Abstract | ||
---|---|---|
At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert's ring-learning-with-errors-based (Ring-LWE) key-exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme's hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation and by more than a factor of 27 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks. |
Year | Venue | DocType |
---|---|---|
2016 | PROCEEDINGS OF THE 25TH USENIX SECURITY SYMPOSIUM | Conference |
Citations | PageRank | References |
1 | 0.35 | 0 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Erdem Alkım | 1 | 7 | 0.86 |
Léo Ducas | 2 | 497 | 28.81 |
Thomas Pöppelmann | 3 | 357 | 17.96 |
Peter Schwabe | 4 | 759 | 44.16 |