## Cryptology ePrint Archive: Report 2017/634

CRYSTALS -- Kyber: a CCA-secure module-lattice-based KEM

Joppe Bos and Léo Ducas and Eike Kiltz and Tancrède Lepoint and Vadim Lyubashevsky and John M. Schanck and Peter Schwabe and Gregor Seiler and Damien Stehlé

Abstract: Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digital-signature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes.

This paper introduces Kyber (part of CRYSTALS -- Cryptographic Suite for Algebraic Lattices -- a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM),based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NewHope KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme.

We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki--Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than $128$ bits of post-quantum security.

Category / Keywords: public-key cryptography / KEM, lattice techniques, implementation

Original Publication (with minor differences): 2018 IEEE European Symposium on Security and Privacy (EuroS&P)
DOI:
10.1109/EuroSP.2018.00032

Date: received 27 Jun 2017, last revised 14 Oct 2020

Contact author: authors at pq-crystals org

Available format(s): PDF | BibTeX Citation

Note: Updated to the full version (including Appendix A describing the Kyber.Hybrid construction)

Short URL: ia.cr/2017/634

[ Cryptology ePrint archive ]