Module Learning with Errors (M-LWE) based key reconciliation mechanisms (KRM) can be viewed as quantizing an M-LWE sample according to a lattice codebook. This paper describes a generic M-LWE-based KRM framework, valid for any dimensional lattices and any modulus $q$ without a dither. Our main result is an explicit upper bound on the decryption failure rate (DFR) of M-LWE-based KRM. This bound allows us to construct optimal lattice quantizers to reduce the DFR and communication cost simultaneously. Moreover, we present a KRM scheme using the same security parameters $(q,k,\eta_1,\eta_2)$ as in Kyber. Compared with Kyber, the communication cost is reduced by up to $36.47\%$ and the DFR is reduced by a factor of up to $2^{99}$. The security arguments remain the same as Kyber.
翻译:暂无翻译