Cryptology ePrint Archive: Report 2019/535

SIKE Round 2 Speed Record on ARM Cortex-M4

Hwajeong soe and Amir Jalali and Reza Azarderakhsh

Abstract: We present the first practical software implementation of Supersingular Isogeny Key Encapsulation (SIKE) round 2, targeting NISTís 1, 2, and 5 security levels on 32-bit ARM Cortex-M4 microcontrollers. The proposed library introduces a new speed record of SIKE protocol on the target platform. We achieved this record by adopting several state-of-the-art engineering techniques as well as highly-optimized hand-crafted assembly implementation of finite field arithmetic. In particular, we carefully redesign the previous optimized implementations of filed arithmetic on 32-bit ARM Cortex-M4 platform and propose a set of novel techniques which are explicitly suitable for SIKE/SIDH primes. Moreover, the proposed arithmetic implementations are fully scalable to larger bit-length integers and can be adopted over different security levels. The benchmark result on STM32F4 Discovery board equipped with 32-bit ARM Cortex-M4 microcontrollers shows that the entire key encapsulation over p434 takes about 326 million clock cycles (i.e. 1.94 seconds @168MHz). In contrast to the previous optimized implementation of the isogeny-based key exchange on low-power 32-bit ARM Cortex-M4, our performance evaluation shows feasibility of using SIKE mechanism on the target platform. In comparison to the most of the post-quantum candidates, SIKE requires an excessive number of arithmetic operations, resulting in significantly slower timings. However, its small key size makes this scheme as a promising candidate on low-end microcontrollers in the quantum era by ensuring the lower energy consumption for key transmission than other schemes.

Category / Keywords: implementation / Post-quantum cryptography, SIKE, key encapsulation mechanism, finite field arithmetic, ARM assembly, ARM Cortex-M4

Date: received 20 May 2019

Contact author: hwajeong84 at gmail com,azarderakhsh@gmail com,amirjalali65@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190522:073720 (All versions of this report)

Short URL: ia.cr/2019/535


[ Cryptology ePrint archive ]