业界近年来的研制实践和学界的研究进展表明量子计算理论正一步步走进现实，其非预期后果是对当下支撑起信息系统安全的核心密码系统破坏性颠覆。后量子密码配用被认为是迁移上一代公钥密码(PKE)、重新固定网络空间信任之锚的关键举措。学习困难问题LPN具有量子安全、代数结构简洁等典型特征，是用于设计量子计算环境下轻量级安全密码时有推动力的代表性技术。本项目将研究LPN及其变体的代数特征(密钥/噪声非均匀分布、随机公开参数等)，根据不同代数特征适应性地设计具有严格安全性保证的PKE和(多接收者)密钥封装机制，以同时实现轻量级密码的计算高效性和配用实用性(公开参数、密钥及密文长度等)，在合理的安全模型下通过直接规约或游戏序列的方式考察其典型安全属性。研究路径还将同时揭示在传统PKE构造中发挥独特作用的通用性变换(FO变换、CHR变换等)以及HPS、辅助输入等技术在LPN轻量级密码设计中的适用性。

Research and development progress from both researchers and practitioners from both academia and industry manifests that quantum computing theory is showing its noticeable impact on industry practice, especially for the practical cryptographic algorithms (RSA, DH, etc.) that support the security of most information systems. Post-quantum cryptography is believed essentially useful in improving existing public key encryption (PKE) and rebuilding the trust infrastructure for the network (including Internet). The problem Learning Parity with Noise (LPN) is quantum-secure and of simple algebraic structure, and the LPN assumption is known as one of the representative technologies in designing secure lightweight cryptosystems for the quantum computing framework. The project will: (1) investigate the algebraic properties (non-uniform distribution of key/noise, random public parameters, etc.) of LPN and its variants; (2) according to the different algebraic properties, construct corresponding PKE and (multi-recipient) key encapsulation mechanism (KEM) with strict security proofs, so that the expected computational efficiency and practical communication costs (public parameters, key size, and ciphertext size, etc.) can be achieved simultaneously; (3) in the rational security models, manage the security experiments via direct reduction or game sequence (for typical security properties such as confidentiality and key-dependent message security, etc.). Our methods will also reveal the possibility/feasibility of applying the generic transformations (FO, CHR, etc.) and other known technologies (including hash proof system, auxiliary input, etc.) to the design of LPN-based lightweight cryptosystems, which have already demonstrated dramatical positive effect in designing traditional PKE and KEM.