IND-CCA Lattice Threshold KEM under 30 KiB (original) (raw)

Paper 2026/021

IND-CCA Lattice Threshold KEM under 30 KiB

Oleksandra Lapiha, Royal Holloway University of London

Rafaël del Pino, PQShield

Thomas Prest, PQShield

Abstract

At Asiacrypt'25, Lapiha and Prest proposed a lattice-based IND-CCA threshold key-encapsulation mechanism (TKEM) obtained from a threshold identity-based encryption (TIBE) and a signature scheme. Their construction relies on a variant of the Boneh-Canetti-Halevi-Katz (BCHK) transform, instantiated with a lattice-based TIBE. However it suffers from large ciphertexts at 540 KiB for kappa=128\kappa = 128kappa=128 bits of security. We present substantial improvements to their TIBE, resulting in the first concretely efficient lattice-based IND-CCA TKEM, with ciphertexts just under 30 KiB for a threshold T=32T = 32T=32, Q=245Q = 2^{45}Q=245 queries, and the same kappa\kappakappa. Our design simplifies the original framework by leveraging the power of random oracles already present in their construction. We further enhance efficiency by adopting approximate computations where appropriate and by replacing module-NTRU trapdoors with NTRU trapdoors, achieving a remarkable eighteenfold reduction in ciphertext size. Finally, leveraging recent developments in secret sharing, we ensure the verifiability of key-extraction shares even in the presence of malicious parties.

BibTeX

@misc{cryptoeprint:2026/021, author = {Katharina Boudgoust and Oleksandra Lapiha and Rafaël del Pino and Thomas Prest}, title = {{IND}-{CCA} Lattice Threshold {KEM} under 30 {KiB}}, howpublished = {Cryptology {ePrint} Archive, Paper 2026/021}, year = {2026}, url = {https://eprint.iacr.org/2026/021} }