A Practical Post-Quantum Public-Key Cryptosystem Based on $$\textsf {spLWE}$$

The Learning with Errors (\(\textsf {LWE}\)) problem has been widely used as a hardness assumption to construct public-key primitives. In this paper, we propose an efficient instantiation of a PKE scheme based on LWE with a sparse secret, named as \(\textsf {spLWE}\). We first construct an IND-CPA PKE and convert it to an IND-CCA scheme in the quantum random oracle model by applying a modified Fujisaki-Okamoto conversion of Unruh. In order to guarantee the security of our base problem suggested in this paper, we provide a polynomial time reduction from \(\textsf {LWE}\) with a uniformly chosen secret to \(\textsf {spLWE}\). We modify the previous attacks for \(\textsf {LWE}\) to exploit the sparsity of a secret key and derive more suitable parameters. We can finally estimate performance of our scheme supporting 256-bit messages: our implementation shows that our IND-CCA scheme takes 313 \(\upmu \)s and 302 \(\upmu \)s respectively for encryption and decryption with the parameters that have 128-quantum bit security.