Quantum-safe HIBE: does it cost a Latte?

Raymond K.  Zhao; Sarah McCarthy; Ron Steinfeld; Amin Sakzad; Máire O’Neill

Paper 2021/222

Quantum-safe HIBE: does it cost a Latte?

Raymond K. Zhao

, Data61

Sarah McCarthy, University of Waterloo

Ron Steinfeld

, Monash University

Amin Sakzad

, Monash University

Máire O’Neill, Queen's University Belfast

Abstract

The United Kingdom (UK) government is considering advanced primitives such as identity-based encryption (IBE) for adoption as they transition their public-safety communications network from TETRA to an LTE-based service. However, the current LTE standard relies on elliptic-curve-based IBE, which will be vulnerable to quantum computing attacks, expected within the next 20-30 years. Lattices can provide quantum-safe alternatives for IBE. These schemes have shown promising results in terms of practicality. To date, several IBE schemes over lattices have been proposed, but there has been little in the way of practical evaluation. This paper provides the first complete optimised practical implementation and benchmarking of Latte, a promising Hierarchical IBE (HIBE) scheme proposed by the UK National Cyber Security Centre (NCSC) in 2017 and endorsed by European Telecommunications Standards Institute (ETSI). We propose optimisations for the KeyGen, Delegate, Extract and Gaussian sampling components of Latte, to increase attack costs, reduce decryption key lengths by 2x-3x, ciphertext sizes by up to 33%, and improve speed. In addition, we conduct a precision analysis, bounding the Rényi divergence of the distribution of the real Gaussian sampling procedures from the ideal distribution in corroboration of our claimed security levels. Our resulting implementation of the Delegate function takes 0.4 seconds at 80-bit security level on a desktop machine at 4.2GHz, significantly faster than the order of minutes estimated in the ETSI technical report. Furthermore, our optimised Latte Encrypt/Decrypt implementation reaches speeds up to 9.7x faster than the ETSI implementation.

Note: Full version

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. Major revision. IEEE Transactions on Information Forensics and Security
DOI: 10.1109/TIFS.2023.3347880
Keywords: lattice-based cryptography hierarchical identity-based encryption advanced primitives software design post-quantum
Contact author(s): raymond zhao @ data61 csiro au
sarah mccarthy @ uwaterloo ca
ron steinfeld @ monash edu
amin sakzad @ monash edu
m oneill @ ecit qub ac uk
History: 2023-12-27: last of 8 revisions; 2021-03-02: received; See all versions
Short URL: https://ia.cr/2021/222
License: CC BY

BibTeX

@misc{cryptoeprint:2021/222,
      author = {Raymond K.  Zhao and Sarah McCarthy and Ron Steinfeld and Amin Sakzad and Máire O’Neill},
      title = {Quantum-safe {HIBE}: does it cost a Latte?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/222},
      year = {2021},
      doi = {10.1109/TIFS.2023.3347880},
      url = {https://eprint.iacr.org/2021/222}
}