Next Article in Journal
Universal Framework for Quantum Error-Correcting Codes
Next Article in Special Issue
Topological Quantum Codes from Lattices Partition on the n-Dimensional Flat Tori
Previous Article in Journal
Application of Structural Entropy and Spatial Filling Factor in Colonoscopy Image Classification

How to Construct Polar Codes for Ring-LWE-Based Public Key Encryption

by 1,* and 2
Beijing National Research Center for Information Science and Technology, Tsinghua University, Beijing 100084, China
Department of Electrical and Electronic Engineering, Imperial College London, London SW7 2AZ, UK
Author to whom correspondence should be addressed.
Academic Editors: Amin Sakzad and Khoa Nguyen
Entropy 2021, 23(8), 938;
Received: 15 June 2021 / Revised: 16 July 2021 / Accepted: 17 July 2021 / Published: 23 July 2021
There exists a natural trade-off in public key encryption (PKE) schemes based on ring learning with errors (RLWE), namely: we would like a wider error distribution to increase the security, but it comes at the cost of an increased decryption failure rate (DFR). A straightforward solution to this problem is the error-correcting code, which is commonly used in communication systems and already appears in some RLWE-based proposals. However, applying error-correcting codes to those cryptographic schemes is far from simply installing an add-on. Firstly, the residue error term derived by decryption has correlated coefficients, whereas most prevalent error-correcting codes with remarkable error tolerance assume the channel noise to be independent and memoryless. This explains why only simple error-correcting methods are used in existing RLWE-based PKE schemes. Secondly, the residue error term has correlated coefficients leaving accurate DFR estimation challenging even for uncoded plaintext. It can be found in the literature that a tighter DFR estimation can effectively create a DFR margin. Thirdly, most error-correcting codes are not well designed for safety considerations, e.g., syndrome decoding has a nonconstant time nature. A code good at error correcting might be weak under a variety of attacks. In this work, we propose a polar coding scheme for RLWE-based PKE. A relaxed “independence” assumption is used to derive an uncorrelated residue noise term, and a wireless communication strategy, outage, is used to construct polar codes. Furthermore, some knowledge about the residue noise is exploited to improve the decoding performance. With the parameterization of NewHope Round 2, the proposed scheme creates a considerable DRF margin, which gives a competitive security improvement compared to state-of-the-art benchmarks. Specifically, the security is improved by 28.8%, while a DFR of 2149 is achieved a for code rate pf 0.25, n=1024,q= 12,289, and binomial parameter k=55. Moreover, polar encoding and decoding have a quasilinear complexity O(Nlog2N) and intrinsically support constant-time implementations. View Full-Text
Keywords: ring LWE; polar codes; public key encryption; error dependency; decryption failure rate ring LWE; polar codes; public key encryption; error dependency; decryption failure rate
Show Figures

Figure 1

MDPI and ACS Style

Wang, J.; Ling, C. How to Construct Polar Codes for Ring-LWE-Based Public Key Encryption. Entropy 2021, 23, 938.

AMA Style

Wang J, Ling C. How to Construct Polar Codes for Ring-LWE-Based Public Key Encryption. Entropy. 2021; 23(8):938.

Chicago/Turabian Style

Wang, Jiabo, and Cong Ling. 2021. "How to Construct Polar Codes for Ring-LWE-Based Public Key Encryption" Entropy 23, no. 8: 938.

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Back to TopTop