Cryptology ePrint Archive: Report 2014/514

On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards

Ahmad Boorghany and Siavash Bayat Sarmadi and Rasool Jalili

Abstract: Most lattice-based cryptographic schemes with a security proof suffer from large key sizes and heavy computations. This is also true for the simpler case of authentication protocols which are used on smart cards, as a very-constrained computing environment. Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards. In this paper, we provide the results of our implementation of several state-of-the-art lattice-based authentication protocols on smart cards and a microcontroller widely used in smart cards. Our results show that only a few of the proposed lattice-based authentication protocols can be implemented using limited resources of such constrained devices, however, cutting-edge ones are suitably efficient to be used practically on smart cards. Moreover, we have implemented fast Fourier transform (FFT) and discrete Gaussian sampling with different typical parameter sets, as well as versatile lattice-based public-key encryptions. These results have noticeable points which help to design or optimize lattice-based schemes for constrained devices.

Category / Keywords: Authentication Protocols, Constrained Devices, Constrained Implementation, Lattice-based Cryptography, Post-quantum Cryptography

Original Publication (with minor differences): ACM Transactions on Embedded Computing Systems, special issue on Embedded Platforms for Cryptography in the Coming Decade

Date: received 1 Jul 2014, last revised 16 Nov 2014

Contact author: boorghany at ce sharif edu

Available format(s): PDF | BibTeX Citation

Version: 20141116:152813 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]