Paper 2017/354

Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts

Martin R. Albrecht, Emmanuela Orsini, Kenneth G. Paterson, Guy Peer, and Nigel P. Smart


We provide a tight security proof for an IND-CCA Ring-LWE based Key Encapsulation Mechanism that is derived from a generic construction of Dent (IMA Cryptography and Coding, 2003). Such a tight reduction is not known for the generic construction. The resulting scheme has shorter ciphertexts than can be achieved with other generic constructions of Dent or by using the well-known Fujisaki-Okamoto constructions (PKC 1999, Crypto 1999). Our tight security proof is obtained by reducing to the security of the underlying Ring-LWE problem, avoiding an intermediate reduction to a CPA-secure encryption scheme. The proof technique maybe of interest for other schemes based on LWE and Ring-LWE.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.ESORICS 2017
Contact author(s)
Martin Albrecht @ rhul ac uk
Emmanuela Orsini @ bristol ac uk
Kenny Paterson @ rhul ac uk
guy peer @ dyadicsec com
nigel @ cs bris ac uk
2017-06-27: last of 3 revisions
2017-04-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Martin R.  Albrecht and Emmanuela Orsini and Kenneth G.  Paterson and Guy Peer and Nigel P.  Smart},
      title = {Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts},
      howpublished = {Cryptology ePrint Archive, Paper 2017/354},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.