## Cryptology ePrint Archive: Report 2019/090

Round5: Compact and Fast Post-Quantum Public-Key Encryption

Hayo Baan and Sauvik Bhattacharya and Scott Fluhrer and Oscar Garcia-Morchon and Thijs Laarhoven and Ronald Rietman and Markku-Juhani O. Saarinen and Ludo Tolhuizen and Zhenfei Zhang

Abstract: We present the ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)- based IND-CPA secure public-key encryption scheme. It combines elements of the NIST candidates Round2 (use of RLWR as underlying problem, having $1+x+\ldots +x^n$ with $n+1$ prime as reduction polynomial, allowing for a large design space) and HILA5 (the constant-time error-correction code XEf). Round5 performs part of encryption, and decryption via multiplication in $\mathbb{Z}_{p}[x]/(x^{n+1}-1)$, and uses secret-key polynomials that have a factor $(x-1)$. This technique reduces the failure probability and makes correlation in the decryption error negligibly low. The latter allows the effective application of error correction through XEf to further reduce the failure rate and shrink parameters, improving both security and performance. We argue for the security of Round5, both formal and concrete. We further analyze the decryption error, and give analytical as well as experimental results arguing that the decryption failure rate is lower than in Round2, with negligible correlation in errors. IND-CCA secure parameters constructed using Round5 and offering more than 232 and 256 bits of quantum and classical security respectively, under the conservative core sieving model, require only 2144 B of bandwidth. For comparison, similar, competing proposals require over 30% more bandwidth. Furthermore, the high flexibility of Round5's design allows choosing finely tuned parameters fitting the needs of diverse applications -- ranging from the IoT to high-security levels.

Category / Keywords: public-key cryptography / Lattice cryptography, Learning with Rounding, Prime cyclotomic ring, Public-key encryption, IND-CPA, Error correction

Original Publication (with minor differences): PQCrypto 2019: The Tenth International Conference on Post-Quantum Cryptography.

Date: received 28 Jan 2019, last revised 3 May 2019

Contact author: sauvik bhattacharya at philips com

Available format(s): PDF | BibTeX Citation

Note: Updated references.

Short URL: ia.cr/2019/090

[ Cryptology ePrint archive ]