Resumen
Key-dependent message (KDM) security is of great research significance, to better analyse and solve the potential security problems in complex application scenarios. Most of the current KDM security schemes are based on traditional hard mathematical problems, where the public key and ciphertext are not compact enough, and make the ciphertext size grow linearly with the degree of the challenge functions. To solve the above problems and the inefficient ciphertext operation, the authors propose a compact lattice-based cryptosystem with a variant of the RLWE problem, which applies an invertible technique to obtain the RLWE*
RLWE
*
problem. It remains hard after the modification from the RLWE problem. Compared with the ACPS scheme, our scheme further expands the set of challenge functions based on the affine function of the secret key, and the size of public key and ciphertext is ??~(??)
O
?
(
n
)
, which is independent of the challenge functions. In addition, this scheme enjoys a high level of efficiency, the cost of encryption and decryption is only ploylog(??)
ploylog
(
n
)
bit operations per message symbol, and we also prove that our scheme is KDM-CPA secure under the RLWE*
RLWE
*
assumption.