Paper 2015/138

A Practical Key Exchange for the Internet using Lattice Cryptography

Vikram Singh


In 2014, Peikert presented an efficient and provably secure set of lower level primitives for practical post-quantum cryptography. These primitives also gave the first lattice-based scheme to provide perfect forward secrecy, and thus represent a major advancement in providing the same sort of security guarantees that are now expected for modern internet traffic protection. However, the presentation might have proved a bit daunting for the slightly less mathematical reader. Here we provide what we hope will be a clear and self-contained exposition of how the algorithm can be implemented, along with sample code and some initial analysis for potential parameter sizes. We focus on the simpler case, as chosen by Bos, Costello, Naehrig and Stebila in 2014, of cyclotomic rings whose degree is a power of two. We describe the necessary arithmetic setup and choices regarding error sampling, and give a possibly cleaner mechanism for reconciliation of the shared secrets. Then we present Peikert's Diffie-Hellman-like key exchange algorithms along with security, correctness and implementation analysis. We demonstrate parameter choices that outperform Bos et al by a factor of up to 13 for equivalent security.

Note: Updated GitHub repository URL

Available format(s)
Publication info
Preprint. MINOR revision.
CryptographyLatticeRing-LWERing Learning With ErrorsKey ExchangeIKETLS
Contact author(s)
vs77814 @ gmail com
2015-12-22: last of 2 revisions
2015-02-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Vikram Singh},
      title = {A Practical Key Exchange for the Internet using Lattice Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2015/138},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.