Analysis on Aigis‐Enc: Asymmetrical and symmetrical

Aigis‐Enc is an encryption algorithm based on asymmetrical learning with errors (LWE). A thorough comparison between Aigis‐Enc (with the recommended parameters) and a symmetrical LWE encryption scheme on the same scale (the sampling parameters are {η1, η2} = {2, 2} instead of {1, 4}) on Chosen‐plaintext attack (CPA) security, computation complexity and decryption failure probability is made. In particular, the authors ascertain that the CPA security of Aigis‐Enc is 160.895, and that of the symmetrical LWE encryption scheme on the same scale is 161.834. The ratio of computation complexity on the sampling amount of the former and the latter is 5:4 in the key generation phase and 19:14 in the encryption phase. The decryption failure probability of the former is 2−128.699 and that of the latter is 2−67.0582, then the authors show how to reduce the decryption failure probability of the latter significantly by increasing some traffic. Furthermore, those attacks presented by designers of Aigis‐Enc, including primal attacks and dual attacks are generalised. Our attacks are more extensive, simpler, and clearer. With them, the optimal attacks and the ‘optimal‐optimal attacks’ on Aigis‐Enc and the symmetrical LWE scheme on the same scale are obtained.