Better Security Estimates for Approximate, IoT-Friendly R-LWE Cryptosystems

This work explores the effect of approximation on the Ring-learning with errors (R-LWE) based public-key cryptography (PKE) systems. Lattice-based problems such as LWE have proven to be a viable alternative to the currently used PKE systems in a post-quantum world, with one such scheme taken up for standardisation in NIST's post-quantum cryptography standardisation process (CRYSTALS-Kyber). In the modern world, the Internet of Things (IoT) applications and devices have become ubiquitous. Often, they are not secure, and with the threat of quantum computing looming on the horizon, R-LWE could provide a solution. R-LWE-based schemes come at a higher computational cost, making them challenging to be implemented on IoT devices that require low energy, low area, and efficient cryptography. To enable this, approximation could aid in lowering the necessary power and memory by removing some of the complexity in R-LWE scheme. This work provides improved security estimates for an earlier presented approximate R-LWE scheme (AxRLWE), that explores the approximation via truncation of the Gaussian distribution samples values and using an approximate modular multiplier. In addition, this work calculates an effective failure rate for different truncation levels of 2 typical medium level R-LWE parameter sets and concludes a truncation of 2-bits to be the best balance between security and approximation.