Publications
Detailed Information
Lizard: Cut off the tail! A practical post-quantum public-key encryption from LWE and LWR
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Cheon, Jung Hee | - |
dc.contributor.author | Kim, Duhyeong | - |
dc.contributor.author | Lee, Joohee | - |
dc.contributor.author | Song, Yongsoo | - |
dc.date.accessioned | 2023-07-14T04:16:42Z | - |
dc.date.available | 2023-07-14T04:16:42Z | - |
dc.date.created | 2023-07-12 | - |
dc.date.created | 2023-07-12 | - |
dc.date.created | 2023-07-12 | - |
dc.date.issued | 2018-09 | - |
dc.identifier.citation | Lecture Notes in Computer Science, Vol.11035, pp.160-177 | - |
dc.identifier.issn | 0302-9743 | - |
dc.identifier.uri | https://hdl.handle.net/10371/195143 | - |
dc.description.abstract | © 2018, Springer Nature Switzerland AG.The LWE problem has been widely used in many constructions for post-quantum cryptography due to its reduction from the worst-case of lattice hard problems and the lightweight operations for generating its instances. The PKE schemes based on the LWE problem have a simple and fast decryption, but the encryption phase requires large parameter size for the leftover hash lemma or Gaussian samplings. In this paper, we propose a novel PKE scheme, called Lizard, without relying on either of them. The encryption procedure of Lizard first combines several LWE samples as in the previous LWE-based PKEs, but the following step to re-randomize this combination before adding a plaintext is different: it removes several least significant bits of each component of the computed vector rather than adding an auxiliary error vector. To the best of our knowledge, Lizard is the first IND-CPA secure PKE under the hardness assumptions of the LWE and LWR problems, and its variant, namely CCALizard, achieves IND-CCA security in the (quantum) random oracle model. Our approach accelerates the encryption speed to a large extent and also reduces the size of ciphertexts. We present an optimized C implementation of our schemes, which shows outstanding performances with concrete security: On an Intel single core processor, an encryption and decryption for CCALizard with 256-bit plaintext space under 128-bit quantum security take only 32,272 and 47,125 cycles, respectively. To achieve these results, we further take some advantages of sparse small secrets. Lizard is submitted to NISTs post-quantum cryptography standardization process. | - |
dc.language | 영어 | - |
dc.publisher | Springer Verlag | - |
dc.title | Lizard: Cut off the tail! A practical post-quantum public-key encryption from LWE and LWR | - |
dc.type | Article | - |
dc.identifier.doi | 10.1007/978-3-319-98113-0_9 | - |
dc.citation.journaltitle | Lecture Notes in Computer Science | - |
dc.identifier.wosid | 000475939100009 | - |
dc.identifier.scopusid | 2-s2.0-85053612598 | - |
dc.citation.endpage | 177 | - |
dc.citation.startpage | 160 | - |
dc.citation.volume | 11035 | - |
dc.description.isOpenAccess | N | - |
dc.contributor.affiliatedAuthor | Cheon, Jung Hee | - |
dc.contributor.affiliatedAuthor | Song, Yongsoo | - |
dc.type.docType | Proceedings Paper | - |
dc.description.journalClass | 1 | - |
dc.subject.keywordAuthor | Post-quantum cryptography | - |
dc.subject.keywordAuthor | Public-key encryption | - |
dc.subject.keywordAuthor | Learning with rounding | - |
dc.subject.keywordAuthor | Learning with errors | - |
- Appears in Collections:
- Files in This Item:
- There are no files associated with this item.
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.