Imperial College London
Alternate

DrCongLing

Faculty of EngineeringDepartment of Electrical and Electronic Engineering

Reader in Coding and Information Theory
 
 
 
//

Contact

 

+44 (0)20 7594 6214c.ling

 
 
//

Location

 

815Electrical EngineeringSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Wang:2021:10.3390/e23080938,
author = {Wang, J and Ling, C},
doi = {10.3390/e23080938},
journal = {Entropy (Basel, Switzerland)},
pages = {1--24},
title = {How to construct polar codes for ring-LWE-based public key encryption.},
url = {http://dx.doi.org/10.3390/e23080938},
volume = {23},
year = {2021}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - There exists a natural trade-off in public key encryption (PKE) schemes based on ring learning with errors (RLWE), namely: we would like a wider error distribution to increase the security, but it comes at the cost of an increased decryption failure rate (DFR). A straightforward solution to this problem is the error-correcting code, which is commonly used in communication systems and already appears in some RLWE-based proposals. However, applying error-correcting codes to those cryptographic schemes is far from simply installing an add-on. Firstly, the residue error term derived by decryption has correlated coefficients, whereas most prevalent error-correcting codes with remarkable error tolerance assume the channel noise to be independent and memoryless. This explains why only simple error-correcting methods are used in existing RLWE-based PKE schemes. Secondly, the residue error term has correlated coefficients leaving accurate DFR estimation challenging even for uncoded plaintext. It can be found in the literature that a tighter DFR estimation can effectively create a DFR margin. Thirdly, most error-correcting codes are not well designed for safety considerations, e.g., syndrome decoding has a nonconstant time nature. A code good at error correcting might be weak under a variety of attacks. In this work, we propose a polar coding scheme for RLWE-based PKE. A relaxed "independence" assumption is used to derive an uncorrelated residue noise term, and a wireless communication strategy, outage, is used to construct polar codes. Furthermore, some knowledge about the residue noise is exploited to improve the decoding performance. With the parameterization of NewHope Round 2, the proposed scheme creates a considerable DRF margin, which gives a competitive security improvement compared to state-of-the-art benchmarks. Specifically, the security is improved by 28.8%, while a DFR of 2-149 is achieved a for code rate pf 0.25, n=1024,q= 12,289, and binomial paramete
AU  - Wang,J
AU  - Ling,C
DO  - 10.3390/e23080938
EP  - 24
PY  - 2021///
SN  - 1099-4300
SP  - 1
TI  - How to construct polar codes for ring-LWE-based public key encryption.
T2  - Entropy (Basel, Switzerland)
UR  - http://dx.doi.org/10.3390/e23080938
UR  - https://www.ncbi.nlm.nih.gov/pubmed/34441077
UR  - https://www.mdpi.com/1099-4300/23/8/938
UR  - http://hdl.handle.net/10044/1/91514
VL  - 23
ER  -
Download