We consider FrodoKEM, a lattice-based cryptosystem based on LWE, and propose a new error correction mechanism to improve its performance. Our encoder maps the secret key block-wise into the Gosset lattice $E_8$. We propose two sets of parameters for our modified implementation. Thanks to the improved error correction, the first implementation outperforms FrodoKEM in terms of concrete security by $10$ to $13$ bits by increasing the error variance; the second allows to reduce the bandwidth by $7\%$ by halving the modulus $q$. In both cases, the decryption failure probability is improved compared to the original FrodoKEM. Unlike some previous works on error correction for lattice-based protocols, we provide a rigorous error probability bound by decomposing the error matrix into blocks with independent error coefficients.
翻译:我们认为基于 LWE 的基于 lattice 的加密系统 FrodoKEM 是一个基于 LWE 的密钥系统, 并提议一个新的错误纠正机制来改进其性能。 我们的编码器将秘密密钥的块块绘制成 Gosset lattice $_ 8 $。 我们为修改执行提出了两套参数 。 由于改进了错误校正, 第一个执行器在具体安全方面比FrodoKEM 高10 美元到 13 美元 位数, 增加了错误差异; 第二个允许通过将moulus $q$ 减半来降低带宽 7 $ $ 。 在这两种情况下, 解密概率都比原 FrodoKEM 提高了。 与先前关于基于 lattice 协议的错误校正的一些工程不同, 我们提供了严格的错误概率, 将错误矩阵分解成独立错误系数的区块。
相关内容
微信扫码咨询专知VIP会员