Skip to main content
SpringerLink
Log in

Lattice codes for lattice-based PKE

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Existing error correction mechanisms in lattice-based public key encryption (PKE) rely on either trivial modulation or its concatenation with error correction codes (ECC). This paper demonstrates that lattice coding, as a combined ECC and modulation technique, can replace trivial modulation in current lattice-based PKEs, resulting in improved error correction performance. We model the FrodoPKE protocol as a noisy point-to-point communication system, where the communication channel resembles an additive white Gaussian noise (AWGN) channel. To utilize lattice codes for this specific channel with hypercube shaping, we propose an efficient labeling function that converts binary information bits to lattice codewords and vice versa. The parameter sets of FrodoPKE are enhanced to achieve higher security levels or smaller ciphertext sizes. For instance, the proposed Frodo-1344-E\(_\text {8}\) offers a 10-bit classical security improvement over Frodo-1344. The code for reproducing our main experiments is available at https://github.com/shx-lyu/lattice-codes-for-pke.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1
Algorithm 2
Fig. 4

Similar content being viewed by others

Notes

  1. Barnes–Wall lattices can also be defined recursively [22, Definition 1.1].

  2. If two lattices differ only by a rotation or a scale factor, we say they are isomorphic.

References

  1. Alagic G., Apon D., Cooper D., Dang Q., Dang T., Kelsey J., Lichtinger J., Miller C., Moody D., Peralta R., Perlner R., Robinson A., Smith-Tone D., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2022).

  2. Alkim E., Ducas L., Pöppelmann T., Schwabe P.: Newhope without reconciliation. IACR Cryptol. ePrint Arch. (2016).

  3. Alkim E., Ducas L., Pöppelmann T., Schwabe P.: Post-quantum key exchange—a new hope. In: Holz T., Savage S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, pp. 327–343. USENIX Association, Berkeley (2016).

    Google Scholar 

  4. Annex on FrodoKEM Updates, April 18, 2023 Version (PDF). https://frodokem.org/files/FrodoKEM-annex-20230418.pdf.

  5. Arikan E.: Channel polarization: a method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory 55(7), 3051–3073 (2009). https://doi.org/10.1109/TIT.2009.2021379.

    Article  MathSciNet  Google Scholar 

  6. Bos J.W., Ducas L., Kiltz E., Lepoint T., Lyubashevsky V., Schanck J.M., Schwabe P., Seiler G., Stehlé D.: CRYSTALS—Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018, London, UK, pp. 353–367. IEEE, New York (2018). https://doi.org/10.1109/EuroSP.2018.00032.

  7. Boutros J., Viterbo E., Rastello C., Belfiore J.: Good lattice constellations for both Rayleigh fading and Gaussian channels. IEEE Trans. Inf. Theory 42(2), 502–518 (1996). https://doi.org/10.1109/18.485720.

    Article  Google Scholar 

  8. BSI-Technical Guideline: cryptographic mechanisms: recommendations and key lengths. BSI TR-02102-1 (2021).

  9. Classical, quantum, and plausible (conservative) quantum cost estimates. https://github.com/lwe-frodo/parameter-selection/blob/master/pqsec.py.

  10. Cohn H., Kumar A., Miller S., Radchenko D., Viazovska M.: The sphere packing problem in dimension 24. Ann. Math. 185(3), 1017–1033 (2017). https://doi.org/10.4007/annals.2017.185.3.8.

    Article  MathSciNet  Google Scholar 

  11. Conway J.H., Sloane N.J.A.: Fast quantizing and decoding and algorithms for lattice quantizers and codes. IEEE Trans. Inf. Theory 28(2), 227–231 (1982). https://doi.org/10.1109/TIT.1982.1056484.

    Article  MathSciNet  Google Scholar 

  12. Conway J.H., Sloane N.J.A.: Sphere Packings, Lattices and Groups, 3rd edn Springer, New York (1999).

    Book  Google Scholar 

  13. Cover T.M.: Elements of Information Theory. Wiley, Hoboken (1999).

    Google Scholar 

  14. D’Anvers J., Vercauteren F., Verbauwhede I.: On the impact of decryption failures on the security of LWE/LWR based schemes. IACR Cryptol. ePrint Arch. (2018).

  15. D’Anvers J., Tiepelt M., Vercauteren F., Verbauwhede I.: Timing attacks on error correcting codes in post-quantum schemes. In: Bilgin B., Petkova-Nikova S., Rijmen V. (eds.) Proceedings of ACM Workshop on Theory of Implementation Security, CCS 2019, London, UK, pp. 2–9. ACM, New York (2019). https://doi.org/10.1145/3338467.3358948.

  16. Ding J.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptol. ePrint Arch. (2012).

  17. Erez U., Zamir R.: Achieving 1/2 log (1+SNR) on the AWGN channel with lattice encoding and decoding. IEEE Trans. Inf. Theory 50(10), 2293–2314 (2004). https://doi.org/10.1109/TIT.2004.834787.

    Article  Google Scholar 

  18. Forney G.D.: Coset codes-I: introduction and geometrical classification. IEEE Trans. Inf. Theory 34(5), 1123–1151 (1988). https://doi.org/10.1109/18.21245.

    Article  MathSciNet  Google Scholar 

  19. Forney G.D.: Coset codes-II: binary lattices and related codes. IEEE Trans. Inf. Theory 34(5), 1152–1187 (1988). https://doi.org/10.1109/18.21246.

    Article  MathSciNet  Google Scholar 

  20. Fritzmann T., Pöppelmann T., Sepúlveda J.: Analysis of error-correcting codes for lattice-based key exchange. In: Selected Areas in Cryptography—SAC 2018—25th International Conference, Calgary, AB, Canada. Lecture Notes in Computer Science, vol. 11349, pp. 369–390. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-030-10970-7_17.

  21. Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener M.J. (ed.) Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34.

  22. Grigorescu E., Peikert C.: List-decoding Barnes-Wall lattices. Comput. Complex. 26(2), 365–392 (2017). https://doi.org/10.1007/s00037-016-0151-x.

    Article  MathSciNet  Google Scholar 

  23. Hanrot G., Pujol X., Stehlé D.: Algorithms for the shortest and closest lattice vector problems. In: Chee Y.M., Guo Z., Ling S., Shao F., Tang Y., Wang H., Xing C. (eds.) Coding and Cryptology—Third International Workshop, IWCC 2011, Qingdao, China. Lecture Notes in Computer Science, vol. 6639, pp. 159–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_10.

  24. Hofheinz D., Hövelmanns K., Kiltz E.: A modular analysis of the fujisaki-okamoto transformation. In: Kalai Y., Reyzin L. (eds.) Theory of Cryptography—15th International Conference, TCC 2017, Baltimore, MD, USA, November 12–15, 2017, Proceedings, Part I. Lecture Notes in Computer Science, vol. 10677, pp. 341–371. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70500-2_12.

  25. Jin Z., Shen S., Zhao Y.: Compact and flexible KEM from ideal lattice. IEEE Trans. Inf. Theory 68(6), 3829–3840 (2022). https://doi.org/10.1109/TIT.2022.3148586.

    Article  MathSciNet  Google Scholar 

  26. Kawachi A., Tanaka K., Xagawa K.: Multi-bit cryptosystems based on lattice problems. In: Okamoto T., Wang X. (eds.) Public Key Cryptography—PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China. Lecture Notes in Computer Science, vol. 4450, pp. 315–329. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_21.

  27. Liu L., Yan Y., Ling C., Wu X.: Construction of capacity-achieving lattice codes: polar lattices. IEEE Trans. Commun. 67(2), 915–928 (2019). https://doi.org/10.1109/TCOMM.2018.2876113.

    Article  Google Scholar 

  28. Liu L., Shi J., Ling C.: Polar lattices for lossy compression. IEEE Trans. Inf. Theory 67(9), 6140–6163 (2021). https://doi.org/10.1109/TIT.2021.3097965.

    Article  MathSciNet  Google Scholar 

  29. Lu X., Liu Y., Zhang Z., Jia D., Xue H., He J., Li B.: LAC: practical ring-LWE based public-key encryption with byte-level modulus. IACR Cryptol. ePrint Arch. (2018).

  30. Micciancio D., Nicolosi A.: Efficient bounded distance decoders for Barnes-Wall lattices. In: Kschischang F.R., Yang E. (eds.) 2008 IEEE International Symposium on Information Theory, ISIT 2008, Toronto, ON, Canada, pp. 2484–2488. IEEE, New York (2008). https://doi.org/10.1109/ISIT.2008.4595438.

  31. Naehrig M., Alkim E., Bos J., Ducas L., Easterbrook K., LaMacchia B., Longa P., Mironov I., Nikolaenko V., Peikert C., et al.: Frodokem. Technical Report, National Institute of Standards and Technology (2017).

  32. Peikert C.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283–424 (2016). https://doi.org/10.1561/0400000074.

    Article  MathSciNet  Google Scholar 

  33. Prest T.: Sharper bounds in lattice-based cryptography using the Rényi divergence. In: Takagi T., Peyrin T. (eds.) Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China. Lecture Notes in Computer Science, vol. 10624, pp. 347–374. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70694-8_13.

  34. Regev O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC), Baltimore, MD, USA, pp. 84–93. ACM, New York (2005). https://doi.org/10.1145/1060590.1060603.

  35. Saarinen M.O.: HILA5: on reliability, reconciliation, and error correction for ring-LWE encryption. In: Adams C., Camenisch J. (eds.) Selected Areas in Cryptography—SAC 2017—24th International Conference, Ottawa, ON, Canada. Lecture Notes in Computer Science, vol. 10719, pp. 192–212. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-72565-9_10.

  36. Saliba C., Luzzi L., Ling C.: Error correction for FrodoKEM using the Gosset lattice. In: International Zurich Seminar on Information and Communication (IZS 2022), Zurich, Switzerland. ETH, Zurich (2022). https://doi.org/10.3929/ethz-b-000535279.

  37. Salomon A.J., Amrani O.: Augmented product codes and lattices: Reed–Muller codes and Barnes-Wall lattices. IEEE Trans. Inf. Theory 51(11), 3918–3930 (2005). https://doi.org/10.1109/TIT.2005.856937.

    Article  MathSciNet  Google Scholar 

  38. Salomon A.J., Amrani O.: Reed-Muller codes and Barnes-Wall lattices: generalized multilevel constructions and representation over GF(2\({}^{\text{ q }}\)). Des. Codes Cryptogr. 42(2), 167–180 (2007). https://doi.org/10.1007/s10623-006-9028-3.

    Article  MathSciNet  Google Scholar 

  39. Shor P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172.

    Article  MathSciNet  Google Scholar 

  40. Silva P.R.B., Silva D.: Multilevel LDPC lattices with efficient encoding and decoding and a generalization of Construction D. IEEE Trans. Inf. Theory 65(5), 3246–3260 (2019). https://doi.org/10.1109/TIT.2018.2883119.

    Article  MathSciNet  Google Scholar 

  41. Thakor V.A., Razzaque M.A., Khandaker M.R.A.: Lightweight cryptography algorithms for resource-constrained IoT devices: a review, comparison and research opportunities. IEEE Access 9, 28177–28193 (2021). https://doi.org/10.1109/ACCESS.2021.3052867.

    Article  Google Scholar 

  42. Ungerboeck G.: Channel coding with multilevel/phase signals. IEEE Trans. Inf. Theory 28(1), 55–66 (1982). https://doi.org/10.1109/TIT.1982.1056454.

    Article  MathSciNet  Google Scholar 

  43. van Poppelen A.: Cryptographic decoding of the Leech lattice. IACR Cryptol. ePrint Arch. (2016).

  44. Viazovska M.S.: The sphere packing problem in dimension 8. Ann. Math. (2017). https://doi.org/10.4007/annals.2017.185.3.7.

    Article  MathSciNet  Google Scholar 

  45. Voulgaris P.: Algorithms for the closest and shortest vector problems on general lattices. PhD thesis, University of California, San Diego, USA (2011). http://www.escholarship.org/uc/item/4zt7x45z.

  46. Wang J., Ling C.: How to construct polar codes for ring-LWE-based public key encryption. Entropy 23(8), 938 (2021). https://doi.org/10.3390/e23080938.

    Article  MathSciNet  Google Scholar 

  47. Zamir R.: Lattice Coding for Signals and Networks. Cambridge University Press, Cambridge (2014).

    Book  Google Scholar 

Download references

Acknowledgements

The authors are grateful to the reviewers for their constructive suggestions that improved the presentation and quality of this paper. This work was supported in part by the National Natural Science Foundation of China (Nos. 61902149, 62001300, 62032009, U2001205 and 62311530098), the Natural Science Foundation of Guangdong Province (Nos. 2021A1515011679 and 2023B1515040020), the Science and Technology Planning Project of Guangzhou (No. 202201010388), the Fundamental Research Funds for the Central Universities, the Major Program of Guangdong Basic and Applied Research (No. 2019B030302008), the Engineering and Physical Sciences Research Council (No. EP/S021043/1).

Author information

Authors and Affiliations

  1. College of Cyber Security, Jinan University, Guangzhou, 510632, China

    Shanxiang Lyu, Junzuo Lai & Hao Chen

  2. State Key Laboratory of Cryptology, P. O. Box 5159, Beijing, 100878, China

    Shanxiang Lyu

  3. College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, 518060, China

    Ling Liu

  4. Department of Electrical and Electronic Engineering, Imperial College London, London, SW7 2AZ, UK

    Cong Ling

Authors
  1. Shanxiang Lyu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ling Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cong Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Junzuo Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shanxiang Lyu.

Additional information

Communicated by S. D. Galbraith.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A

Appendix A

The lattice bases for \(E_{8}\), \(BW_{8}\), and \(BW_{16}\) are as follows:

$$\begin{aligned}&\left[ \begin{array}{cccccccc} 2 &{} -1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0.5\\ 0 &{} 1 &{} -1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0.5\\ 0 &{} 0 &{} 1 &{} -1 &{} 0 &{} 0 &{} 0 &{} 0.5\\ 0 &{} 0 &{} 0 &{} 1 &{} -1 &{} 0 &{} 0 &{} 0.5\\ 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} -1 &{} 0 &{} 0.5\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} -1 &{} 0.5\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 0.5\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0.5 \end{array}\right] , \, \, \left[ \begin{array}{cccccccc} 1 &{} 1 &{} 1 &{} 1 &{} 2 &{} 2 &{} 2 &{} 2 \\ 1 &{} 1 &{} 1 &{} 0 &{} 2 &{} 0 &{} 0 &{} 0\\ 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 2 &{} 0 &{} 0\\ 1 &{} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0\\ 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 2 &{} 0\\ 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0\\ 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 0\\ 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 \end{array}\right] \\&\left[ \begin{array}{cccccccccccccccc} 1&{}1&{}1&{}1&{}1&{}2&{}2&{}2&{}2&{}2&{}2&{}2&{}2&{}2&{}2&{}4\\ 1&{}1&{}1&{}1&{}0&{}2&{}2&{}0&{}2&{}0&{}0&{}2&{}0&{}0&{}0&{}0\\ 1&{}1&{}1&{}0&{}1&{}2&{}0&{}2&{}0&{}2&{}0&{}0&{}2&{}0&{}0&{}0\\ 1&{}1&{}1&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}1&{}0&{}1&{}1&{}0&{}2&{}2&{}0&{}0&{}2&{}0&{}0&{}2&{}0&{}0\\ 1&{}1&{}0&{}1&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}1&{}0&{}0&{}1&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}1&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}1&{}1&{}1&{}0&{}0&{}0&{}2&{}2&{}2&{}0&{}0&{}0&{}2&{}0\\ 1&{}0&{}1&{}1&{}0&{}0&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}1&{}0&{}1&{}0&{}0&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}1&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}0&{}1&{}1&{}0&{}0&{}0&{}0&{}0&{}2&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}0&{}1&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}0&{}0&{}1&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0\\ 1&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0&{}0 \end{array}\right] . \end{aligned}$$

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lyu, S., Liu, L., Ling, C. et al. Lattice codes for lattice-based PKE. Des. Codes Cryptogr. 92, 917–939 (2024). https://doi.org/10.1007/s10623-023-01321-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-023-01321-6

Keywords

Mathematics Subject Classification

Search

Navigation