sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-17 00:05:38 -04:00
Code Issues Projects Releases Wiki Activity
liboqs/docs/Algorithm data sheets/kex_rlwe_bcns15.md
Alex Parent 35e53b038f Fixes for scan-build and make. (#69)
2016-12-13 11:19:28 -05:00

81 lines
3.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Algorithm data sheet: `kex_rlwe_bcns15`
=======================================
Algorithm
---------
**Name:** BCNS15
**Description:** Key exchange protocol proposed by Bos et al. [BCNS15] based on the ring learning with errors problem. Instantiation of the approximate KEM in public key encryption scheme of Lyubashevsky, Peikert, Regev [LPR10], using reconciliation mechanism of Peikert [Pei14].
**Supporting research:**
- [BCNS15] Joppe W. Bos, Craig Costello, Michael Naehrig, Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In *IEEE Symposium on Security and Privacy (S&P) 2015*, pp. 553-570. IEEE, May 2015. [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599)
- [Pei14] Chris Peikert. Lattice cryptography for the Internet. In *PQCrypto 2014*, volume 8772 of LNCS, pages 197219. Springer, 2014. [https://eprint.iacr.org/2014/070](https://eprint.iacr.org/2014/070)
- [LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In *EUROCRYPT 2010*, volume 6110 of LNCS, pages 123. Springer, May 2010. [https://eprint.iacr.org/2012/230](https://eprint.iacr.org/2012/230)
Security
--------
**Security model:** Unauthenticated key exchange / passive (IND-CPA) key encapsulation mechanism
**Underlying hard problem(s):** Decision ring learning with errors problem
Parameter set 1
---------------
**Claimed classical security:**
- 2^163.8 (original paper)
- 2^86 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092))
**Claimed quantum security:**
- ≥ 2^81.9 (original paper)
- 2^78 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092))
**Communication size:**
- Alice → Bob: 4,096 bytes
- Bob → Alice: 4,224 bytes
- total: 8,320 bytes
Implementation
--------------
**Source of implementation:** Original research paper ([https://github.com/dstebila/rlwekex](https://github.com/dstebila/rlwekex))
**License:** Public domain ("Unlicense", [http://unlicense.org](http://unlicense.org))
**Language:** C
**Constant-time:** When preprocessor macro `CONSTANT_TIME` is defined
**Options:**
- preprocessor macro `CONSTANT_TIME` to enable constant-time code
**Testing:**
- Correctness: covered by test harness `test_kex`
- Statistics of shared secrets: covered by test harness `test_kex`
- statistical distance from uniform over 100 iterations: 0.0561185025
- Static analysis:
- `scan_build`
**Runtime:**
Operation | Iterations | Total time (s) | Time (us): mean | pop. stdev | CPU cycles: mean | pop. stdev
------------------------------ | ----------:| --------------:| ---------------:| ----------:| ----------------:| ----------:
alice 0 | 17664 | 10.000 | 566.145 | 24.189 | 2269004 | 96901
bob | 10923 | 10.001 | 915.562 | 53.806 | 3669454 | 215632
alice 1 | 86154 | 10.000 | 116.071 | 13.987 | 465102 | 56014
Runtime measurement configuration:
- CPU: Intel Core i7 (6700K "Skylake") with 4 cores each running at 4.0 GHz; single-threaded runtime measurements
- TurboBoost and hyperthreading (hardware multithreading): disabled
- liboqs version: commit [c5382941aecc85df90b9179458c9fba7a9f45611](https://github.com/open-quantum-safe/liboqs/commit/c5382941aecc85df90b9179458c9fba7a9f45611)
- compiler: gcc-6 (Homebrew gcc 6.2.0) 6.2.0
- build command: make CC=gcc-6
Reference in New Issue View Git Blame Copy Permalink