Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Semi-Compressed CRYSTALS-Kyber

Shuiyin Liu, Amin Sakzad

TL;DR

The paper tackles the high ciphertext expansion of CRYSTALS-Kyber by introducing SC-Kyber, which employs Lloyd-Max quantization and a PAM-Gray-BCH encoding to dramatically lower CER without increasing DFR. By proving Lloyd-Max quantization is MMSE-optimal for Kyber’s quantization and designing a constant-time encoding with 8-PAM, Gray mapping, and a shortened BCH code, it demonstrates a practical path to encapsulate up to $638$ bits (≈$2.5$ AES keys) per ciphertext at the same security level as Kyber1024. The work provides a closed-form expression for the DFR under the proposed encoding and establishes a lower bound on CER, aided by an AWGN-channel interpretation of decoding noise and CLT-based validation of the noise model. Overall, the results show that a carefully designed quantization plus coded-plaintext encoding can substantially compress Kyber ciphertexts, suggesting directions for more compact post-quantum encryption schemes in bandwidth-constrained settings.

Abstract

In this paper, we investigate the communication overhead of the Kyber, which has recently been standardized by the National Institute of Standards and Technology (NIST). Given the same decryption failure rate (DFR) and security argument, we show it is feasible to reduce the communication overhead of the Kyber by 54%. The improvement is based on two technologies: ciphertext quantization and plaintext encoding. First, we prove that the Lloyd-Max quantization is optimal to minimize the decryption decoding noise. The original Kyber compression function is not optimal. Second, we propose an encoding scheme, which combines Pulse-Amplitude Modulation (PAM), Gray mapping, and a binary error correcting code. An explicit expression for the DFR is derived. The minimum possible communication overhead is also derived. Finally, we demonstrate that with the Lloyd-Max quantization, 8-PAM, Gray mapping, and a shortened binary BCH(768,638,13) code, the proposed scheme encapsulates 638 bits (e.g., 2.5 AES keys) in a single ciphertext.

Semi-Compressed CRYSTALS-Kyber

TL;DR

The paper tackles the high ciphertext expansion of CRYSTALS-Kyber by introducing SC-Kyber, which employs Lloyd-Max quantization and a PAM-Gray-BCH encoding to dramatically lower CER without increasing DFR. By proving Lloyd-Max quantization is MMSE-optimal for Kyber’s quantization and designing a constant-time encoding with 8-PAM, Gray mapping, and a shortened BCH code, it demonstrates a practical path to encapsulate up to bits (≈ AES keys) per ciphertext at the same security level as Kyber1024. The work provides a closed-form expression for the DFR under the proposed encoding and establishes a lower bound on CER, aided by an AWGN-channel interpretation of decoding noise and CLT-based validation of the noise model. Overall, the results show that a carefully designed quantization plus coded-plaintext encoding can substantially compress Kyber ciphertexts, suggesting directions for more compact post-quantum encryption schemes in bandwidth-constrained settings.

Abstract

In this paper, we investigate the communication overhead of the Kyber, which has recently been standardized by the National Institute of Standards and Technology (NIST). Given the same decryption failure rate (DFR) and security argument, we show it is feasible to reduce the communication overhead of the Kyber by 54%. The improvement is based on two technologies: ciphertext quantization and plaintext encoding. First, we prove that the Lloyd-Max quantization is optimal to minimize the decryption decoding noise. The original Kyber compression function is not optimal. Second, we propose an encoding scheme, which combines Pulse-Amplitude Modulation (PAM), Gray mapping, and a binary error correcting code. An explicit expression for the DFR is derived. The minimum possible communication overhead is also derived. Finally, we demonstrate that with the Lloyd-Max quantization, 8-PAM, Gray mapping, and a shortened binary BCH(768,638,13) code, the proposed scheme encapsulates 638 bits (e.g., 2.5 AES keys) in a single ciphertext.
Paper Structure (7 sections, 1 theorem, 17 equations, 3 tables, 4 algorithms)

This paper contains 7 sections, 1 theorem, 17 equations, 3 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Notation
  4. Kyber Key Encapsulation Mechanism (KEM)
  5. Kyber Decryption Decoding
  6. Optimal Quantization for Kyber
  7. The Lloyd-Max Quantization (LMQ)

Key Result

lemma thmcounterlemma

Let $\mathbf{x} = [x_1,\ldots, x_n]^T \leftarrow \mathbb{Z}_{q}^{n}$ and $L_i \in \mathbb{Z}_{q} \backslash \{0\}$ for $i=1, \ldots, n$. If $[\mathcal{C}_{L_i}, T_{L_i}] = \mathsf{LloydMax}(x_i,\Pr(x_i))$ for $i=1, \ldots, n$, then $C_L = C_{L_1} \times \cdots \times C_{L_n}$ and $T_L=T_{L_1} \ti

Theorems & Definitions (3)

  • lemma thmcounterlemma: Global Minimum
  • proof
  • remark thmcounterremark