# The Whole is Less Than the Sum of Its Parts: Constructing More Efficient Lattice-Based AKEs

@inproceedings{Pino2016TheWI, title={The Whole is Less Than the Sum of Its Parts: Constructing More Efficient Lattice-Based AKEs}, author={Rafa{\"e}l del Pino and Vadim Lyubashevsky and David Pointcheval}, booktitle={SCN}, year={2016} }

Authenticated Key Exchange AKE is the backbone of internet security protocols such as TLS and IKE. A recent announcement by standardization bodies calling for a shift to quantum-resilient crypto has resulted in several AKE proposals from the research community. Because AKE can be generically constructed by combining a digital signature scheme with public key encryption or a KEM, most of these proposals focused on optimizing the known KEMs and left the authentication part to the generic…

## 19 Citations

Comparing apples with apples: performance analysis of lattice-based authenticated key exchange protocols

- Computer Science, MathematicsInternational Journal of Information Security
- 2017

This paper compares existing lattice-based authenticated key exchange protocols, generic and direct, and finds that the instantiation of the AKE by Peikert (PQCrypto, 2014) is the most efficient lattICE-based AKE.

Algebraic generalization of Diffie–Hellman key exchange

- Computer Science, MathematicsJ. Math. Cryptol.
- 2018

An algebraically generalized Diffie–Hellman scheme (AGDH) is suggested that enables the application of any algebra as the platform for key exchange and shows that a symmetric encryption scheme possessing homomorphic properties over some algebraic operation can be turned into a public-key primitive with the AGDH, provided that the operation is complex enough.

A Practical Implementation of Identity-Based Encryption Over NTRU Lattices

- Computer ScienceIMACC
- 2017

This research examines the first pragmatic lattice-based IBE scheme presented by Ducas, Lyubashevsky and Prest in 2014 and brings it into the realm of practicality for use on small devices with improved performance.

Signcryption from NTRU Lattices Without Random Oracles

- Computer Science, Mathematics2019 14th Asia Joint Conference on Information Security (AsiaJCIS)
- 2019

This paper proposes an efficient NTRU-based signcryption scheme, which is inspired from Pion et al.'s key encapsulation mechanism, and provides rigorous security proofs for the confidentiality and unforgeability under NTRu-based assumptions in the standard model.

Post-Quantum Authentication in TLS 1.3: A Performance Study

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2020

This work presents a detailed performance evaluation of the NIST signature algorithm candidates and investigates the imposed latency on TLS 1.3 connection establishment under realistic network conditions, and proposes and evaluates the combination of different PQ signature algorithms across the same certificate chain in TLS.

A Lattice-based AKE on ARM Cortex-M 4

- Computer Science, Mathematics
- 2018

This work instantiates the generic construction by del Pino et al. with the digital signature scheme BLISS-B and the key exchange scheme JarJar-Simple and implements the authenticated key exchange on a ARM Cortex-M4F to show its practical performance on a constrained device.

Post-quantum Key Exchange - A New Hope

- Computer Science, MathematicsUSENIX Security Symposium
- 2016

New parameters and a better suited error distribution are proposed, the scheme's hardness against attacks by quantum computers is analyzed in a conservative way, a new and more efficient error-reconciliation mechanism is introduced, and a defense against backdoors and all-for-the-price-of-one attacks is proposed.

High-speed key encapsulation from NTRU

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

This paper presents software demonstrating that the 20-year-old NTRU cryptos system is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size and is, to the best of the authors' knowledge, the first N TRU software with full protection against timing attacks.

Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs

- Computer ScienceLATINCRYPT
- 2017

This work provides the up to the authors' knowledge first field-programmable gate array (FPGA) implementation of NewHope-Simple that is a slight modification of New hope proposed by the authors themselves in 2016, basically NewHope with different error correction mechanism.

Cryptographic Hardware and Embedded Systems – CHES 2017

- Computer ScienceLecture Notes in Computer Science
- 2017

This paper used differential power analysis (DPA) against the syndrome computation of the decoding algorithm to recover partial information about one half of the private key and proposed a simple but effective countermeasure against the power analysis used during the syndrome calculation.

## References

SHOWING 1-10 OF 49 REFERENCES

Lattice Signatures Without Trapdoors

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

This work provides an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology, and shows that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem.

Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem

- Computer Science, Mathematics2015 IEEE Symposium on Security and Privacy
- 2015

This work demonstrates the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, and accompanies these cipher suites with a rigorous proof of security.

Efficient Identity-Based Encryption over NTRU Lattices

- Computer Science, MathematicsASIACRYPT
- 2014

This work presents the first lattice-based IBE scheme with practical parameters and obtains digital signature schemes which are shorter than the previously most-compact ones of Ducas, Durmus, Lepoint, and Lyubashevsky from Crypto 2013.

Authenticated Key Exchange from Ideal Lattices

- Computer Science, MathematicsEUROCRYPT
- 2015

A practical and provably secure two-pass authenticated key exchange protocol over ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV and OAKE.

Lattice Signatures and Bimodal Gaussians

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

A construction of a lattice-based digital signature scheme that represents an improvement over today’s most efficient lattice schemes and has shorter signature and public key sizes than all previously proposed lattice signature schemes.

Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems

- Computer Science, MathematicsCHES
- 2012

This work presents a signature scheme whose security is derived from the hardness of lattice problems and is based on recent theoretical advances in lattice-based cryptography and is highly optimized for practicability and use in embedded systems.

On the Security of Joint Signature and Encryption

- Computer Science, MathematicsEUROCRYPT
- 2002

It is shown that gCCA2-security suffices for all known uses of CCA2-secure encryption, while no longer suffering from the definitional shortcomings of the latter.

A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

This work uses the learning with errors (LWE) problem to build a new simple and provably secure key exchange scheme and extends the scheme to the ring learning with error problem, resulting in small key size and better efficiency.

A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)

- Computer Science, MathematicsSTOC '98
- 1998

This framework provides a sound formalization for the authentication problem and suggests simple and attractive design principles for general authentication and key exchange protocols and construct and prove the security of simple and practical Authentication and key-exchange protocols.

Making NTRU as Secure as Worst-Case Problems over Ideal Lattices

- Computer Science, MathematicsEUROCRYPT
- 2011

This work shows how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields.