Paper 2021/222
Quantum-safe HIBE: does it cost a Latte?
Raymond K. Zhao and Sarah McCarthy and Ron Steinfeld and Amin Sakzad and Máire O’Neill
Abstract
In addition to providing quantum-safe traditional PKI, lattices support advanced primitives such as identity-based encryption (IBE). These schemes have shown promising results in terms of practicality, but still have disadvantages such as the reliance on a single master key. Hierarchical identity-based encryption (HIBE) schemes address this problem, as well as lending themselves to more realistic organisational structures. To date, several HIBE schemes over lattices have been proposed but there has been little in the way of practical evaluation. This paper provides the first complete C implementation and benchmarking of Latte, a promising HIBE scheme proposed by the United Kingdom (UK) The National Cyber Security Centre (NCSC) in 2017 and endorsed by European Telecommunications Standards Institute (ETSI). We also propose further optimisations for the KeyGen, Delegate, and sampling components of Latte. As expected, the KeyGen, Extract, and Delegate components are the most time consuming, with Extract experiencing a 35% decrease in op/s from the first to second hierarchical level at 80-bit security. Our optimised implementation of the Delegate function takes 1 second at this security level on a desktop machine at 4.2GHz, significantly faster than the order of minutes estimated in the ETSI technical report. Furthermore, our optimised Latte Encrypt/Decrypt implementation reaches speeds up to 4.6x faster than the ETSI implementation.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- lattice-based cryptographyhierarchical identity-based encryptionadvanced primitivessoftware design
- Contact author(s)
- raymond zhao @ monash edu
- History
- 2023-12-27: last of 8 revisions
- 2021-03-02: received
- See all versions
- Short URL
- https://ia.cr/2021/222
- License
-
CC BY