Paper 2018/723

Shorter Messages and Faster Post-Quantum Encryption with Round5 on Cortex M

Markku-Juhani O. Saarinen, Sauvik Bhattacharya, Oscar Garcia-Morchon, Ronald Rietman, Ludo Tolhuizen, and Zhenfei Zhang


Round5 is a Public Key Encryption and Key Encapsulation Mechanism (KEM) based on General Learning with Rounding (GLWR), a lattice problem. We argue that the ring variant of GLWR is better suited for embedded targets than the more common RLWE (Ring Learning With Errors) due to significantly shorter keys and messages. Round5 incorporates GLWR with error correction, building on design features from NIST Post-Quantum Standardization candidates Round2 and Hila5. The proposal avoids Number Theoretic Transforms (NTT), allowing more flexibility in parameter selection and making it simpler to implement. We discuss implementation techniques of Round5 ring variants and compare them to other NIST PQC candidates on lightweight Cortex M4 platform. We show that the current development version of Round5 offers not only the shortest key and ciphertext sizes among Lattice-based candidates, but also has leading performance and implementation size characteristics.

Note: Text is being revised for publication in CARDIS '18.

Available format(s)
Publication info
Published elsewhere. Minor revision. CARDIS 2018 Pre-Proceedings Version
Post-Quantum CryptographyLattice CryptographyGLWREmbedded ImplementationCortex M4
Contact author(s)
mjos @ iki fi
2018-10-31: last of 15 revisions
2018-08-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Markku-Juhani O.  Saarinen and Sauvik Bhattacharya and Oscar Garcia-Morchon and Ronald Rietman and Ludo Tolhuizen and Zhenfei Zhang},
      title = {Shorter Messages and Faster Post-Quantum Encryption with Round5 on Cortex M},
      howpublished = {Cryptology ePrint Archive, Paper 2018/723},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.