TY - JOUR
T1 - LowMS
T2 - a new rank metric code-based KEM without ideal structure
AU - Aragon, Nicolas
AU - Dyseryn, Victor
AU - Gaborit, Philippe
AU - Loidreau, Pierre
AU - Renner, Julian
AU - Wachter-Zeh, Antonia
N1 - Publisher Copyright:
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023.
PY - 2024/4
Y1 - 2024/4
N2 - We propose and analyze LowMS, a new rank-based key encapsulation mechanism (KEM). The acronym stands for Loidreau with Multiple Syndromes, since our work combines the cryptosystem of Loidreau (presented at PQCrypto 2017) together with the multiple syndromes approach, that allows to reduce parameters by sending several syndromes with the same error support in one ciphertext. Our scheme is designed without using ideal structures. Considering cryptosystems without such an ideal structure, like the FrodoKEM cryptosystem, is important since structure allows to compress objects, but gives reductions to specific problems whose security may potentially be weaker than for unstructured problems. For 128 bits of security, we propose parameters with a public key size of 4.8 KB and a ciphertext size of 1.1 KB. To the best of our knowledge, our scheme is the smallest among all existing unstructured post-quantum lattice or code-based algorithms, when taking into account the sum of the public key size and the ciphertext size. In that sense, our scheme is for instance about 4 times shorter than FrodoKEM. Our system relies on the hardness of the Rank Support Learning problem, a well-known variant of the Rank Syndrome Decoding problem, and on the problem of indistinguishability of distorted Gabidulin codes, i.e., Gabidulin codes multiplied by a homogeneous matrix of given rank. The latter problem was introduced by Loidreau in his paper.
AB - We propose and analyze LowMS, a new rank-based key encapsulation mechanism (KEM). The acronym stands for Loidreau with Multiple Syndromes, since our work combines the cryptosystem of Loidreau (presented at PQCrypto 2017) together with the multiple syndromes approach, that allows to reduce parameters by sending several syndromes with the same error support in one ciphertext. Our scheme is designed without using ideal structures. Considering cryptosystems without such an ideal structure, like the FrodoKEM cryptosystem, is important since structure allows to compress objects, but gives reductions to specific problems whose security may potentially be weaker than for unstructured problems. For 128 bits of security, we propose parameters with a public key size of 4.8 KB and a ciphertext size of 1.1 KB. To the best of our knowledge, our scheme is the smallest among all existing unstructured post-quantum lattice or code-based algorithms, when taking into account the sum of the public key size and the ciphertext size. In that sense, our scheme is for instance about 4 times shorter than FrodoKEM. Our system relies on the hardness of the Rank Support Learning problem, a well-known variant of the Rank Syndrome Decoding problem, and on the problem of indistinguishability of distorted Gabidulin codes, i.e., Gabidulin codes multiplied by a homogeneous matrix of given rank. The latter problem was introduced by Loidreau in his paper.
KW - 94A60
KW - Code-based cryptography
KW - Post-quantum cryptography
KW - Rank support learning
KW - Rank-based cryptography
UR - http://www.scopus.com/inward/record.url?scp=85179337069&partnerID=8YFLogxK
U2 - 10.1007/s10623-023-01330-5
DO - 10.1007/s10623-023-01330-5
M3 - Article
AN - SCOPUS:85179337069
SN - 0925-1022
VL - 92
SP - 1075
EP - 1093
JO - Designs, Codes, and Cryptography
JF - Designs, Codes, and Cryptography
IS - 4
ER -