Paper 2019/489

Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4

Leon Botros, Matthias J. Kannwischer, and Peter Schwabe

Abstract

This paper presents an optimized software implementation of the module-lattice-based key-encapsulation mechanism Kyber for the ARM Cortex-M4 microcontroller. Kyber is one of the round-2 candidates in the NIST post-quantum project. In the center of our work are novel optimization techniques for the number-theoretic transform (NTT) inside Kyber, which make very efficient use of the computational power offered by the “vector” DSP instructions of the target architecture. We also present results for the recently updated parameter sets of Kyber which equally benefit from our optimizations. As a result of our efforts we present software that is 18% faster than an earlier implementation of Kyber optimized for the Cortex-M4 by the Kyber submitters. Our NTT is more than twice as fast as the NTT in that software. Our software runs at about the same speed as the latest speed-optimized implementation of the other module-lattice based round-2 NIST PQC candidate Saber. However, for our Kyber software, this performance is achieved with a much smaller RAM footprint. Kyber needs less than half of the RAM of what the considerably slower RAM-optimized version of Saber uses. Our software does not make use of any secret-dependent branches or memory access and thus offers state-of-the-art protection against timing attacks

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Africacrypt 2019
Keywords
ARM Cortex-M4number-theoretic transformlattice-based cryptographyKyber
Contact author(s)
l botros @ student ru nl
matthias @ kannwischer eu
peter @ cryptojedi org
History
2019-05-20: received
Short URL
https://ia.cr/2019/489
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/489,
      author = {Leon Botros and Matthias J.  Kannwischer and Peter Schwabe},
      title = {Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/489},
      year = {2019},
      url = {https://eprint.iacr.org/2019/489}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.