Paper 2017/1183

Round2: KEM and PKE based on GLWR

Hayo Baan, Sauvik Bhattacharya, Oscar Garcia-Morchon, Ronald Rietman, Ludo Tolhuizen, Jose-Luis Torre-Arce, and Zhenfei Zhang


Cryptographic primitives that are secure against quantum computing are receiving growing attention with recent, steady advances in quantum computing and standardization initiatives in post-quantum cryptography by NIST and ETSI. Lattice-based cryptography is one of the families in post-quantum cryptography, demonstrating desirable features such as well-understood security, efficient performance, and versatility. In this work, we present Round2 that consists of a key-encapsulation mechanism and a public-key encryption scheme. Round2 is based on the General Learning with Rounding problem, that unifies the Learning with Rounding and Ring Learning with Rounding problems. Round2's construction using the above problem allows for a unified description and implementation. The key-encapsulation mechanism and public-key encryption scheme furthermore share common building blocks, simplifying (security and operational) analysis and code review. Round2's reliance on prime cyclotomic rings offers a large design space that allows fine-tuning of parameters to required security levels. The use of rounding reduces bandwidth requirements and the use of sparse-trinary secrets improves CPU performance and decryption success rates. Finally, Round2 includes various approaches of refreshing the system public parameter A, allowing efficient ways of preventing precomputation and back-door attacks.

Note: Spelling error in name of second author.

Available format(s)
Publication info
key encapsulationpublic key encryptionlattice techniquespost-quantum cryptography
Contact author(s)
ludo tolhuizen @ philips com
2018-03-02: revised
2017-12-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hayo Baan and Sauvik Bhattacharya and Oscar Garcia-Morchon and Ronald Rietman and Ludo Tolhuizen and Jose-Luis Torre-Arce and Zhenfei Zhang},
      title = {Round2: KEM and PKE based on GLWR},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1183},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.