Cryptology ePrint Archive: Report 2020/1602
Speeding-up Ideal Lattice-Based Key Exchange Using a RSA/ECC Coprocessor
Aurélien Greuet and Simon Montoya and Guénaël Renault
Abstract: Polynomial multiplication is one of the most costly operations of
ideal lattice-based cryptosystems. In this work, we study its
optimization when one of the operand has coefficients close to 0.
We focus on this structure since it is at the core of lattice-based
Key Exchange Mechanisms submitted to the NIST call for post-quantum
cryptography. In particular, we propose optimization of this
operation for embedded devices by using a RSA/ECC coprocessor that
provides efficient large-integer arithmetic. In this context, we compare
Kronecker Substitution, already studied by Albrecht et al. in TCHES 2019,
with two specific algorithms that
we introduce: KSV, a variant of this substitution, and an
adaptation of the schoolbook multiplication, denoted
Shift&Add. All these algorithms rely on the transformation
of polynomial multiplication to large-integer arithmetic. Then,
thanks to these algorithms, existing coprocessors dedicated to
large-integer can be re-purposed in order to speed-up post-quantum
schemes. The efficiency of these algorithms depends on the component
specifications and the cryptosystem parameters set. Thus, we
establish a methodology to determine which algorithm to use, for a
given component, by only implementing basic large-integer
operations. Moreover, the three algorithms are assessed on a chip
ensuring that the theoretical methodology matches with practical
results. They are also compared to reference software
implementations such as NTT or schoolbook multiplication.
Category / Keywords: implementation / Post-Quantum Lattice-based Cryptography, Polynomial Multplication, Smart Cards
Date: received 24 Dec 2020
Contact author: simon montoya at idemia com
Available format(s): PDF | BibTeX Citation
Version: 20201227:131401 (All versions of this report)
Short URL: ia.cr/2020/1602
[ Cryptology ePrint archive ]