Public-key cryptography is an indispensable component used in almost all of our present-day digital infrastructure. However, most if not all of it is predominantly built upon hardness guarantees of number theoretic problems that can be broken by large-scale quantum computers in the future. Sensing the imminent threat from continued advances in quantum computing, NIST has recently initiated a global-level standardization process for quantum resistant public-key cryptographic primitives such as public-key encryption, digital signatures, and key encapsulation mechanisms. While the process received proposals from various categories of post-quantum cryptography, lattice-based cryptography features most prominently among all the submissions. Lattice-based cryptography offers a very attractive alternative to traditional public-key cryptography mainly due to the variety of lattice-based schemes offering varying flavors of security and efficiency guarantees. In this article, we survey the evolution of lattice-based key-sharing schemes (public-key encryption and key encapsulation schemes) and cover various aspects ranging from theoretical security guarantees, general algorithmic frameworks, practical implementation aspects, and physical attack security, with special focus on lattice-based key-sharing schemes competing in the NIST’s standardization process.

中文翻译：

---

基于格的密钥共享方案

公钥密码学是我们当今几乎所有数字基础设施中不可或缺的组成部分。然而，即使不是全部，大部分也主要建立在数论问题的硬度保证之上，这些问题在未来可以被大型量子计算机破解。NIST 意识到量子计算的持续进步带来的迫在眉睫的威胁，最近启动了针对抗量子公钥密码原语（例如公钥加密、数字签名和密钥封装机制）的全球级标准化流程。虽然该过程收到了来自各种后量子密码学类别的提案，但基于格的密码学特征在所有提交中最为突出。基于格的密码学为传统的公钥密码学提供了一种非常有吸引力的替代方案，这主要是因为基于格的各种方案提供了不同风格的安全性和效率保证。在本文中，我们调查了基于格的密钥共享方案（公钥加密和密钥封装方案）的演变，涵盖了从理论安全保证、通用算法框架、实际实现方面和物理攻击安全等各个方面，特别关注在 NIST 标准化过程中竞争的基于格的密钥共享方案。