EMBLEM: (R)LWE-based key encapsulation with a new multi-bit encoding method

Abstract

Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev's encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.