Cryptology ePrint Archive: Report 2018/229

Optimizing polynomial convolution for NTRUEncrypt

Wei Dai and William Whyte and Zhenfei Zhang

Abstract: NTRUEncrypt is one of the most promising candidates for quantum-safe cryptography. In this paper, we focus on the NTRU743 paramter set. We give a report on all known attacks against this parameter set and show that it delivers 256 bits of security against classical attackers and 128 bits of security against quantum attackers. We then present a parameter-dependent optimization using a tailored hierarchy of multipli- cation algorithms as well as the Intel AVX2 instructions, and show that this optimization is constant-time. Our implementation is two to three times faster than the reference implementation of NTRUEncrypt.

Category / Keywords: implementation / Quantum-safe cryptography, NTRUEncrypt, security estimation, constant-time implementation, AVX2.

Original Publication (with major differences): IEEE Trans. on Computers: Special Section on Cryptographic Engineering in a Post-Quantum World

Date: received 26 Feb 2018

Contact author: zzhang at onboardsecurity com

Available format(s): PDF | BibTeX Citation

Version: 20180301:164228 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]