You are looking at a specific version 20160810:203555 of this paper. See the latest version.

Paper 2016/758

A new hope on ARM Cortex-M

Erdem Alkim and Philipp Jakubeit and Peter Schwabe

Abstract

Recently, Alkim, Ducas, Pöppelmann, and Schwabe proposed a Ring-LWE-based key exchange protocol called "NewHope" (Usenix Security'16) and illustrated that this protocol is very effcient on large Intel processors. Their paper also claims that the parameter choice enables effcient implementation on small embedded processors. In this paper we show that these claims are actually correct and present NewHope software for the ARM Cortex-M family of 32-bit microcontrollers. More specifcally, our software targets the low-end Cortex-M0 and the high-end Cortex-M4 processor from this family. Our software starts from the C reference implementation by the designers of NewHope and then carefully optimizes subroutines in assembly. In particular, compared to best results known so far, our NTT implementation achieves a speedup of almost a factor of 2 on the Cortex-M4. Our Cortex-M0 NTT software slightly outperforms previously best results on the Cortex-M4, a much more powerful processor. In total, the server side of the key exchange executes in only 1,467,101 cycles on the M0 and only 860,388 cycles on the M4; the client side executes in 1,738,922 cycles on the M0 and 984,761 cycles on the M4.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Post-quantum key exchangeRing-LWEembedded microcontrollerNTT.
Contact author(s)
erdemalkim @ gmail com
History
2019-10-18: revised
2016-08-10: received
See all versions
Short URL
https://ia.cr/2016/758
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.