CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM

Joppe Bos, Leo Ducas, Eike Kiltz, T Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, Damien Stehle
2018 2018 IEEE European Symposium on Security and Privacy (EuroS&P)  
Recent advances in quantum computing and the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digital-signature, encryption, and keyestablishment protocols increased interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of the CRYSTALS -Cryptographic Suite for Algebraic Lattices -package that will be submitted to the NIST call for post-quantum standards), a portfolio of postquantum cryptographic primitives built
more » ... und a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. We first introduce a CPA-secure public key encryption scheme, apply a variant of the Fujisaki-Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticatedkey-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of post-quantum security. We implemented and benchmarked the CCA-secure KEM and key exchange protocols against the ones that are based on LWE and Ring-LWE: we conclude that our schemes are not only as efficient but also feature more flexibility and security advantages over the latter schemes.
doi:10.1109/eurosp.2018.00032 dblp:conf/eurosp/BosDKLLSSSS18 fatcat:o7dl5wpwcndarjp3wtm2eqwycm