Paper 2021/080
Error Term Checking: Towards Chosen Ciphertext Security without Re-encryption
Jan-Pieter D'Anvers, Emmanuela Orsini, and Frederik Vercauteren
Abstract
Chosen ciphertext security for lattice based encryption schemes is generally achieved through a generic transformation such as the Fujisaki-Okamoto transformation. This method requires full re-encryption of the plaintext during decapsulation, which typically dominates the cost of the latter procedure. In this work we show that it is possible to develop alternative transformations specifically designed for lattice based encryption schemes. We propose two novel chosen ciphertext transformations, $\mathtt{ETC1}$ and $\mathtt{ETC2}$, in which re-encryption is replaced by checking the error term of the input ciphertext. We show that our new ciphertext validity check can be securely applied to lattice based encryption schemes under specific conditions. For the NIST post-quantum standardization candidate Threebears we show a speed-up for decapsulation of up to $37.4\%$. Moreover, as our method only changes the validation check during decapsulation, it is fully backwards compatible with existing implementations of the Fujisaki-Okamoto transformation.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Post-Quantum CryptographyLattice-based CryptographyChosen Ciphertext SecurityFujisaki-Okamoto transform
- Contact author(s)
-
janpieter danvers @ esat kuleuven be
emmanuela orsini @ esat kuleuven be
frederik vercauteren @ esat kuleuven be - History
- 2021-01-22: received
- Short URL
- https://ia.cr/2021/080
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/080,
author = {Jan-Pieter D'Anvers and Emmanuela Orsini and Frederik Vercauteren},
title = {Error Term Checking: Towards Chosen Ciphertext Security without Re-encryption},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/080},
year = {2021},
url = {https://eprint.iacr.org/2021/080}
}
