Skip Content
You are currently on the new version of our website. Access the old version .
MDPIMDPI
Search all articles
by
  • Anas A. Abudaqa1,*,
  • Khaled Alshehri2 and
  • Muhamad Felemban3,4,5

Reviewer 1: Anonymous Reviewer 2: Luis Adrián Lizama-Pérez

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The question is interesting. But there are major concerns. 

Kyber is not FHE.

The Kyber construction is not fully specified, so your construction cannot be implemented from the paper (missing evaluation keys, noise/rounding analysis no correctness bounds).

Classic McEliece KEM is not the same as the McEliece (Niederreiter) PKE. The KEM interface has no homomorphic behavior. The additive property your use in the paper is for McEliece PKE (not Classic McEliece KEM). Your McEliece/KEM framing (and relation to the NIST competition for KEMs) is  very misleading.

Table 1 reports sizes with NIST levels of L1/L3/L5 under the label “McEliece,”. It looks like Classic-McEliece parameters.
But your protocol relies on plain McEliece/Niederreiter PKE. 

The Bloom filter discussion uses a nonstandard FP expression. The choice of \lambda  is not justified against a target \epsilon and the size of the set.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The manuscript presents a study of the homomorphic properties of two post-quantum cryptographic schemes, Kyber and McEliece, applying them to design Private Set Intersection (PSI) protocols. The work includes the proposal of two protocols (one based on the additive homomorphism of McEliece and the other on the multiplicative homomorphism of Kyber), and experimental evaluation that takes storage overhead, communication overhead, and computational cost under different NIST security levels. The topic is relevant in the field of post-quantum cryptography and addresses a practical problem of growing interest, that is private set intersection. However, after reviewing the manuscript I conclude that it requires major revisions before it can be considered for publication. The relevant findings are detailed below:

  1. First, the original contribution of the work is not clearly defined. The homomorphic properties of both Kyber (in the MLWE context) and McEliece have already been studied in prior literature. The added value of this manuscript lies mainly in the application of these properties to concrete PSI protocols, and in the comparative experimental evaluation that is carried out. This point should be made explicit in the text so that readers understand which parts correspond to established knowledge and which parts constitute the authors’ novel contribution.
  2. The manuscript does not provide formal security proof of the proposed protocols. The security discussion is limited to identifying known limitations (such as the fact that Kyber-PKE is only IND-CPA, or the vulnerability of McEliece to decoding attacks if error weights are not properly managed) and to suggesting parametric adjustments. The authors should incorporate formal proof of security for the proposed schemes.
  3. Although the related work section is adequate, the comparison with existing literature is not reflected in the experimental results. The tables and figures contrast only with the performance of Kyber and McEliece in the proposed protocols, without situating these results against previous PSI protocols based on LWE, RLWE, or NTRU. The authors should add a comparative discussion, and preferably numerical results, to better position their proposals relative to the state of the art.
  4. Practical limitations of the proposals should be more clearly identified. The Kyber-based protocol is more secure but less efficient, whereas the McEliece-based protocol is more efficient in practice but raises security concerns. This contrast, although mentioned, should be emphasized in the conclusions, making clear that the protocols cannot yet be considered ready for real-world deployment.

For these reasons, I suggest that the authors clearly state the original contribution, include a more direct comparison with previous results, and strengthen the discussion on security and limitations.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The authors have satisfactorily addressed the observations raised during the review. Therefore, this reviewer has no objection to the manuscript being published in its current form.