Direct CCA-Secure KEM and Deterministic PKE from Plain LWE.

We present a particularly simple and efficient CCA-secure public-key encapsulation scheme without random oracles or costly sampling. The construction is direct in the sense that it eschews generic transformations via one-time signatures or MACs typically found in standard-model constructions. This gives us a compact, conceptually simpler, and computationally efficient operation, that in particular does not require any Gaussian sampling. Nevertheless, security is based on the hardness of the plain learning-with-errors (LWE) problem with polynomial modulus-to-noise ratio. Of further interest, we also show how to obtain CCA-secure deterministic public-key encryption (for high-entropy messages), that is more compact and efficient than existing constructions.