TY - GEN
T1 - Higher rates and information-theoretic analysis for the RLWE channel
AU - Maringer, Georg
AU - Puchinger, Sven
AU - Wachter-Zeh, Antonia
N1 - Publisher Copyright:
©2021 IEEE
PY - 2021/4/11
Y1 - 2021/4/11
N2 - The Learning with Errors (LWE) problem is considered to be a hard problem and lies the foundation of various cryptographic algorithms. Several cryptosystems based on the closely related Ring Learning with Errors (RLWE) problem have been proposed within the NIST PQC standardization process, e.g., the systems LAC and NewHope. The combination of encryption and decryption for these kinds of algorithms can be interpreted as data transmission over noisy channels. To the best of our knowledge this paper is the first work that analyzes the capacity of this channel. We extend this channel from binary to q-ary alphabets and show that this does not compromise the security of the related RLWE-based schemes if appropriate error correcting codes are used to prevent the decryption failure rate (DFR) from increasing. We give a lower bound on the capacity of this channel showing that the achievable asymptotic rates are substantially (5.7 times for LAC and 10.7 times for NewHope) higher than the currently deployed ones for the finite length regime. Furthermore, under the assumption of stochastically independent coefficient failures, we show that substantially higher rates can also be achieved in the finite length setting by using the Gilbert-Varshamov bound. Moreover, we give explicit code constructions increasing the achievable rate by a factor of 2 for LAC and a factor of 7 for NewHope without increasing the DFR for the respective parameter sets achieving a security level equivalent to AES256.
AB - The Learning with Errors (LWE) problem is considered to be a hard problem and lies the foundation of various cryptographic algorithms. Several cryptosystems based on the closely related Ring Learning with Errors (RLWE) problem have been proposed within the NIST PQC standardization process, e.g., the systems LAC and NewHope. The combination of encryption and decryption for these kinds of algorithms can be interpreted as data transmission over noisy channels. To the best of our knowledge this paper is the first work that analyzes the capacity of this channel. We extend this channel from binary to q-ary alphabets and show that this does not compromise the security of the related RLWE-based schemes if appropriate error correcting codes are used to prevent the decryption failure rate (DFR) from increasing. We give a lower bound on the capacity of this channel showing that the achievable asymptotic rates are substantially (5.7 times for LAC and 10.7 times for NewHope) higher than the currently deployed ones for the finite length regime. Furthermore, under the assumption of stochastically independent coefficient failures, we show that substantially higher rates can also be achieved in the finite length setting by using the Gilbert-Varshamov bound. Moreover, we give explicit code constructions increasing the achievable rate by a factor of 2 for LAC and a factor of 7 for NewHope without increasing the DFR for the respective parameter sets achieving a security level equivalent to AES256.
UR - http://www.scopus.com/inward/record.url?scp=85112690352&partnerID=8YFLogxK
U2 - 10.1109/ITW46852.2021.9457596
DO - 10.1109/ITW46852.2021.9457596
M3 - Conference contribution
AN - SCOPUS:85112690352
T3 - 2020 IEEE Information Theory Workshop, ITW 2020
BT - 2020 IEEE Information Theory Workshop, ITW 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 IEEE Information Theory Workshop, ITW 2020
Y2 - 11 April 2021 through 15 April 2021
ER -