LIMA-PQ

We introduce LIMA (LattIce MAthematics), a set of lattice-based public-key encryption and key encapsulation mechanisms, offering chosen plaintext security and chosen ciphertext security options. LIMA mixes conservative, standard and boring design choices with some efficiency improvements and flexibility. These factors are exhibited in its genesis: it is based on the ring variant [EC:LyuPeiReg10] of the LWE problem [STOC:Regev05] and on the encryption construction in [RSA:LinPei11]. We use the Fujisaki-Okamoto transform [PKC:FujOka99] to obtain an IND-CCA secure public-key encryption scheme. Our IND-CCA key encapsulation mechanism (KEM) is obtained via a transform of Dent [IMA:Dent03]. This provides improved communication efficiency over using our IND-CCA public-key encryption scheme directly as a KEM; we also give a tight security proof for our IND-CCA KEM... The use of safe-primes appears to mitigate the possibility of attacks via subfields, but it also avoids the complex ring..

Primary location: Austin United States