Paper 2021/222

Quantum-safe HIBE: does it cost a Latte?

Raymond K. Zhao, Data61
Sarah McCarthy, University of Waterloo
Ron Steinfeld, Monash University
Amin Sakzad, Monash University
Máire O’Neill, Queen's University Belfast

The UK government is considering advanced primitives such as identity-based encryption (IBE) for adoption as they transition their public-safety communications network from TETRA to an LTE-based service. However, the current LTE standard relies on elliptic-curve-based IBE, which will be vulnerable to quantum computing attacks, expected within the next 20--30 years. Lattices can provide quantum-safe alternatives for IBE. These schemes have shown promising results in terms of practicality. To date, several IBE schemes over lattices have been proposed, but there has been little in the way of practical evaluation. This paper provides the first complete optimised practical implementation and benchmarking of Latte, a promising Hierarchical IBE scheme proposed by the United Kingdom (UK) National Cyber Security Centre (NCSC) in 2017 and endorsed by European Telecommunications Standards Institute (ETSI). We propose optimisations for the KeyGen, Delegate, Extract and Gaussian sampling components of Latte, to increas attack costs, reduce decryption key lengths by 2x--3x, ciphertext sizes by up to 33%, and improve speed. In addition, we conduct a precision analysis, bounding the Rényi divergence of the Gaussian sampling procedures from the ideal distribution in corroboration of our claimed security levels. Our resulting implementation of the Delegate function takes 0.4 seconds at 80-bit security level on a desktop machine at 4.2GHz, significantly faster than the order of minutes estimated in the ETSI technical report. Furthermore, our optimised Latte Encrypt/Decrypt implementation reaches speeds up to 9.7x faster than the ETSI implementation.

Available format(s)
Publication info
lattice-based cryptography hierarchical identity-based encryption advanced primitives software design post-quantum
Contact author(s)
raymond zhao @ data61 csiro au
sarah mccarthy @ uwaterloo ca
ron steinfeld @ monash edu
amin sakzad @ monash edu
m oneill @ ecit qub ac uk
2022-12-03: last of 2 revisions
2021-03-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Raymond K.  Zhao and Sarah McCarthy and Ron Steinfeld and Amin Sakzad and Máire O’Neill},
      title = {Quantum-safe HIBE: does it cost a Latte?},
      howpublished = {Cryptology ePrint Archive, Paper 2021/222},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.