Error Correction for FrodoKEM Using the Gosset Lattice
This work addresses efficiency and security issues in lattice-based cryptography, offering incremental improvements for cryptographic protocols.
The paper tackles the performance of FrodoKEM, a lattice-based cryptosystem, by proposing a new error correction mechanism using the Gosset lattice, resulting in improved concrete security by 10-13 bits or reduced bandwidth by 7% while lowering decryption failure probability.
We consider FrodoKEM, a lattice-based cryptosystem based on LWE, and propose a new error correction mechanism to improve its performance. Our encoder maps the secret key block-wise into the Gosset lattice $E_8$. We propose two sets of parameters for our modified implementation. Thanks to the improved error correction, the first implementation outperforms FrodoKEM in terms of concrete security by $10$ to $13$ bits by increasing the error variance; the second allows to reduce the bandwidth by $7\%$ by halving the modulus $q$. In both cases, the decryption failure probability is improved compared to the original FrodoKEM. Unlike some previous works on error correction for lattice-based protocols, we provide a rigorous error probability bound by decomposing the error matrix into blocks with independent error coefficients.