Lattice-based cryptography is a promising candidate for post-quantum cryptosystems, and a large amount of research has been conducted on learning with errors (LWE) problems, which are believed to be resistant against quantum attacks. In this paper, we propose two new key encapsulation mechanisms (KEMs), called EMBLEM and R.EMBLEM, based on (ring) LWE problems. The new KEMs have two main features: (1) Their security is based on the (ring) LWE problem with small secrets, which leads to both a secret key of constant size (regardless of the LWE parameters) and a relatively large standard deviation of the discrete Gaussian distributions. (2) They rely on a new multi-bit encoding method that is suitable for (ring) LWE-based encryption schemes. Compared to Regev’s encoding method, the proposed method does not require any rounding operation for decoding, and in this sense, it is conceptually simpler and easier to understand. Concrete parameters of the KEMs targeting 128-bit security level (against classical attacks) are provided, and their performance is compared with that of previous (ring) LWE-based KEMs in the literature.

中文翻译：

---

EMBLEM：使用新的多位编码方法的基于（R）LWE的密钥封装

基于格的密码学是后量子密码系统的一个有前途的候选者，并且已经进行了大量关于错误学习（LWE）问题的研究，这些问题被认为可以抵抗量子攻击。在本文中，我们提出了两个新的密钥封装机制（KEM），称为EMBLEM和R.EMBLEM，基于（环）LWE问题。新的KEM具有两个主要特征：（1）它们的安全性基于具有小秘密的（环形）LWE问题，这会导致大小恒定的秘密密钥（无论LWE参数如何）和相对较大的标准偏差。离散的高斯分布。（2）它们依赖于适用于（环形）基于LWE的加密方案的新的多位编码方法。与Regev的编码方法相比，该方法不需要任何舍入运算即可进行解码，从这个意义上说，它在概念上更简单易懂。提供了针对128位安全级别（针对经典攻击）的KEM的具体参数，并将其性能与文献中基于（环状）LWE的KEM的性能进行了比较。