterministic variant of Peikert’s reconciliation that works with our new “safe bits” selection and constant-time error correction techniques. The new method does not need randomized smoothing to achieve non-biased secrets. When used with the very efficient “New Hope” Ring-LWE parametrization we achieve a decryption failure rate well below 2 ^{- 128} (compared to 2 ^{- 60} of the original), making the scheme suitable for public key encryption in addition to key exchange protocols; the reconciliation approach saves about 40 % in ciphertext size when compared to the common LP11 Ring-LWE encryption scheme. We perform a combinatorial failure analysis using full probability convolutions, leading to a precise understanding of decryption failure conditions on bit level. Even with additional implementation security and safety measures the new scheme is still essentially as fast as the New Hope but has slightly shorter messages. The new techniques have been instantiated and implemented as a Key Encapsulation Mechanism (KEM) and public key encryption scheme designed to meet the requirements of NIST’s Post-Quantum Cryptography effort at very high security level.

Original language	English
Title of host publication	Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers
Editors	Carlisle Adams, Jan Camenisch
Publisher	Springer Verlag
Pages	192-212
Number of pages	21
ISBN (Print)	9783319725642
DOIs	https://doi.org/10.1007/978-3-319-72565-9_10
Publication status	Published - 2018
Externally published	Yes
Publication type	A4 Article in conference proceedings
Event	24th International Conference on Selected Areas in Cryptography, SAC 2017 - Ottawa, Canada Duration: 16 Aug 2017 → 18 Aug 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10719 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th International Conference on Selected Areas in Cryptography, SAC 2017
Country/Territory	Canada
City	Ottawa
Period	16/08/17 → 18/08/17

Keywords

New hope
Post-Quantum encryption
Reconciliation
Ring-LWE

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-72565-9_10

Cite this

Saarinen, M. J. O. (2018). HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption. In C. Adams, & J. Camenisch (Eds.), Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers (pp. 192-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10719 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-72565-9_10

Saarinen, Markku Juhani O. / HILA5 : On reliability, reconciliation, and error correction for ring-LWE encryption. Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers. editor / Carlisle Adams ; Jan Camenisch. Springer Verlag, 2018. pp. 192-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{75e0d4b03052483f8bc679ac8e7163b6,

title = "HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption",

abstract = "We describe a new reconciliation method for Ring-LWE that has a significantly smaller failure rate than previous proposals while reducing ciphertext size and the amount of randomness required. It is based on a simple, deterministic variant of Peikert{\textquoteright}s reconciliation that works with our new “safe bits” selection and constant-time error correction techniques. The new method does not need randomized smoothing to achieve non-biased secrets. When used with the very efficient “New Hope” Ring-LWE parametrization we achieve a decryption failure rate well below 2 - 128 (compared to 2 - 60 of the original), making the scheme suitable for public key encryption in addition to key exchange protocols; the reconciliation approach saves about 40 \% in ciphertext size when compared to the common LP11 Ring-LWE encryption scheme. We perform a combinatorial failure analysis using full probability convolutions, leading to a precise understanding of decryption failure conditions on bit level. Even with additional implementation security and safety measures the new scheme is still essentially as fast as the New Hope but has slightly shorter messages. The new techniques have been instantiated and implemented as a Key Encapsulation Mechanism (KEM) and public key encryption scheme designed to meet the requirements of NIST{\textquoteright}s Post-Quantum Cryptography effort at very high security level.",

keywords = "New hope, Post-Quantum encryption, Reconciliation, Ring-LWE",

author = "Saarinen, \{Markku Juhani O.\}",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2018.; 24th International Conference on Selected Areas in Cryptography, SAC 2017 ; Conference date: 16-08-2017 Through 18-08-2017",

year = "2018",

doi = "10.1007/978-3-319-72565-9\_10",

language = "English",

isbn = "9783319725642",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "192--212",

editor = "Carlisle Adams and Jan Camenisch",

booktitle = "Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers",

address = "Germany",

}

Saarinen, MJO 2018, HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption. in C Adams & J Camenisch (eds), Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10719 LNCS, Springer Verlag, pp. 192-212, 24th International Conference on Selected Areas in Cryptography, SAC 2017, Ottawa, Canada, 16/08/17. https://doi.org/10.1007/978-3-319-72565-9_10

HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption. / Saarinen, Markku Juhani O.
Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers. ed. / Carlisle Adams; Jan Camenisch. Springer Verlag, 2018. p. 192-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10719 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - HILA5

T2 - 24th International Conference on Selected Areas in Cryptography, SAC 2017

AU - Saarinen, Markku Juhani O.

N1 - Publisher Copyright: © Springer International Publishing AG 2018.

PY - 2018

Y1 - 2018

N2 - We describe a new reconciliation method for Ring-LWE that has a significantly smaller failure rate than previous proposals while reducing ciphertext size and the amount of randomness required. It is based on a simple, deterministic variant of Peikert’s reconciliation that works with our new “safe bits” selection and constant-time error correction techniques. The new method does not need randomized smoothing to achieve non-biased secrets. When used with the very efficient “New Hope” Ring-LWE parametrization we achieve a decryption failure rate well below 2 - 128 (compared to 2 - 60 of the original), making the scheme suitable for public key encryption in addition to key exchange protocols; the reconciliation approach saves about 40 % in ciphertext size when compared to the common LP11 Ring-LWE encryption scheme. We perform a combinatorial failure analysis using full probability convolutions, leading to a precise understanding of decryption failure conditions on bit level. Even with additional implementation security and safety measures the new scheme is still essentially as fast as the New Hope but has slightly shorter messages. The new techniques have been instantiated and implemented as a Key Encapsulation Mechanism (KEM) and public key encryption scheme designed to meet the requirements of NIST’s Post-Quantum Cryptography effort at very high security level.

AB - We describe a new reconciliation method for Ring-LWE that has a significantly smaller failure rate than previous proposals while reducing ciphertext size and the amount of randomness required. It is based on a simple, deterministic variant of Peikert’s reconciliation that works with our new “safe bits” selection and constant-time error correction techniques. The new method does not need randomized smoothing to achieve non-biased secrets. When used with the very efficient “New Hope” Ring-LWE parametrization we achieve a decryption failure rate well below 2 - 128 (compared to 2 - 60 of the original), making the scheme suitable for public key encryption in addition to key exchange protocols; the reconciliation approach saves about 40 % in ciphertext size when compared to the common LP11 Ring-LWE encryption scheme. We perform a combinatorial failure analysis using full probability convolutions, leading to a precise understanding of decryption failure conditions on bit level. Even with additional implementation security and safety measures the new scheme is still essentially as fast as the New Hope but has slightly shorter messages. The new techniques have been instantiated and implemented as a Key Encapsulation Mechanism (KEM) and public key encryption scheme designed to meet the requirements of NIST’s Post-Quantum Cryptography effort at very high security level.

KW - New hope

KW - Post-Quantum encryption

KW - Reconciliation

KW - Ring-LWE

UR - https://www.scopus.com/pages/publications/85041821944

U2 - 10.1007/978-3-319-72565-9_10

DO - 10.1007/978-3-319-72565-9_10

M3 - Conference contribution

AN - SCOPUS:85041821944

SN - 9783319725642

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 192

EP - 212

BT - Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers

A2 - Adams, Carlisle

A2 - Camenisch, Jan

PB - Springer Verlag

Y2 - 16 August 2017 through 18 August 2017

ER -

Saarinen MJO. HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption. In Adams C, Camenisch J, editors, Selected Areas in Cryptography – SAC 2017 - 24th International Conference, Revised Selected Papers. Springer Verlag. 2018. p. 192-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-72565-9_10

HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this