Abstract
Existing error correction mechanisms in lattice-based public key encryption (PKE) rely on either trivial modulation or its concatenation with error correction codes (ECC). This paper demonstrates that lattice coding, as a combined ECC and modulation technique, can replace trivial modulation in current lattice-based PKEs, resulting in improved error correction performance. We model the FrodoPKE protocol as a noisy point-to-point communication system, where the communication channel resembles an additive white Gaussian noise (AWGN) channel. To utilize lattice codes for this specific channel with hypercube shaping, we propose an efficient labeling function that converts binary information bits to lattice codewords and vice versa. The parameter sets of FrodoPKE are enhanced to achieve higher security levels or smaller ciphertext sizes. For instance, the proposed Frodo-1344-E\(_\text {8}\) offers a 10-bit classical security improvement over Frodo-1344. The code for reproducing our main experiments is available at https://github.com/shx-lyu/lattice-codes-for-pke.
Similar content being viewed by others
Notes
Barnes–Wall lattices can also be defined recursively [22, Definition 1.1].
If two lattices differ only by a rotation or a scale factor, we say they are isomorphic.
References
Alagic G., Apon D., Cooper D., Dang Q., Dang T., Kelsey J., Lichtinger J., Miller C., Moody D., Peralta R., Perlner R., Robinson A., Smith-Tone D., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2022).
Alkim E., Ducas L., Pöppelmann T., Schwabe P.: Newhope without reconciliation. IACR Cryptol. ePrint Arch. (2016).
Alkim E., Ducas L., Pöppelmann T., Schwabe P.: Post-quantum key exchange—a new hope. In: Holz T., Savage S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, pp. 327–343. USENIX Association, Berkeley (2016).
Annex on FrodoKEM Updates, April 18, 2023 Version (PDF). https://frodokem.org/files/FrodoKEM-annex-20230418.pdf.
Arikan E.: Channel polarization: a method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory 55(7), 3051–3073 (2009). https://doi.org/10.1109/TIT.2009.2021379.
Bos J.W., Ducas L., Kiltz E., Lepoint T., Lyubashevsky V., Schanck J.M., Schwabe P., Seiler G., Stehlé D.: CRYSTALS—Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018, London, UK, pp. 353–367. IEEE, New York (2018). https://doi.org/10.1109/EuroSP.2018.00032.
Boutros J., Viterbo E., Rastello C., Belfiore J.: Good lattice constellations for both Rayleigh fading and Gaussian channels. IEEE Trans. Inf. Theory 42(2), 502–518 (1996). https://doi.org/10.1109/18.485720.
BSI-Technical Guideline: cryptographic mechanisms: recommendations and key lengths. BSI TR-02102-1 (2021).
Classical, quantum, and plausible (conservative) quantum cost estimates. https://github.com/lwe-frodo/parameter-selection/blob/master/pqsec.py.
Cohn H., Kumar A., Miller S., Radchenko D., Viazovska M.: The sphere packing problem in dimension 24. Ann. Math. 185(3), 1017–1033 (2017). https://doi.org/10.4007/annals.2017.185.3.8.
Conway J.H., Sloane N.J.A.: Fast quantizing and decoding and algorithms for lattice quantizers and codes. IEEE Trans. Inf. Theory 28(2), 227–231 (1982). https://doi.org/10.1109/TIT.1982.1056484.
Conway J.H., Sloane N.J.A.: Sphere Packings, Lattices and Groups, 3rd edn Springer, New York (1999).
Cover T.M.: Elements of Information Theory. Wiley, Hoboken (1999).
D’Anvers J., Vercauteren F., Verbauwhede I.: On the impact of decryption failures on the security of LWE/LWR based schemes. IACR Cryptol. ePrint Arch. (2018).
D’Anvers J., Tiepelt M., Vercauteren F., Verbauwhede I.: Timing attacks on error correcting codes in post-quantum schemes. In: Bilgin B., Petkova-Nikova S., Rijmen V. (eds.) Proceedings of ACM Workshop on Theory of Implementation Security, CCS 2019, London, UK, pp. 2–9. ACM, New York (2019). https://doi.org/10.1145/3338467.3358948.
Ding J.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptol. ePrint Arch. (2012).
Erez U., Zamir R.: Achieving 1/2 log (1+SNR) on the AWGN channel with lattice encoding and decoding. IEEE Trans. Inf. Theory 50(10), 2293–2314 (2004). https://doi.org/10.1109/TIT.2004.834787.
Forney G.D.: Coset codes-I: introduction and geometrical classification. IEEE Trans. Inf. Theory 34(5), 1123–1151 (1988). https://doi.org/10.1109/18.21245.
Forney G.D.: Coset codes-II: binary lattices and related codes. IEEE Trans. Inf. Theory 34(5), 1152–1187 (1988). https://doi.org/10.1109/18.21246.
Fritzmann T., Pöppelmann T., Sepúlveda J.: Analysis of error-correcting codes for lattice-based key exchange. In: Selected Areas in Cryptography—SAC 2018—25th International Conference, Calgary, AB, Canada. Lecture Notes in Computer Science, vol. 11349, pp. 369–390. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-030-10970-7_17.
Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener M.J. (ed.) Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34.
Grigorescu E., Peikert C.: List-decoding Barnes-Wall lattices. Comput. Complex. 26(2), 365–392 (2017). https://doi.org/10.1007/s00037-016-0151-x.
Hanrot G., Pujol X., Stehlé D.: Algorithms for the shortest and closest lattice vector problems. In: Chee Y.M., Guo Z., Ling S., Shao F., Tang Y., Wang H., Xing C. (eds.) Coding and Cryptology—Third International Workshop, IWCC 2011, Qingdao, China. Lecture Notes in Computer Science, vol. 6639, pp. 159–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_10.
Hofheinz D., Hövelmanns K., Kiltz E.: A modular analysis of the fujisaki-okamoto transformation. In: Kalai Y., Reyzin L. (eds.) Theory of Cryptography—15th International Conference, TCC 2017, Baltimore, MD, USA, November 12–15, 2017, Proceedings, Part I. Lecture Notes in Computer Science, vol. 10677, pp. 341–371. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70500-2_12.
Jin Z., Shen S., Zhao Y.: Compact and flexible KEM from ideal lattice. IEEE Trans. Inf. Theory 68(6), 3829–3840 (2022). https://doi.org/10.1109/TIT.2022.3148586.
Kawachi A., Tanaka K., Xagawa K.: Multi-bit cryptosystems based on lattice problems. In: Okamoto T., Wang X. (eds.) Public Key Cryptography—PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China. Lecture Notes in Computer Science, vol. 4450, pp. 315–329. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_21.
Liu L., Yan Y., Ling C., Wu X.: Construction of capacity-achieving lattice codes: polar lattices. IEEE Trans. Commun. 67(2), 915–928 (2019). https://doi.org/10.1109/TCOMM.2018.2876113.
Liu L., Shi J., Ling C.: Polar lattices for lossy compression. IEEE Trans. Inf. Theory 67(9), 6140–6163 (2021). https://doi.org/10.1109/TIT.2021.3097965.
Lu X., Liu Y., Zhang Z., Jia D., Xue H., He J., Li B.: LAC: practical ring-LWE based public-key encryption with byte-level modulus. IACR Cryptol. ePrint Arch. (2018).
Micciancio D., Nicolosi A.: Efficient bounded distance decoders for Barnes-Wall lattices. In: Kschischang F.R., Yang E. (eds.) 2008 IEEE International Symposium on Information Theory, ISIT 2008, Toronto, ON, Canada, pp. 2484–2488. IEEE, New York (2008). https://doi.org/10.1109/ISIT.2008.4595438.
Naehrig M., Alkim E., Bos J., Ducas L., Easterbrook K., LaMacchia B., Longa P., Mironov I., Nikolaenko V., Peikert C., et al.: Frodokem. Technical Report, National Institute of Standards and Technology (2017).
Peikert C.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283–424 (2016). https://doi.org/10.1561/0400000074.
Prest T.: Sharper bounds in lattice-based cryptography using the Rényi divergence. In: Takagi T., Peyrin T. (eds.) Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China. Lecture Notes in Computer Science, vol. 10624, pp. 347–374. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70694-8_13.
Regev O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC), Baltimore, MD, USA, pp. 84–93. ACM, New York (2005). https://doi.org/10.1145/1060590.1060603.
Saarinen M.O.: HILA5: on reliability, reconciliation, and error correction for ring-LWE encryption. In: Adams C., Camenisch J. (eds.) Selected Areas in Cryptography—SAC 2017—24th International Conference, Ottawa, ON, Canada. Lecture Notes in Computer Science, vol. 10719, pp. 192–212. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-72565-9_10.
Saliba C., Luzzi L., Ling C.: Error correction for FrodoKEM using the Gosset lattice. In: International Zurich Seminar on Information and Communication (IZS 2022), Zurich, Switzerland. ETH, Zurich (2022). https://doi.org/10.3929/ethz-b-000535279.
Salomon A.J., Amrani O.: Augmented product codes and lattices: Reed–Muller codes and Barnes-Wall lattices. IEEE Trans. Inf. Theory 51(11), 3918–3930 (2005). https://doi.org/10.1109/TIT.2005.856937.
Salomon A.J., Amrani O.: Reed-Muller codes and Barnes-Wall lattices: generalized multilevel constructions and representation over GF(2\({}^{\text{ q }}\)). Des. Codes Cryptogr. 42(2), 167–180 (2007). https://doi.org/10.1007/s10623-006-9028-3.
Shor P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172.
Silva P.R.B., Silva D.: Multilevel LDPC lattices with efficient encoding and decoding and a generalization of Construction D. IEEE Trans. Inf. Theory 65(5), 3246–3260 (2019). https://doi.org/10.1109/TIT.2018.2883119.
Thakor V.A., Razzaque M.A., Khandaker M.R.A.: Lightweight cryptography algorithms for resource-constrained IoT devices: a review, comparison and research opportunities. IEEE Access 9, 28177–28193 (2021). https://doi.org/10.1109/ACCESS.2021.3052867.
Ungerboeck G.: Channel coding with multilevel/phase signals. IEEE Trans. Inf. Theory 28(1), 55–66 (1982). https://doi.org/10.1109/TIT.1982.1056454.
van Poppelen A.: Cryptographic decoding of the Leech lattice. IACR Cryptol. ePrint Arch. (2016).
Viazovska M.S.: The sphere packing problem in dimension 8. Ann. Math. (2017). https://doi.org/10.4007/annals.2017.185.3.7.
Voulgaris P.: Algorithms for the closest and shortest vector problems on general lattices. PhD thesis, University of California, San Diego, USA (2011). http://www.escholarship.org/uc/item/4zt7x45z.
Wang J., Ling C.: How to construct polar codes for ring-LWE-based public key encryption. Entropy 23(8), 938 (2021). https://doi.org/10.3390/e23080938.
Zamir R.: Lattice Coding for Signals and Networks. Cambridge University Press, Cambridge (2014).
Acknowledgements
The authors are grateful to the reviewers for their constructive suggestions that improved the presentation and quality of this paper. This work was supported in part by the National Natural Science Foundation of China (Nos. 61902149, 62001300, 62032009, U2001205 and 62311530098), the Natural Science Foundation of Guangdong Province (Nos. 2021A1515011679 and 2023B1515040020), the Science and Technology Planning Project of Guangzhou (No. 202201010388), the Fundamental Research Funds for the Central Universities, the Major Program of Guangdong Basic and Applied Research (No. 2019B030302008), the Engineering and Physical Sciences Research Council (No. EP/S021043/1).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix A
Appendix A
The lattice bases for \(E_{8}\), \(BW_{8}\), and \(BW_{16}\) are as follows:
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Lyu, S., Liu, L., Ling, C. et al. Lattice codes for lattice-based PKE. Des. Codes Cryptogr. 92, 917–939 (2024). https://doi.org/10.1007/s10623-023-01321-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-023-01321-6