Cryptology ePrint Archive: Report 2019/893

New Efficient, Constant-Time Implementations of Falcon

Thomas Pornin

Abstract: A new implementation of Falcon is presented. It solves longstanding issues in the existing reference code: the new implementation is constant-time, it does not require floating-point hardware (though it can use such hardware for better performance), it uses less RAM, and achieves much better performance on both large systems (x86 with Skylake cores, POWER8,...) and small microcontrollers (ARM Cortex M4). In particular, signature generation with Falcon-512 takes less than 470k cycles on a Skylake (82k cycles only for verification), and about 21.2 million cycles on an ARM Cortex M4.

Category / Keywords: public-key cryptography / falcon, post-quantum signatures

Date: received 2 Aug 2019, last revised 18 Sep 2019

Contact author: pornin at bolet org, thomas pornin at nccgroup com

Available format(s): PDF | BibTeX Citation

Version: 20190918:144441 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]