Paper 2021/222

Quantum-safe HIBE: does it cost a Latte?

Raymond K. Zhao, Data61
Sarah McCarthy, University of Waterloo
Ron Steinfeld, Monash University
Amin Sakzad, Monash University
Máire O’Neill, Queen's University Belfast
Abstract

The United Kingdom (UK) government is considering advanced primitives such as identity-based encryption (IBE) for adoption as they transition their public-safety communications network from TETRA to an LTE-based service. However, the current LTE standard relies on elliptic-curve-based IBE, which will be vulnerable to quantum computing attacks, expected within the next 20-30 years. Lattices can provide quantum-safe alternatives for IBE. These schemes have shown promising results in terms of practicality. To date, several IBE schemes over lattices have been proposed, but there has been little in the way of practical evaluation. This paper provides the first complete optimised practical implementation and benchmarking of Latte, a promising Hierarchical IBE (HIBE) scheme proposed by the UK National Cyber Security Centre (NCSC) in 2017 and endorsed by European Telecommunications Standards Institute (ETSI). We propose optimisations for the KeyGen, Delegate, Extract and Gaussian sampling components of Latte, to increase attack costs, reduce decryption key lengths by 2x-3x, ciphertext sizes by up to 33%, and improve speed. In addition, we conduct a precision analysis, bounding the Rényi divergence of the distribution of the real Gaussian sampling procedures from the ideal distribution in corroboration of our claimed security levels. Our resulting implementation of the Delegate function takes 0.4 seconds at 80-bit security level on a desktop machine at 4.2GHz, significantly faster than the order of minutes estimated in the ETSI technical report. Furthermore, our optimised Latte Encrypt/Decrypt implementation reaches speeds up to 9.7x faster than the ETSI implementation.

Note: Full version

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Major revision. IEEE Transactions on Information Forensics and Security
DOI
10.1109/TIFS.2023.3347880
Keywords
lattice-based cryptographyhierarchical identity-based encryptionadvanced primitivessoftware designpost-quantum
Contact author(s)
raymond zhao @ data61 csiro au
sarah mccarthy @ uwaterloo ca
ron steinfeld @ monash edu
amin sakzad @ monash edu
m oneill @ ecit qub ac uk
History
2023-12-27: last of 8 revisions
2021-03-02: received
See all versions
Short URL
https://ia.cr/2021/222
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/222,
      author = {Raymond K.  Zhao and Sarah McCarthy and Ron Steinfeld and Amin Sakzad and Máire O’Neill},
      title = {Quantum-safe HIBE: does it cost a Latte?},
      howpublished = {Cryptology ePrint Archive, Paper 2021/222},
      year = {2021},
      doi = {10.1109/TIFS.2023.3347880},
      note = {\url{https://eprint.iacr.org/2021/222}},
      url = {https://eprint.iacr.org/2021/222}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.