Analysis of Error Dependencies on Newhope
- Title
- Analysis of Error Dependencies on Newhope
- Author
- 신동준
- Keywords
- Bandwidth efficiency; Chernoff-Cramer bound; decryption failure rate; error dependency; key encapsulation mechanism; lattice-based cryptography; NewHope; NIST; post-quantum cryptography; relaxation; ring-learning with errors; security; union bound; upper bound
- Issue Date
- 2020-03
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Citation
- IEEE ACCESS, v. 8, page. 45443-45456
- Abstract
- Among many submissions to NIST post-quantum cryptography (PQC) project, NewHope is a promising key encapsulation mechanism (KEM) based on the Ring-Learning with errors (Ring-LWE) problem. Since NewHope is an indistinguishability (IND)-chosen ciphertext attack secure KEM by applying the Fujisaki-Okamoto transform to an IND-chosen plaintext attack secure public-key encryption, accurate calculation of decryption failure rate (DFR) is required to guarantee resilience against attacks that exploit decryption failures. However, the current upper bound (UB) on DFR of NewHope is rather loose because the compression noise, the effect of encoding/decoding of NewHope, and the approximation effect of centered binomial distribution are not fully considered. Furthermore, since NewHope is a Ring-LWE based cryptography, there is a problem of error dependency among error coefficients, which makes accurate DFR calculation difficult. In this paper, we derive much tighter UB on DFR than the current UB by using constraint relaxation and union bound. Especially, the above-mentioned factors are all considered in the derivation of new UB and the centered binomial distribution is not approximated. Since the error dependency is also considered, the new UB is much closer to the real DFR than the current UB. Furthermore, the new UB is parameterized by using Chernoff-Cramer bound to facilitate the calculation of new UB for the parameters of NewHope. Since the new UB is much lower than the DFR requirement of PQC, this DFR margin can be used to improve NewHope. As a result, the security level and bandwidth efficiency of NewHope are improved by 7.2 % and 5.9 %, respectively.
- URI
- https://ieeexplore.ieee.org/document/9020084https://repository.hanyang.ac.kr/handle/20.500.11754/164938
- ISSN
- 2169-3536
- DOI
- 10.1109/ACCESS.2020.2977607
- Appears in Collections:
- COLLEGE OF ENGINEERING[S](공과대학) > ELECTRONIC ENGINEERING(융합전자공학부) > Articles
- Files in This Item:
- Analysis of Error Dependencies on Newhope.pdfDownload
- Export
- RIS (EndNote)
- XLS (Excel)
- XML