Cryptology ePrint Archive: Report 2015/382

High-Performance Ideal Lattice-Based Cryptography on 8-bit ATxmega Microcontrollers

Thomas Pöppelmann and Tobias Oder and Tim Güneysu

Abstract: Over the last years lattice-based cryptography has received much attention due to versatile average-case problems like Ring-LWE or Ring-SIS that appear to be intractable by quantum computers. But despite of promising constructions, only few results have been published on implementation issues on very constrained platforms. In this work we therefore study and compare implementations of Ring-LWE encryption and the bimodal lattice signature scheme (BLISS) on an 8-bit Atmel ATxmega128 microcontroller. Since the number theoretic transform (NTT) is one of the core components in implementations of lattice-based cryptosystems, we review the application of the NTT in previous implementations and present an improved approach that significantly lowers the runtime for polynomial multiplication. Our implementation of Ring-LWE encryption takes 27 ms for encryption and 6.7 ms for decryption. To compute a BLISS signature, our software takes 329 ms and 88 ms for verification. These results outperform implementations on similar platforms and underline the feasibility of lattice-based cryptography on constrained devices.

Category / Keywords: implementation / Ideal lattices, NTT, RLWE, BLISS, ATxmega

Original Publication (with major differences): Latincrypt 2015

Date: received 24 Apr 2015, last revised 19 Jun 2015

Contact author: thomas poeppelmann at rub de, tobias oder at rub de, tim gueneysu at rub de

Available format(s): PDF | BibTeX Citation

Note: Extended/full version of Latincrypt'15 paper. Results have been updated to match proceedings version.

Version: 20150619:151641 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]