Error Correction for FrodoKEM Using the Gosset Lattice

TL;DR

This paper introduces a novel error correction method for FrodoKEM using the Gosset lattice, enhancing security and reducing bandwidth while providing rigorous error probability bounds.

Contribution

It proposes a new error correction mechanism with lattice encoding, improving security and efficiency of FrodoKEM with formal error bounds.

Findings

Outperforms original FrodoKEM in security by 10-13 bits.

Reduces bandwidth by 7% with halved modulus q.

Provides rigorous error probability bounds.

Abstract

We consider FrodoKEM, a lattice-based cryptosystem based on LWE, and propose a new error correction mechanism to improve its performance. Our encoder maps the secret key block-wise into the Gosset lattice $E_8$. We propose two sets of parameters for our modified implementation. Thanks to the improved error correction, the first implementation outperforms FrodoKEM in terms of concrete security by $10$ to $13$ bits by increasing the error variance; the second allows to reduce the bandwidth by $7\%$ by halving the modulus $q$. In both cases, the decryption failure probability is improved compared to the original FrodoKEM. Unlike some previous works on error correction for lattice-based protocols, we provide a rigorous error probability bound by decomposing the error matrix into blocks with independent error coefficients.