SMAUG: Post-Quantum Key Encapsulation Mechanism
SMAUG achieves its quantum security based on the Fujisaki-Okamoto (FO) transform applied to the IND-CPA secure PKE SMAUG.PKE. SMAUG follows an efficient FO transform with decryption failures, recently introduced [HHM22].
Advantages from MLWE + MLWR
SMAUG conservatively bases its secret key security on the MLWE problem for its long-term security, while the ephemeral key is delivered via a more efficient MLWR-based method. This can be viewed as an adaptation of (R)Lizard to modules.
Sparse secret over modules
By using the module structure (as in Kyber and Saber) and sparse secret (as in homomorphic encryptions), SMAUG achieves faster running time with a smaller ciphertext size simultaneously.
All benchmarks were obtained on one core of an Intel Core i7-10700k, with TurboBoost and hyperthreading disabled. All cycle counts reported are the median of the cycle counts of 1,000 executions of the respective functions.
The decryption failure probability (DFP) of the underlying PKE is given in logarithm base two.
The SMAUG team consists of the following members (KpqC 1st round).