Concretely, FrodoKEM is designed for IND-CCA security at three levels: FrodoKEM-1344, which targets Level 5 in the NIST call for proposals (matching or exceeding the brute-force security …

It is based on the learning with errors (LWE) problem, and has a number of levels: FrodoKEM-640 (Level 1, equivalent in security to AES-128), FrodoKEM-976 (Level 3, equivalent in security to …

FrodoKEM Algorithm type: Key encapsulation mechanism. Main cryptographic assumption: learning with errors (LWE). Principal submitters: Michael Naehrig, Erdem Alkim, Joppe Bos, …

FrodoCCS [BCDMNNRS’16] instantiated and implemented [LP’11], using pseudorandom public matrix A to reduce public key size. Lineage of [Ajtai’96,AjtaiDwork’97]: worst-case/average …

Mar 17, 2025 · Concretely, the use of standard FrodoKEM is recommended for applications in which the number of ciphertexts produced for a single public key is expected to be equal or …

Sep 30, 2020 · This submission defines a family of key-encapsulation mechanisms (KEMs), collectively called FrodoKEM. The FrodoKEM schemes are designed to be conservative yet …

Sep 30, 2020 · De nition 2.4 (Public-key encryption scheme). A public-key encryption scheme PKE is a tuple of algorithms (KeyGen; Enc; Dec) along with a message space M: KeyGen()

He pastes Alice's public key into the text box or uploads the public key file. Then, he enters the data to encapsulate - either by pasting text (up to 1KB) or uploading a file (up to 5MB, such as …

FrodoKEM consists of two main variants: An ephemeral variant (called eFrodoKEM) that is suitable for applications in which not many ciphertexts are encrypted to a single public-key.

For FrodoKEM-640-SHAKE, we can see that the size of Alice's public key is 9,616 bytes long, and her private key is 19,888 bytes long. The ciphertext passed is 9,270 bytes long.