Paper 2018/725
Round5: KEM and PKE based on GLWR
Sauvik Bhattacharya, Oscar Garcia-Morchon, Thijs Laarhoven, Ronald Rietman, Markku-Juhani O. Saarinen, Ludo Tolhuizen, and Zhenfei Zhang
Abstract
Standardization bodies such as NIST and ETSI are currently seeking quantum resistant alternatives to vulnerable RSA and elliptic curve-based public-key algorithms. In this context, we present Round5, a lattice-based cryptosystem providing a key encapsulation mechanism and a public-key encryption scheme. Round5 is based on the General Learning with Rounding problem, unifying non-ring and ring lattice rounding problems into one. Usage of rounding combined with a tight analysis leads to significantly reduced bandwidth and randomness requirements. Round5's reliance on prime-order cyclotomic rings offers a large design space allowing fine-grained parameter optimization. The use of sparse-ternary secret keys improves performance and significantly reduces decryption failure rates at minimal additional cost. The use of error-correcting codes, in combination with ring multiplications in $\mathbb{Z}[x]/(x^{n+1}-1)$ that ensures non-correlated errors, further improves the latter. Round5 parameters have been carefully optimized for bandwidth, while the design facilitates efficient implementation. As a result, Round5 has leading performance characteristics among all NIST post-quantum candidates, and at the same time attains conservative security levels that fully fit NIST's security categories. Round5's schemes share common building blocks, simplifying (security and operational) analysis and code review. Finally, Round5 proposes various approaches of refreshing the system public parameter A, which efficiently prevent precomputation and back-door attacks. Disclaimer: This is a draft version, not all sections are included.
Note: Updated title to reflect full specification document.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Lattice cryptographyPost-quantum cryptographyLearning with roundingprime cyclotomic ringkey encapsulationCCA securityCPA security
- Contact author(s)
- sauvik bhattacharya @ philips com
- History
- 2019-01-26: last of 3 revisions
- 2018-08-09: received
- See all versions
- Short URL
- https://ia.cr/2018/725
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/725, author = {Sauvik Bhattacharya and Oscar Garcia-Morchon and Thijs Laarhoven and Ronald Rietman and Markku-Juhani O. Saarinen and Ludo Tolhuizen and Zhenfei Zhang}, title = {Round5: {KEM} and {PKE} based on {GLWR}}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/725}, year = {2018}, url = {https://eprint.iacr.org/2018/725} }