US Patent 9698986 Generating shared secrets for lattice-based cryptographic protocols

In a general aspect, shared secrets for lattice-based cryptographic protocols are generated. In some aspects, a public parameter (a) is obtained, where the public parameter is an array defined for a lattice-based cryptography system. A first secret value (s) and a second secret value (b) are obtained. The first secret value is a second array defined for the lattice-based cryptography system, and is generated based on sampling an error distribution. The second secret value is a third array defined for the lattice-based cryptography system, and is a product of the first and second arrays (b←as). A public key ({circumflex over (b)}) is then generated by applying a compression function to the second secret value (b), and the public key is sent to an entity. A shared secret (μ) is then generated based on information received from the entity in response to the public key.