KyFrog: A High-Security LWE-Based KEM Inspired by ML-KEM

TL;DR

KyFrog is a high-security LWE-based key-encapsulation mechanism with large ciphertexts, designed for enhanced security margins against lattice attacks, while maintaining manageable key sizes, and is openly available as open-source software.

Contribution

It introduces KyFrog, a novel LWE-based KEM with larger parameters for increased security, and provides detailed design, implementation, and security analysis.

Findings

Achieves approximately 2^{325} security level against lattice attacks.

Features large ciphertext (~0.5 MiB) with comparable key sizes to ML-KEM.

Provides open-source implementation and comprehensive security evaluation.

Abstract

KyFrog is a conservative Learning-with-Errors (LWE) key-encapsulation mechanism designed to explore an alternative operating point compared to schemes with relatively small public keys and ciphertexts. KyFrog uses a larger dimension ($n = 1024$) and a small prime modulus $q = 1103$, together with narrow error distributions with standard deviations $\sigma_s = \sigma_e = 1.4$, to target approximately $2^{325}$ classical and quantum security against state-of-the-art lattice attacks under standard cost models, as estimated using the Lattice Estimator. The price paid for this security margin is an extremely large KEM ciphertext (about 0.5 MiB), while public and secret keys remain in the same ballpark as ML-KEM. We describe the design rationale, parameter search methodology, and implementation details of KyFrog, and we compare its asymptotic security and concrete parameter sizes with the ML-KEM standard. All code and data for this work are released as free and open-source software, with the full C++23 implementation and experimental scripts available at: https://github.com/victormeloasm/kyfrog