Paper 2017/709

spKEX: An optimized lattice-based key exchange

Sauvik Bhattacharya, Oscar Garcia-Morchon, Ronald Rietman, and Ludo Tolhuizen


The advent of large-scale quantum computers has resulted in significant interest in quantum-safe cryptographic primitives. Lattice-based cryptography is one of the most attractive post-quantum cryptographic families due to its well-understood security, efficient operation and versatility. However, LWE-based schemes are still relatively bulky and slow. In this work, we present spKEX, a forward-secret, post-quantum, unauthenticated lattice-based key-exchange scheme that combines four techniques to optimize performance. spKEX relies on Learning with Rounding (LWR) to reduce bandwidth; it uses sparse and ternary secrets to speed up computations and reduce failure probability; it applies an improved key reconciliation scheme to reduce bandwidth and failure probability; and computes the public matrix A by means of a permutation to improve performance while allowing for a fresh A in each key exchange. For a quantum security level of 128 bits, our scheme requires 30% lesser bandwidth than the LWE-based key-exchange proposal Frodo [9] and allows for a fast implementation of the key exchange.

Note: Section on hybrid attack has been added. As a result, the proposed parameters have been altered.

Available format(s)
Publication info
Preprint. MINOR revision.
lattice techniqueskey exchange
Contact author(s)
ludo tolhuizen @ philips com
2017-08-17: revised
2017-07-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sauvik Bhattacharya and Oscar Garcia-Morchon and Ronald Rietman and Ludo Tolhuizen},
      title = {spKEX: An optimized lattice-based key exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2017/709},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.