## Cryptology ePrint Archive: Report 2018/081

How to validate the secret of a Ring Learning with Errors (RLWE) key

Jintai Ding and Saraswathy RV and Saed Alsayigh and Crystal Clough

Abstract: We use the signal function from RLWE key exchange to derive an efficient zero knowledge authentication protocol to validate an RLWE key $p=as+e$ with secret $s$ and error $e$ in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key $p$ presented to him by a prover $P$ is of the form $p=as+e$ with $s,e$ small and that the prover knows $s$. We accompany the description of the protocol with proof to show that it has negligible soundness and completeness error. The soundness of our protocol relies directly on the hardness of the RLWE problem. The protocol is applicable for both LWE and RLWE but we focus on the RLWE based protocol for efficiency and practicality. We also present a variant of the main protocol with a commitment scheme to avoid using the ROM.

Category / Keywords: RLWE, key exchange, post-quantum, key reuse, key validation, active attacks, zero knowledge

Date: received 18 Jan 2018, last revised 23 Jan 2018

Contact author: jintai ding at gmail com;rvsaras86@gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2018/081

[ Cryptology ePrint archive ]