Cryptology ePrint Archive: Report 2017/709

spKEX: An optimized lattice-based key exchange

Sauvik Bhattacharya and Oscar Garcia-Morchon and Ronald Rietman and Ludo Tolhuizen

Abstract: The advent of large-scale quantum computers has resulted in significant interest in quantum-safe cryptographic primitives. Lattice-based cryptography is one of the most attractive post-quantum cryptographic families due to its well-understood security, efficient operation and versatility. However, LWE-based schemes are still relatively bulky and slow. In this work, we present spKEX, a forward-secret, post-quantum, unauthenticated lattice-based key-exchange scheme that combines four techniques to optimize performance. spKEX relies on Learning with Rounding (LWR) to reduce bandwidth; it uses sparse and ternary secrets to speed up computations and reduce failure probability; it applies an improved key reconciliation scheme to reduce bandwidth and failure probability; and computes the public matrix A by means of a permutation to improve performance while allowing for a fresh A in each key exchange. For a quantum security level of 128 bits, our scheme requires 30% lesser bandwidth than the LWE-based key-exchange proposal Frodo [9] and allows for a fast implementation of the key exchange.

Category / Keywords: lattice techniques, key exchange

Date: received 18 Jul 2017, last revised 17 Aug 2017

Contact author: ludo tolhuizen at philips com

Available format(s): PDF | BibTeX Citation

Note: Section on hybrid attack has been added. As a result, the proposed parameters have been altered.

Version: 20190217:224315 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]