Cryptology ePrint Archive: Report 2022/323
Dilithium for Memory Constrained Devices
Joppe W. Bos and Joost Renes and Daan Sprenkels
Abstract: We investigate the use of the Dilithium post-quantum digital signature scheme on memory-constrained systems. Reference and optimized implementations of Dilithium in the benchmarking framework pqm4 (Cortex-M4) require 50 – 100 KiB of memory, demonstrating the significant challenge to use Dilithium on small IoT platforms. We show that compressing polynomials, using an alternative number theoretic transform, and falling back to the schoolbook method for certain multiplications reduces the memory footprint significantly. This results in the first implementation of Dilithium for which the recommended parameter set requires less than 7 KiB of memory for key and signature generation and less than 3 KiB of memory for signature verification. We also provide benchmark details of a portable implementation in order to estimate the performance impact when using these memory reduction methods.
Category / Keywords: implementation / Dilithium, implementation, memory optimization, NIST PQC, lattice-based cryptography
Date: received 8 Mar 2022
Contact author: joppe bos at nxp com, joost renes at nxp com, daan at dsprenkels com
Available format(s): PDF | BibTeX Citation
Version: 20220308:125158 (All versions of this report)
Short URL: ia.cr/2022/323
[ Cryptology ePrint archive ]