Reducing Ciphertext and Key Sizes for MLWE-Based Cryptosystems

TL;DR

This paper demonstrates that ciphertext and key sizes in Kyber, a post-quantum cryptographic scheme, can be significantly reduced using finite blocklength analysis without compromising security.

Contribution

It introduces finite blocklength methods to optimize Kyber's parameters, achieving substantial size reductions while maintaining security levels.

Findings

25% reduction in ciphertext and key sizes for Kyber1024 asymptotically

39% reduction in ciphertext size for Kyber1024 with a single encryption block

33% reduction in ciphertext size for Kyber512 with a single encryption block

Abstract

The concatenation of encryption and decryption can be interpreted as data transmission over a noisy communication channel. In this work, we use finite blocklength methods (normal approximation and random coding union bound) as well as asymptotics to show that ciphertext and key sizes of the state-of-the-art post-quantum secure key encapsulation mechanism (KEM) Kyber can be reduced without compromising the security of the scheme. We show that in the asymptotic regime, it is possible to reduce the sizes of ciphertexts and secret keys by 25% for the parameter set Kyber1024 while keeping the bitrate at 1 as proposed in the original scheme. For a single Kyber encryption block used to share a 256-bit AES key, we furthermore show that reductions in ciphertext size of 39% and 33% are possible for Kyber1024 and Kyber512, respectively.