Paper 2020/1602
Speeding-up Ideal Lattice-Based Key Exchange Using a RSA/ECC Coprocessor
Aurélien Greuet, Simon Montoya, and Guénaël Renault
Abstract
Polynomial multiplication is one of the most costly operations of ideal lattice-based cryptosystems. In this work, we study its optimization when one of the operand has coefficients close to 0. We focus on this structure since it is at the core of lattice-based Key Exchange Mechanisms submitted to the NIST call for post-quantum cryptography. In particular, we propose optimization of this operation for embedded devices by using a RSA/ECC coprocessor that provides efficient large-integer arithmetic. In this context, we compare Kronecker Substitution, already studied by Albrecht et al. in TCHES 2019, with two specific algorithms that we introduce: KSV, a variant of this substitution, and an adaptation of the schoolbook multiplication, denoted Shift&Add. All these algorithms rely on the transformation of polynomial multiplication to large-integer arithmetic. Then, thanks to these algorithms, existing coprocessors dedicated to large-integer can be re-purposed in order to speed-up post-quantum schemes. The efficiency of these algorithms depends on the component specifications and the cryptosystem parameters set. Thus, we establish a methodology to determine which algorithm to use, for a given component, by only implementing basic large-integer operations. Moreover, the three algorithms are assessed on a chip ensuring that the theoretical methodology matches with practical results. They are also compared to reference software implementations such as NTT or schoolbook multiplication.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Post-Quantum Lattice-based CryptographyPolynomial MultplicationSmart Cards
- Contact author(s)
- simon montoya @ idemia com
- History
- 2020-12-27: received
- Short URL
- https://ia.cr/2020/1602
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1602, author = {Aurélien Greuet and Simon Montoya and Guénaël Renault}, title = {Speeding-up Ideal Lattice-Based Key Exchange Using a {RSA}/{ECC} Coprocessor}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1602}, year = {2020}, url = {https://eprint.iacr.org/2020/1602} }