Home

Awesome

ROUND5

Round5 is a compact and fast post-quantum public-key encryption scheme and a NIST PQC second round candidate. Round5 relies on the General Learning with Rounding (GLWR) problem to unify the well-studied Learning with Rounding (LWR) and Ring Learning with Rounding (RLWR) lattice-problems. It enables a single description and implementation of Round5's IND-CPA KEM, IND-CCA KEM and an IND-CCA PKE algorithms. This unified approach allows the Round5 proposal to fulfil the requirements of many different applications.

Round5 currently defines 21 parameter sets. A parameter set is denoted as:

				R5N{1,D}_{1,3,5}{CPA,CCA}_{0,5}{version}
	

where:

Round5's IND-CPA KEM algorithm relies on R5N{1,D}_{1,3,5}CPA_{0,5}{version}parameter sets. Round5's IND-CCA KEM and IND-CCA KEM algorithms require R5N{1,D}_{1,3,5}CCA_{0,5}{version}parameter sets. The reason for defining both an IND-CPA and an IND-CCA KEM is because ephemeral handshakes can be made up to 40% more efficient, in particular, bandwidth wise.

This code base includes three implementations.

In Round5, TupleHash (SP800-185, FIPS 202) is used to generate the pseudorandom data required to sample public parameters or secret keys as well as in the implementation of the different hash functions involved in Round5 ensuring domain separation. The code includes a standalone implementation of TupleHash so that Round5 KEM algorithms can run without external libraries.

In addition to this implementation, Markku-Juhani O. Saarinen also maintains the r5embed implementation that is specially crafted for embedded platforms.

CONTENTS

Prerequisites

To be able to build and run the implementations of the algorithm, the following conditions must be met:

Building the implementations

After installing the prerequisites, you can build the implementations using make. If you build an IND-CPA parameter set, then you will build the IND-CPA KEM algorithm only. If you build an IND-CCA parameter set, then you will build both the IND-CCA KEM and the IND-CCA PKE algorithms.

Make targets

Several targets are available including:

Make variables

The following make variables can be used to influence the build of the implementations.

Running the example application and targets

There are several examples in the examples directory. The applications are found in the build directory of the implementations.

In the optimized implementation, you can run it for the parameters chosen while making it as:

./sample_kem

If you made the application with the TIMING flag, running this application will give you the timing.

In the reference and configurable implementations, the application can be executed for any configuration at runtime and takes the following arguments:

For instance, in reference you can run:

./sample_kem -a R5ND_1CPA_4longkey

Round5 is a flexible scheme so that the user can pick up the best parameter set and configuration for different platforms and applications. Next, we give some examples assuming the usage of the optimized implementation.

KATs

Next to the implementations, there is an additional folder called scripts_kats. This folder contains scripts to generate and check kats. It also contains the fingerprints of the KATs.