Cryptology ePrint Archive: Report 2018/425

Learning with Errors on RSA Co-Processors

Martin R. Albrecht and Christian Hanser and Andrea Hoeller and Thomas Pöppelmann and Fernando Virdia and Andreas Wallner

Abstract: We repurpose existing RSA/ECC co-processors for (ideal) lattice-based cryptography by exploiting the availability of fast long integer multiplication. Such co-processors are deployed in smart cards in passports and identity cards, secured microcontrollers and hardware security modules (HSM). In particular, we demonstrate an implementation of a variant of the Module-LWE-based Kyber Key Encapsulation Mechanism (KEM) that is tailored for optimal performance on a commercially available smart card chip (SLE 78). To benefit from the RSA/ECC co-processor we use Kronecker substitution in combination with schoolbook and Karatsuba polynomial multiplication. Moreover, we speed-up symmetric operations in our Kyber variant using the AES co-processor to implement a PRNG and a SHA-256 co-processor to realise hash functions. This allows us to execute CCA-secure Kyber768 key generation in 79.6 ms, encapsulation in 102.4 ms and decapsulation in 132.7 ms.

Category / Keywords: public-key cryptography / Kyber, lattice-based cryptography, smart card, implementation

Date: received 9 May 2018, last revised 9 May 2018

Contact author: thomas poeppelmann at infineon com

Available format(s): PDF | BibTeX Citation

Version: 20180510:210548 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]