Paper 2020/1602

Speeding-up Ideal Lattice-Based Key Exchange Using a RSA/ECC Coprocessor

Aurélien Greuet, Simon Montoya, and Guénaël Renault

Abstract

Polynomial multiplication is one of the most costly operations of ideal lattice-based cryptosystems. In this work, we study its optimization when one of the operand has coefficients close to 0. We focus on this structure since it is at the core of lattice-based Key Exchange Mechanisms submitted to the NIST call for post-quantum cryptography. In particular, we propose optimization of this operation for embedded devices by using a RSA/ECC coprocessor that provides efficient large-integer arithmetic. In this context, we compare Kronecker Substitution, already studied by Albrecht et al. in TCHES 2019, with two specific algorithms that we introduce: KSV, a variant of this substitution, and an adaptation of the schoolbook multiplication, denoted Shift&Add. All these algorithms rely on the transformation of polynomial multiplication to large-integer arithmetic. Then, thanks to these algorithms, existing coprocessors dedicated to large-integer can be re-purposed in order to speed-up post-quantum schemes. The efficiency of these algorithms depends on the component specifications and the cryptosystem parameters set. Thus, we establish a methodology to determine which algorithm to use, for a given component, by only implementing basic large-integer operations. Moreover, the three algorithms are assessed on a chip ensuring that the theoretical methodology matches with practical results. They are also compared to reference software implementations such as NTT or schoolbook multiplication.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Post-Quantum Lattice-based CryptographyPolynomial MultplicationSmart Cards
Contact author(s)
simon montoya @ idemia com
History
2020-12-27: received
Short URL
https://ia.cr/2020/1602
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1602,
      author = {Aurélien Greuet and Simon Montoya and Guénaël Renault},
      title = {Speeding-up Ideal Lattice-Based Key Exchange Using a {RSA}/{ECC} Coprocessor},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1602},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1602}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.