Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM

Jan-pieter D’anvers; Angshuman Karmakar; Sujoy Sinha Roy; Frederik Vercauteren

doi:10.1007/978-3-319-89339-6_16

Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM

Jan-pieter D’anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

33 Citations (Scopus)

655 Downloads (Pure)

Abstract

In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.

Original language	English
Title of host publication	Progress in Cryptology – AFRICACRYPT 2018
Subtitle of host publication	10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings
Editors	Antoine Joux, Abderrahmane Nitaj, Tajjeeddine Rachidi
Publisher	Springer
Chapter	16
Pages	282-305
Number of pages	24
ISBN (Electronic)	9783319893396
ISBN (Print)	9783319893389
DOIs	https://doi.org/10.1007/978-3-319-89339-6_16
Publication status	Published - 6 Apr 2018
Event	10th International Conference on Cryptology in Africa (AFRICACRYPT 2018) - Marrakesh, Morocco Duration: 7 May 2018 → 9 May 2018

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10831
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th International Conference on Cryptology in Africa (AFRICACRYPT 2018)
Country/Territory	Morocco
City	Marrakesh
Period	7/05/18 → 9/05/18

Access to Document

10.1007/978-3-319-89339-6_16Licence: None: All rights reserved

D_anvers_et_al_Saber_Module-LWR_Based_Key_Exchange_CPA-Secure_Encryption_and_CCA-Secure_KEM_Progress_in_Cryptology_–_AFRICACRYPT_2018
This is a post-peer-review, pre-copyedit version of an article published in Progress in Cryptology – AFRICACRYPT 2018. The final authenticated version is available online at: https://doi.org/10.1007/978-3-319-89339-6_16
Accepted author manuscript, 474 KBLicence: Other (please specify with Rights Statement)

http://link.springer.com/10.1007/978-3-319-89339-6_16Licence: None: All rights reserved

Cite this

D’anvers, J., Karmakar, A., Sinha Roy, S., & Vercauteren, F. (2018). Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In A. Joux, A. Nitaj, & T. Rachidi (Eds.), Progress in Cryptology – AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings (pp. 282-305). (Lecture Notes in Computer Science; Vol. 10831). Springer. https://doi.org/10.1007/978-3-319-89339-6_16

D’anvers, Jan-pieter ; Karmakar, Angshuman ; Sinha Roy, Sujoy et al. / Saber : module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. Progress in Cryptology – AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. editor / Antoine Joux ; Abderrahmane Nitaj ; Tajjeeddine Rachidi. Springer, 2018. pp. 282-305 (Lecture Notes in Computer Science).

@inproceedings{ea96999766c84fdab2a545c2951394ae,

title = "Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM",

abstract = "In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.",

author = "Jan-pieter D{\textquoteright}anvers and Angshuman Karmakar and {Sinha Roy}, Sujoy and Frederik Vercauteren",

year = "2018",

month = apr,

day = "6",

doi = "10.1007/978-3-319-89339-6_16",

language = "English",

isbn = "9783319893389",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "282--305",

editor = "Antoine Joux and Abderrahmane Nitaj and Rachidi, {Tajjeeddine }",

booktitle = "Progress in Cryptology – AFRICACRYPT 2018",

note = "10th International Conference on Cryptology in Africa (AFRICACRYPT 2018)<br/> ; Conference date: 07-05-2018 Through 09-05-2018",

}

D’anvers, J, Karmakar, A, Sinha Roy, S & Vercauteren, F 2018, Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. in A Joux, A Nitaj & T Rachidi (eds), Progress in Cryptology – AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Lecture Notes in Computer Science, vol. 10831, Springer, pp. 282-305, 10th International Conference on Cryptology in Africa (AFRICACRYPT 2018)
, Marrakesh, Morocco, 7/05/18. https://doi.org/10.1007/978-3-319-89339-6_16

Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. / D’anvers, Jan-pieter; Karmakar, Angshuman; Sinha Roy, Sujoy et al.
Progress in Cryptology – AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. ed. / Antoine Joux; Abderrahmane Nitaj; Tajjeeddine Rachidi. Springer, 2018. p. 282-305 (Lecture Notes in Computer Science; Vol. 10831).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Saber

T2 - 10th International Conference on Cryptology in Africa (AFRICACRYPT 2018)<br/>

AU - D’anvers, Jan-pieter

AU - Karmakar, Angshuman

AU - Sinha Roy, Sujoy

AU - Vercauteren, Frederik

PY - 2018/4/6

Y1 - 2018/4/6

N2 - In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.

AB - In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.

U2 - 10.1007/978-3-319-89339-6_16

DO - 10.1007/978-3-319-89339-6_16

M3 - Conference contribution

SN - 9783319893389

T3 - Lecture Notes in Computer Science

SP - 282

EP - 305

BT - Progress in Cryptology – AFRICACRYPT 2018

A2 - Joux, Antoine

A2 - Nitaj, Abderrahmane

A2 - Rachidi, Tajjeeddine

PB - Springer

Y2 - 7 May 2018 through 9 May 2018

ER -

D’anvers J, Karmakar A, Sinha Roy S, Vercauteren F. Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In Joux A, Nitaj A, Rachidi T, editors, Progress in Cryptology – AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Springer. 2018. p. 282-305. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-89339-6_16

Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this