Cryptology ePrint Archive: Report 2018/723

Shorter Messages and Faster Post-Quantum Encryption with Round5 on Cortex M

Markku-Juhani O. Saarinen and Sauvik Bhattacharya and Oscar Garcia-Morchon and Ronald Rietman and Ludo Tolhuizen and Zhenfei Zhang

Abstract: Round5 is a Public Key Encryption and Key Encapsulation Mechanism (KEM) based on General Learning with Rounding (GLWR), a lattice problem. We argue that the ring variant of GLWR is better suited for embedded targets than the more common RLWE (Ring Learning With Errors) due to significantly shorter keys and messages. Round5 incorporates GLWR with error correction, building on design features from NIST Post-Quantum Standardization candidates Round2 and Hila5. The proposal avoids Number Theoretic Transforms (NTT), allowing more flexibility in parameter selection and making it simpler to implement. We discuss implementation techniques of Round5 ring variants and compare them to other NIST PQC candidates on lightweight Cortex M4 platform. We show that the current development version of Round5 offers not only the shortest key and ciphertext sizes among Lattice-based candidates, but also has leading performance and implementation size characteristics.

Category / Keywords: implementation / Post-Quantum Cryptography, Lattice Cryptography, GLWR, Embedded Implementation, Cortex M4

Original Publication (with minor differences): CARDIS 2018 Pre-Proceedings Version

Date: received 3 Aug 2018, last revised 31 Oct 2018

Contact author: mjos at iki fi

Available format(s): PDF | BibTeX Citation

Note: Text is being revised for publication in CARDIS '18.

Version: 20181031:101401 (All versions of this report)

Short URL: ia.cr/2018/723