Skip to main content
SpringerLink
Log in

Reconciliation based key exchange schemes using lattices: a review

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Lattice-based cryptography is one of the emerging fields of cryptography in the post-quantum world. It is resistive to quantum attacks and has performance competitive to that of prevalent cryptosystem such as Rivest–Shamir–Adleman (RSA), Diffie Hellman etc. Till now, various basic cryptographic primitives like encryption and decryption, digital signature, hash-based functions, and key exchange are proposed in lattice-based cryptography. The key exchange primitive is one of the basic cryptographic primitives of the Public Key Infrastructure (PKI). Lattices are preferably used to design provably secure reconciliation based key exchange protocols against quantum attacks. However, the literature pertaining to the study of reconciliation based key exchange protocols is limited and often the schemes are studied independently. Therefore, in this work, we have reviewed the reconciliation based key exchange schemes and classify these schemes under two different categories depending on the reconciliation mechanism used by the scheme. We also point out the basic key exchange schemes upon which all other key exchange schemes are based. We conduct a complete review, security analysis, implementation and comparison of these basic key exchange schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. Reconciliation is a mechasim that allows sender and receiver to achieve exact key agreement. In the absence of reconciliation, the session key computed at the sender end and the receiver end is different owing to its value being approximate/noisy.

  2. Asymmetric Key Encapsulation is different from KEM. It is also known as key transport technique where sender transmits a random chosen cryptographic key K encrypted with receiver’s public key and therefore, the key can be only decrypted by the intended receiver. This key K is further used by symmetric algorithms for encryption/decryption of bulk data.

  3. Details of matching session and test session are given in Sect. 2.1 of [30]

References

  1. Shor, P. W. (1999). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review, 41(2), 303–332.

    Article  Google Scholar 

  2. Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. arXiv preprint arXiv:quant-ph/9605043.

  3. Chen, L., Chen, L., Jordan, S., Liu, Y. K., Moody, D., Peralta, R., et al. (2016). Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology.

  4. Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6), 34.

    Article  Google Scholar 

  5. Lyubashevsky, V., Peikert, C., & Regev, O. (2010). On ideal lattices and learning with errors over rings. In Annual international conference on the theory and applications of cryptographic techniques (pp. 1–23). Springer .

  6. Nejatollahi, H., Dutt, N., Ray, S., Regazzoni, F., Banerjee, I., & Cammarota, R. (2019). Post-quantum lattice-based cryptography implementations: A survey. ACM Computing Surveys (CSUR), 51(6), 129.

    Article  Google Scholar 

  7. Bindel, N., Buchmann, J., & Rieß, S. (2018). Comparing apples with apples: Performance analysis of lattice-based authenticated key exchange protocols. International Journal of Information Security, 17(6), 701–718.

    Article  Google Scholar 

  8. Gao, X., Ding, J., Saraswathy, R., Li, L., & Liu, J. (2017). Comparison analysis and efficient implementation of reconciliation-based RLWE key exchange protocol. Technical report, Cryptology ePrint Archive, Report 2017/1178. http://eprint.iacr.org.

  9. Kuo, P. C., Li, W. D., Chen, Y. W., Hsu, Y. C., Peng, B. Y., Cheng, C. M., et al. (2017). High performance post-quantum key exchange on FPGAs. Technical report, Cryptology ePrint Archive, Report 2017/690. https://eprint.iacr.org.

  10. Gao, X., Ding, J., Li, L., Saraswathy, R., & Liu, J. (2017). Efficient implementation of password-based authenticated key exchange from RLWE and post-quantum TLS. In IACR cryptology ePrint archive 2017, p. 1192.

  11. Oder, T., & Güneysu, T. (2017). Implementing the newhope-simple key exchange on low-cost FPGAs. In Progress in cryptology LATINCRYPT 2017.

  12. Streit, S., & De Santis, F. (2017). Post-quantum key exchange on ARMV8-A: A new hope for neon made simple. IEEE Transactions on Computers, 67(11), 1651–1662.

    Article  Google Scholar 

  13. Gueron, S., & Schlieker, F. (2016). Speeding up R-LWE post-quantum key exchange. In Nordic conference on secure IT systems (pp. 187–198). Springer.

  14. Nejatollahi, H., Dutt, N. D., Banerjee, I., & Cammarota, R. (2018). Domain-specific accelerators for ideal lattice-based public key protocols. In IACR cryptology ePrint archive, 2018, p. 608.

  15. Krawczyk, H. (2003). Sigma: The ‘sign-and-mac’ approach to authenticated Diffie–Hellman and its use in the IKE protocols. In Annual international cryptology conference (pp. 400–425). Springer.

  16. Ding, J., Xie, X., & Lin, X. (2012). A simple provably secure key exchange scheme based on the learning with errors problem. In IACR cryptology ePrint archive, 2012, p. 688.

  17. Peikert, C. (2014). Lattice cryptography for the internet. In International workshop on post-quantum cryptography (pp. 197–219). Springer.

  18. Zhang, J., Zhang, Z., Ding, J., Snook, M., & Dagdelen, Ö. (2015). Authenticated key exchange from ideal lattices. In Annual international conference on the theory and applications of cryptographic techniques (pp. 719–751). Springer.

  19. Krawczyk, H. (2005) HMQV: A high-performance secure Diffie–Hellman protocol. In Annual international cryptology conference (pp. 546–566). Springer.

  20. Yao, A. C. C., & Zhao, Y. (2013). OAKE: A new family of implicitly authenticated Diffie–Hellman protocols. In Proceedings of the 2013 ACM SIGSAC conference on computer & communications security (pp. 1113–1128). ACM.

  21. Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Annual international cryptology conference (pp. 232–249). Springer.

  22. Ding, J., Alsayigh, S., Lancrenon, J., Saraswathy, R., & Snook, M. (2017). Provably secure password authenticated key exchange based on RLWE for the post-quantum world. In Cryptographers’ Track at the RSA conference (pp. 183–204). Springer.

  23. Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman. In International conference on the theory and applications of cryptographic techniques (pp. 156–171). Springer.

  24. MacKenzie, P. (2002). The PAK suite: Protocols for password-authenticated key exchange. In Contributions to IEEE P1363.2, p. 1.

  25. Gao, X., Ding, J., Li, L., & Liu, J. (2018). Practical randomized RLWE-based key exchange against signal leakage attack. IEEE Transactions on Computers, 1, 1–1.

    Google Scholar 

  26. Rukhin, A., Soto, J., Nechvatal, J., Smid, M., & Barker, E. (2001). A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, Booz-Allen and Hamilton Inc Mclean Va.

  27. Feng, Q., He, D., Zeadally, S., Kumar, N., & Liang, K. (2018). Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Systems Journal, 13(3), 2775–2785.

    Article  Google Scholar 

  28. Dabra, V., Bala, A., & Kumari, S. (2020). LBA-PAKE: Lattice-based anonymous password authenticated key exchange for mobile devices. IEEE Systems Journal,. https://doi.org/10.1109/JSYST.2020.3023808.

    Article  Google Scholar 

  29. Islam, S. H. (2020). Provably secure two-party authenticated key agreement protocol for post-quantum environments. Journal of Information Security and Applications, 52, 102468.

    Article  Google Scholar 

  30. Canetti, R., & Krawczyk, H. (2002) Security analysis of IKE’s signature-based key-exchange protocol. In Annual international cryptology conference (pp. 143–161). Springer.

  31. Bos, J. W., Costello, C., Naehrig, M., & Stebila, D. (2015). Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In 2015 IEEE symposium on security and privacy (SP) (pp. 553–570). IEEE.

  32. Bos, J., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., et al. (2016) Frodo: Take off the ring! practical, quantum-secure key exchange from LWE. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1006–1018). ACM.

  33. Alkim, E., Ducas, L., Pöppelmann, T., & Schwabe, P. (2016). Postquantum key exchange—A new hope. In USENIX security symposium, vol. 2016.

  34. Experimenting with post-quantum cryptography. https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html. Last accessed: July 14, 2020.

  35. Saarinen, M. J. O. (2017). HILA5: On reliability, reconciliation, and error correction for Ring-LWE encryption. In International conference on selected areas in cryptography (pp. 192–212). Springer.

  36. Ding, J., Alsayigh, S., Saraswathy, R., Fluhrer, S., & Lin, X. (2017). Leakage of signal function with reused keys in RLWE key exchange. In 2017 IEEE international conference on communications (ICC) (pp. 1–6). IEEE.

  37. Ding, J., Fluhrer, S., & Rv, S. (2018). Complete attack on RLWE key exchange with reused keys, without signal leakage. In Australasian conference on information security and privacy (pp. 467–486). Springer.

  38. Fluhrer, S. R. (2016). Cryptanalysis of Ring-LWE based key exchange with key share reuse. In IACR cryptology ePrint archive, 2016, p. 85.

  39. Gong, B., & Zhao, Y. (2016). Small field attack, and revisiting RLWE-based authenticated key exchange from eurocrypt’15. InIACR cryptology ePrint archive, 2016, p. 913.

  40. Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In International conference on the theory and applications of cryptographic techniques (pp. 453–474). Springer.

  41. Stehlé, D., & Steinfeld, R. (2011). Making NTRU as secure as worst-case problems over ideal lattices. In Annual international conference on the theory and applications of cryptographic techniques (pp. 27–47). Springer.

  42. Lyubashevsky, V., Peikert, C., & Regev, O. (2013). A toolkit for Ring-LWE cryptography. In Annual international conference on the theory and applications of cryptographic techniques (pp. 35–54). Springer.

  43. Singh, V. (2015). A practical key exchange for the internet using lattice cryptography. In IACR cryptology ePrint archive, 2015, p. 138.

  44. Fujisaki, E., & Okamoto, T. (1999). Secure integration of asymmetric and symmetric encryption schemes. In Annual international cryptology conference (pp. 537–554). Springer.

  45. Liu, C., Zheng, Z., & Zou, G. (2018). Key reuse attack on newhope key exchange protocol. In International conference on information security and cryptology (pp. 163–176). Springer.

  46. Bauer, A., Gilbert, H., Renault, G., & Rossi, M. (2019). Assessment of the key-reuse resilience of newhope. In Cryptographers’ track at the RSA conference (pp. 272–292). Springer.

  47. Okada, S., Wang, Y., & Takagi, T. (2020). Improving key mismatch attack on newhope with fewer queries. In IACR Cryptology ePrint Archive, 2020, p. 585.

  48. Qin, Y., Cheng, C., & Ding, J. (2019). A complete and optimized key mismatch attack on NIST candidate newhope. In European symposium on research in computer security (pp. 504–520). Springer.

  49. Ravi, P., Roy, S. S., Chattopadhyay, A., & Bhasin, S. (2020). Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. In IACR transactions on cryptographic hardware and embedded systems (pp. 307–335).

  50. Vacek, J., & Václavek, J. Key mismatch attack on newhope revisited.

  51. Bernstein, D. J., Bruinderink, L. G., Lange, T., & Panny, L. (2018). HILA5 pindakaas: On the CCA security of lattice-based encryption with error correction. In International conference on cryptology in Africa (pp. 203–216). Springer.

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Thapar Institute of Engineering & Technology, Patiala, India

    Vivek Dabra & Anju Bala

  2. Department of Computer Science and Engineering, SGT University, Gurugram, India

    Vivek Dabra

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, India

    Saru Kumari

Authors
  1. Vivek Dabra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anju Bala
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dabra, V., Bala, A. & Kumari, S. Reconciliation based key exchange schemes using lattices: a review. Telecommun Syst 77, 413–434 (2021). https://doi.org/10.1007/s11235-021-00759-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-021-00759-0

Keywords

Search

Navigation