Algorithmic Views of Vectorized Polynomial Multipliers – NTRU

Han-Ting Chen; Yi-Hua Chung; Vincent Hwang; Bo-Yin Yang

Paper 2023/1637

Algorithmic Views of Vectorized Polynomial Multipliers – NTRU

Han-Ting Chen, National Taiwan University

Yi-Hua Chung, Academia Sinica

Vincent Hwang, Academia Sinica, Max Planck Institute for Security and Privacy

Bo-Yin Yang, Academia Sinica

Abstract

The lattice-based post-quantum cryptosystem NTRU is used by Google for protecting Google’s internal communication. In NTRU, polynomial multiplication is one of bottleneck. In this paper, we explore the interactions between polynomial multiplication, Toeplitz matrix–vector product, and vectorization with architectural insights. For a unital commutative ring , a positive integer , and an element , we reveal the benefit of vector-by-scalar multiplication instructions while multiplying in . We aim at designing an algorithm exploiting no algebraic and number–theoretic properties of and . An obvious way is to multiply in and reduce modulo . Since the product in is a polynomial of degree at most , one usually chooses a polynomial modulus such that (i) , and (ii) there exists a well-studied fast polynomial multiplication algorithm f for multiplying in . We deviate from common approaches and point out a novel insight with dual modules and vector-by-scalar multiplications. Conceptually, we relate the module-theoretic dual of and with Toeplitz matrix-vector products, and demonstrate the benefit of Toeplitz matrix-vector products with vector-by-scalar multiplication instructions. It greatly reduces the register pressure, and allows us to multiply with essentially no permutation instructions that are commonly used in vectorized implementation. We implement the ideas for the NTRU parameter sets ntruhps2048677 and ntruhrss701 on a Cortex-A72 implementing the Armv8.0-A architecture with the single-instruction-multiple-data (SIMD) technology Neon. For polynomial multiplications, our implementation is 2.18× and 2.23× for ntruhps2048677 and ntruhrsss701 than the state-of-the-art optimized implementation. We also vectorize the polynomial inversions and sorting network by employing existing techniques and translating AVX2-optimized implementations into Neon. Compared to the state-of-the-art optimized implementation, our key generation, encapsulation, and decapsulation for ntruhps2048677 are 7.67×, 2.48×, and 1.77× faster, respectively. For ntruhrss701, our key generation, encapsulation, and decapsulation are 7.99×, 1.47×, and 1.56× faster, respectively.

Note: Full version.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. Major revision. Indocrypt 2023
Keywords: Toeplitz matrix NTRU Vectorization Dual Module
Contact author(s): r10922073 @ csie ntu edu tw
yhchiara @ gmail com
vincentvbh7 @ gmail com
by @ crypto tw
History: 2024-01-30: last of 2 revisions; 2023-10-21: received; See all versions
Short URL: https://ia.cr/2023/1637
License: CC0

BibTeX

@misc{cryptoeprint:2023/1637,
      author = {Han-Ting Chen and Yi-Hua Chung and Vincent Hwang and Bo-Yin Yang},
      title = {Algorithmic Views of Vectorized Polynomial Multipliers – {NTRU}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1637},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1637}
}