Abstract
Lattice-based cryptography is one of the emerging fields of cryptography in the post-quantum world. It is resistive to quantum attacks and has performance competitive to that of prevalent cryptosystem such as Rivest–Shamir–Adleman (RSA), Diffie Hellman etc. Till now, various basic cryptographic primitives like encryption and decryption, digital signature, hash-based functions, and key exchange are proposed in lattice-based cryptography. The key exchange primitive is one of the basic cryptographic primitives of the Public Key Infrastructure (PKI). Lattices are preferably used to design provably secure reconciliation based key exchange protocols against quantum attacks. However, the literature pertaining to the study of reconciliation based key exchange protocols is limited and often the schemes are studied independently. Therefore, in this work, we have reviewed the reconciliation based key exchange schemes and classify these schemes under two different categories depending on the reconciliation mechanism used by the scheme. We also point out the basic key exchange schemes upon which all other key exchange schemes are based. We conduct a complete review, security analysis, implementation and comparison of these basic key exchange schemes.
Similar content being viewed by others
Notes
Reconciliation is a mechasim that allows sender and receiver to achieve exact key agreement. In the absence of reconciliation, the session key computed at the sender end and the receiver end is different owing to its value being approximate/noisy.
Asymmetric Key Encapsulation is different from KEM. It is also known as key transport technique where sender transmits a random chosen cryptographic key K encrypted with receiver’s public key and therefore, the key can be only decrypted by the intended receiver. This key K is further used by symmetric algorithms for encryption/decryption of bulk data.
Details of matching session and test session are given in Sect. 2.1 of [30]
References
Shor, P. W. (1999). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review, 41(2), 303–332.
Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. arXiv preprint arXiv:quant-ph/9605043.
Chen, L., Chen, L., Jordan, S., Liu, Y. K., Moody, D., Peralta, R., et al. (2016). Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology.
Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6), 34.
Lyubashevsky, V., Peikert, C., & Regev, O. (2010). On ideal lattices and learning with errors over rings. In Annual international conference on the theory and applications of cryptographic techniques (pp. 1–23). Springer .
Nejatollahi, H., Dutt, N., Ray, S., Regazzoni, F., Banerjee, I., & Cammarota, R. (2019). Post-quantum lattice-based cryptography implementations: A survey. ACM Computing Surveys (CSUR), 51(6), 129.
Bindel, N., Buchmann, J., & Rieß, S. (2018). Comparing apples with apples: Performance analysis of lattice-based authenticated key exchange protocols. International Journal of Information Security, 17(6), 701–718.
Gao, X., Ding, J., Saraswathy, R., Li, L., & Liu, J. (2017). Comparison analysis and efficient implementation of reconciliation-based RLWE key exchange protocol. Technical report, Cryptology ePrint Archive, Report 2017/1178. http://eprint.iacr.org.
Kuo, P. C., Li, W. D., Chen, Y. W., Hsu, Y. C., Peng, B. Y., Cheng, C. M., et al. (2017). High performance post-quantum key exchange on FPGAs. Technical report, Cryptology ePrint Archive, Report 2017/690. https://eprint.iacr.org.
Gao, X., Ding, J., Li, L., Saraswathy, R., & Liu, J. (2017). Efficient implementation of password-based authenticated key exchange from RLWE and post-quantum TLS. In IACR cryptology ePrint archive 2017, p. 1192.
Oder, T., & Güneysu, T. (2017). Implementing the newhope-simple key exchange on low-cost FPGAs. In Progress in cryptology LATINCRYPT 2017.
Streit, S., & De Santis, F. (2017). Post-quantum key exchange on ARMV8-A: A new hope for neon made simple. IEEE Transactions on Computers, 67(11), 1651–1662.
Gueron, S., & Schlieker, F. (2016). Speeding up R-LWE post-quantum key exchange. In Nordic conference on secure IT systems (pp. 187–198). Springer.
Nejatollahi, H., Dutt, N. D., Banerjee, I., & Cammarota, R. (2018). Domain-specific accelerators for ideal lattice-based public key protocols. In IACR cryptology ePrint archive, 2018, p. 608.
Krawczyk, H. (2003). Sigma: The ‘sign-and-mac’ approach to authenticated Diffie–Hellman and its use in the IKE protocols. In Annual international cryptology conference (pp. 400–425). Springer.
Ding, J., Xie, X., & Lin, X. (2012). A simple provably secure key exchange scheme based on the learning with errors problem. In IACR cryptology ePrint archive, 2012, p. 688.
Peikert, C. (2014). Lattice cryptography for the internet. In International workshop on post-quantum cryptography (pp. 197–219). Springer.
Zhang, J., Zhang, Z., Ding, J., Snook, M., & Dagdelen, Ö. (2015). Authenticated key exchange from ideal lattices. In Annual international conference on the theory and applications of cryptographic techniques (pp. 719–751). Springer.
Krawczyk, H. (2005) HMQV: A high-performance secure Diffie–Hellman protocol. In Annual international cryptology conference (pp. 546–566). Springer.
Yao, A. C. C., & Zhao, Y. (2013). OAKE: A new family of implicitly authenticated Diffie–Hellman protocols. In Proceedings of the 2013 ACM SIGSAC conference on computer & communications security (pp. 1113–1128). ACM.
Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Annual international cryptology conference (pp. 232–249). Springer.
Ding, J., Alsayigh, S., Lancrenon, J., Saraswathy, R., & Snook, M. (2017). Provably secure password authenticated key exchange based on RLWE for the post-quantum world. In Cryptographers’ Track at the RSA conference (pp. 183–204). Springer.
Boyko, V., MacKenzie, P., & Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie–Hellman. In International conference on the theory and applications of cryptographic techniques (pp. 156–171). Springer.
MacKenzie, P. (2002). The PAK suite: Protocols for password-authenticated key exchange. In Contributions to IEEE P1363.2, p. 1.
Gao, X., Ding, J., Li, L., & Liu, J. (2018). Practical randomized RLWE-based key exchange against signal leakage attack. IEEE Transactions on Computers, 1, 1–1.
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., & Barker, E. (2001). A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, Booz-Allen and Hamilton Inc Mclean Va.
Feng, Q., He, D., Zeadally, S., Kumar, N., & Liang, K. (2018). Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Systems Journal, 13(3), 2775–2785.
Dabra, V., Bala, A., & Kumari, S. (2020). LBA-PAKE: Lattice-based anonymous password authenticated key exchange for mobile devices. IEEE Systems Journal,. https://doi.org/10.1109/JSYST.2020.3023808.
Islam, S. H. (2020). Provably secure two-party authenticated key agreement protocol for post-quantum environments. Journal of Information Security and Applications, 52, 102468.
Canetti, R., & Krawczyk, H. (2002) Security analysis of IKE’s signature-based key-exchange protocol. In Annual international cryptology conference (pp. 143–161). Springer.
Bos, J. W., Costello, C., Naehrig, M., & Stebila, D. (2015). Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In 2015 IEEE symposium on security and privacy (SP) (pp. 553–570). IEEE.
Bos, J., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., et al. (2016) Frodo: Take off the ring! practical, quantum-secure key exchange from LWE. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1006–1018). ACM.
Alkim, E., Ducas, L., Pöppelmann, T., & Schwabe, P. (2016). Postquantum key exchange—A new hope. In USENIX security symposium, vol. 2016.
Experimenting with post-quantum cryptography. https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html. Last accessed: July 14, 2020.
Saarinen, M. J. O. (2017). HILA5: On reliability, reconciliation, and error correction for Ring-LWE encryption. In International conference on selected areas in cryptography (pp. 192–212). Springer.
Ding, J., Alsayigh, S., Saraswathy, R., Fluhrer, S., & Lin, X. (2017). Leakage of signal function with reused keys in RLWE key exchange. In 2017 IEEE international conference on communications (ICC) (pp. 1–6). IEEE.
Ding, J., Fluhrer, S., & Rv, S. (2018). Complete attack on RLWE key exchange with reused keys, without signal leakage. In Australasian conference on information security and privacy (pp. 467–486). Springer.
Fluhrer, S. R. (2016). Cryptanalysis of Ring-LWE based key exchange with key share reuse. In IACR cryptology ePrint archive, 2016, p. 85.
Gong, B., & Zhao, Y. (2016). Small field attack, and revisiting RLWE-based authenticated key exchange from eurocrypt’15. InIACR cryptology ePrint archive, 2016, p. 913.
Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In International conference on the theory and applications of cryptographic techniques (pp. 453–474). Springer.
Stehlé, D., & Steinfeld, R. (2011). Making NTRU as secure as worst-case problems over ideal lattices. In Annual international conference on the theory and applications of cryptographic techniques (pp. 27–47). Springer.
Lyubashevsky, V., Peikert, C., & Regev, O. (2013). A toolkit for Ring-LWE cryptography. In Annual international conference on the theory and applications of cryptographic techniques (pp. 35–54). Springer.
Singh, V. (2015). A practical key exchange for the internet using lattice cryptography. In IACR cryptology ePrint archive, 2015, p. 138.
Fujisaki, E., & Okamoto, T. (1999). Secure integration of asymmetric and symmetric encryption schemes. In Annual international cryptology conference (pp. 537–554). Springer.
Liu, C., Zheng, Z., & Zou, G. (2018). Key reuse attack on newhope key exchange protocol. In International conference on information security and cryptology (pp. 163–176). Springer.
Bauer, A., Gilbert, H., Renault, G., & Rossi, M. (2019). Assessment of the key-reuse resilience of newhope. In Cryptographers’ track at the RSA conference (pp. 272–292). Springer.
Okada, S., Wang, Y., & Takagi, T. (2020). Improving key mismatch attack on newhope with fewer queries. In IACR Cryptology ePrint Archive, 2020, p. 585.
Qin, Y., Cheng, C., & Ding, J. (2019). A complete and optimized key mismatch attack on NIST candidate newhope. In European symposium on research in computer security (pp. 504–520). Springer.
Ravi, P., Roy, S. S., Chattopadhyay, A., & Bhasin, S. (2020). Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. In IACR transactions on cryptographic hardware and embedded systems (pp. 307–335).
Vacek, J., & Václavek, J. Key mismatch attack on newhope revisited.
Bernstein, D. J., Bruinderink, L. G., Lange, T., & Panny, L. (2018). HILA5 pindakaas: On the CCA security of lattice-based encryption with error correction. In International conference on cryptology in Africa (pp. 203–216). Springer.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Dabra, V., Bala, A. & Kumari, S. Reconciliation based key exchange schemes using lattices: a review. Telecommun Syst 77, 413–434 (2021). https://doi.org/10.1007/s11235-021-00759-0
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-021-00759-0