Algorithm type: Key encapsulation mechanism. Main cryptographic assumption: learning with errors (LWE). Principal submitters: Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen …

FrodoKEM-1344, which targets Level 5 in the NIST call for proposals (matching or exceeding the brute-force security of AES-256).

All these matrices are of size n× ̄n or ̄n×n and each entry is 2 bytes large, resulting in a size of 10 240, 15 616 and 21 504 bytes for FrodoKEM-640, FrodoKEM-976 and FrodoKEM-1344 respectively.

FrodoCCS [BCDMNNRS’16] instantiated and implemented [LP’11], using pseudorandom public matrix A to reduce public key size. Lineage of [Ajtai’96,AjtaiDwork’97]: worst-case/average-case reductions: …

FrodoKEM: Learning with Errors Key Encapsulation. FrodoKEM is a family of key-encapsulation mechanisms that are designed to be conservative yet practical post-quantum constructions whose …

Jun 4, 2021 · In particular, in work published in 2011, Lindner and Peikert [84] gave a more e cient LWE-based public-key encryption scheme that uses a square public matrix A 2 Zn n instead of an oblong …

With this our existing public key encryption, digital signature and key exchange methods will be a severe risk. And so we must find alternatives, and one of these is FrodoKEM - and which is a NIST final …

Sep 30, 2020 · Size (in bytes) of inputs and outputs of FrodoKEM. This submission defines a family of key-encapsulation mechanisms (KEMs), collectively called FrodoKEM.

An ephemeral variant (called eFrodoKEM) that is suitable for applications in which not many ciphertexts are encrypted to a single public-key.

FrodoKEM, at levels 3 and 5, is recommended by the German Federal Office for Information Security (BSI) as cryptographically suitable for long-term confidentiality protection.