Analysis of error dependencies on newhope

Minki Song, Seunghwan Lee, Dong Joon Shin, Eunsang Lee, Young Sik Kim, Jong Seon No

Research output: Contribution to journalArticle


Among many submissions to NIST post-quantum cryptography (PQC) project, NewHope is a promising key encapsulation mechanism (KEM) based on the Ring-Learning with errors (Ring-LWE) problem. Since NewHope is an indistinguishability (IND)-chosen ciphertext attack secure KEM by applying the Fujisaki-Okamoto transform to an IND-chosen plaintext attack secure public-key encryption, accurate calculation of decryption failure rate (DFR) is required to guarantee resilience against attacks that exploit decryption failures. However, the current upper bound (UB) on DFR of NewHope is rather loose because the compression noise, the effect of encoding/decoding of NewHope, and the approximation effect of centered binomial distribution are not fully considered. Furthermore, since NewHope is a Ring-LWE based cryptography, there is a problem of error dependency among error coefficients, which makes accurate DFR calculation difficult. In this paper, we derive much tighter UB on DFR than the current UB by using constraint relaxation and union bound. Especially, the above-mentioned factors are all considered in the derivation of new UB and the centered binomial distribution is not approximated. Since the error dependency is also considered, the new UB is much closer to the real DFR than the current UB. Furthermore, the new UB is parameterized by using Chernoff-Cramer bound to facilitate the calculation of new UB for the parameters of NewHope. Since the new UB is much lower than the DFR requirement of PQC, this DFR margin can be used to improve NewHope. As a result, the security level and bandwidth efficiency of NewHope are improved by 7.2 % and 5.9 %, respectively.

Original languageEnglish
Article number9020084
Pages (from-to)45443-45456
Number of pages14
JournalIEEE Access
StatePublished - 2020 Jan 1



  • Bandwidth efficiency
  • Chernoff-Cramer bound
  • decryption failure rate
  • error dependency
  • key encapsulation mechanism
  • lattice-based cryptography
  • NewHope
  • NIST
  • post-quantum cryptography
  • relaxation
  • ring-learning with errors
  • security
  • union bound
  • upper bound

Cite this

Song, M., Lee, S., Shin, D. J., Lee, E., Kim, Y. S., & No, J. S. (2020). Analysis of error dependencies on newhope. IEEE Access, 8, 45443-45456. [9020084].