Cryptology ePrint Archive: Report 2020/990

Performance Comparisons and Migration Analyses of Lattice-based Cryptosystems on Hardware Security Module

Junting Xiao and Tadahiko Ito

Abstract: Post-QuantumCryptography(PQC)isregardedasaneffectivewaytoresistattackswithquantum computers. Since National Institute of Standards and Technology (NIST) proposed its PQC standardiza- tion project in 2016, many candidates have been submitted and their quantum-resistant capability has been measuring by researchers. Besides this research, this Migration issues of Post-Quantum Cryptography (PQC) has been attracting more and more at- tentions ever since the National Institute of Standards and Technology (NIST) published round 3 candidates of its PQC standardization project in July, 2020. Many candidatesí quantum-resistant capability had been measured by researchers. Meanwhile, it is also indispensable to point out limitations and give proposals to those candidatesí migration issues, especially for migrating PQC to constrained environments. In this paper, we assume the cases of using PQC on hardware security module (HSM), which is designed to provide a trusted environment to perform cryptographic operations. Our comparisons includes the cases of not only small data (e.g. less than Kilobytes data) which is often used for key encryption or authentication, but also large data (e.g. several Gigabytes data) which is often used for document signing or code signing. We focus on and evaluate hashing and asymmetric operations of three lattice-based cryptosystems which are strong candidates of NISTís PQC standardization project. Then we construct two kinds of cryptographic bound- aries for those cryptosystems that make their hashing operations inside or outside of a HSM. We compare their performances with several data sizes under different cryptographic boundary constructions, and discuss how much efficiency versus security we gain or lose with internal or external hashing. This problem already exists today with RSA/ECC and our result indicates that it is also acute with the new lattice-based schemes from the NIST round 3 finalists.

Category / Keywords: implementation / Lattice-based cryptography, hardware security module, cryptographic boundary

Date: received 16 Aug 2020, last revised 14 Jan 2021

Contact author: tadahi-ito at secom co jp,shu-sho@secom co jp

Available format(s): PDF | BibTeX Citation

Version: 20210114:153458 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]