Paper 2022/1651

TiGER: Tiny bandwidth key encapsulation mechanism for easy miGration based on RLWE(R)

Seunghwan Park, Defense Counter-intelligence Command
Chi-Gon Jung, Defense Counter-intelligence Command
Aesun Park, Defense Counter-intelligence Command
Joongeun Choi, Defense Counter-intelligence Command
Honggoo Kang, Defense Counter-intelligence Command

The quantum resistance Key Encapsulation Mechanism (PQC-KEM) design aims to replace cryptography in legacy security protocols. It would be nice if PQC-KEM were faster and lighter than ECDH or DH for easy migration to legacy security protocols. However, it seems impossible due to the temperament of the secure underlying problems in a quantum environment. Therefore, it makes reason to determine the threshold of the scheme by analyzing the maximum bandwidth the legacy security protocol can adapt. We specified the bandwidth threshold at 1,244 bytes based on IKEv2 (RFC7296), a security protocol with strict constraints on payload size in the initial exchange for secret key sharing. We propose TiGER that is an IND-CCA secure KEM based on RLWE(R). TiGER has a ciphertext (1,152bytes) and a public key (928 bytes) smaller than 1,244 bytes, even at the AES256 security level. To our knowledge, TiGER is the only scheme with such an achievement. Also, TiGER satisfies security levels 1, 3, and 5 of NIST competition. Based on reference implementation, TiGER is 1.7-2.6x faster than Kyber and 2.2-4.4x faster than LAC.

Note: This work is submitted to ‘Korean Post-Quantum Cryptography Competition’ (

Available format(s)
Public-key cryptography
Publication info
PQC RLWE RLWR Lattice-based encryption
Contact author(s)
horriblepaper @ gmail com
wjdclrhs @ gmail com
aesunpark18 @ gmail com
joongeuntom @ gmail com
honggoonin @ gmail com
2022-12-17: revised
2022-11-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Seunghwan Park and Chi-Gon Jung and Aesun Park and Joongeun Choi and Honggoo Kang},
      title = {TiGER: Tiny bandwidth key encapsulation mechanism for easy miGration based on RLWE(R)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1651},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.