Efficient implementation of ideal lattice-based cryptography

Pöppelmann, Thomas

doi:10.1515/itit-2017-0030

Cited by 5 publications

(4 citation statements)

References 107 publications

(278 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The R-LWE version as summarized in Table I provides a medium security level [33], [34] (roughly equivalent to AES-128, NIST PQC security level-1) being sufficient for lowweight IoT end-node devices.…”

Section: Parameter-setmentioning

confidence: 99%

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

Kundi

Khalid

Bian

et al. 2022

IEEE Internet Things J.

View full text Add to dashboard Cite

This work presents a multi-level approximation exploration undertaken on the Ring-Learning-with-Errors (R-LWE) based Public-key Cryptographic (PKC) schemes that belong to quantum-resilient cryptography algorithms. Among the various quantum-resilient cryptography schemes proposed in the currently running NIST's Post-quantum Cryptography (PQC) standardization plan, the lattice based LWE schemes have emerged as the most viable and preferred class for the IoT applications due to their compact area and memory footprint compared to other alternatives. However, compared to the classical schemes used today, R-LWE is much harder a challenge to fit on embedded IoT (end-node) devices, due to their stricter resource constraints (lower area, memory, energy budgets) as well as their limited computational capabilities. To the best of our knowledge, this is the first endeavour exploring the inherent approximate nature of LWE problem to undertake a multi-level Approximate R-LWE (AxRLWE) architecture with respective security estimates opt for lightweight IoT devices. Undertaking AxRLWE on Field Programmable Gate Arrays (FPGAs), we bench-marked a 64% area reduction cost compared to earlier accurate R-LWE designs at the cost of reduced quantum-security. With 45nm CMOS technology, AxRLWE was bench-marked to fit well within the same area-budget of lightweight ECC processor and consume a third of energy compared to special class of R-Binary LWE (R-BLWE) designs being proposed for an IoT, with better security level.

show abstract

Section: Parameter-setmentioning

confidence: 99%

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

Kundi

Khalid

Bian

et al. 2022

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…There are many research results on efficient implementation of lattice-based cryptography. Pöppelmann [15] proposed an efficient implementation of Ring-LWE encryption in a reconfigurable hardware 8 bit microcontroller environment and software implementation of GLP on Intel/AMD CPUs and BLISS in the Cortex-M4F environment. Nejatollahi et al [16] introduced trends and challenges for lattice-based cryptography software implementation.…”

Section: Related Studies On Efficient Implementation Of Lattice-mentioning

confidence: 99%

Efficient Parallel Implementation of Matrix Multiplication for Lattice-Based Cryptography on Modern ARM Processor

Park

Seo

Kim³

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Recently, various types of postquantum cryptography algorithms have been proposed for the National Institute of Standards and Technology’s Postquantum Cryptography Standardization competition. Lattice-based cryptography, which is based on Learning with Errors, is based on matrix multiplication. A large-size matrix multiplication requires a long execution time for key generation, encryption, and decryption. In this paper, we propose an efficient parallel implementation of matrix multiplication and vector addition with matrix transpose using ARM NEON instructions on ARM Cortex-A platforms. The proposed method achieves performance enhancements of 36.93%, 6.95%, 32.92%, and 7.66%. The optimized method is applied to the Lizard. CCA key generation step enhances the performance by 7.04%, 3.66%, 7.57%, and 9.32% over previous state-of-the-art implementations.

show abstract

“…We assume that the probability that this happens is negligible. This sampling method requires storing a pre-computed CDF Pöppelmann [19] shows how to use multiple levels of tables such that implementations are feasible on constraint devices. These multiple levels of tables provide a strong side channel, which is exploited in the cache-timing attack in [7].…”

Section: B2 Inverse Cdt Samplermentioning

confidence: 99%

Rounded Gaussians

Hülsing

Lange

Smeets

2018

Public-Key Cryptography – PKC 2018

View full text Add to dashboard Cite

This paper suggests to use rounded Gaussians in place of discrete Gaussians in rejection-sampling-based lattice signature schemes like BLISS. We show that this distribution can efficiently be sampled from while additionally making it easy to sample in constant time, systematically avoiding recent timing-based side-channel attacks on lattice-based signatures. We show the effectiveness of the new sampler by applying it to BLISS, prove analogues of the security proofs for BLISS, and present an implementation that runs in constant time. Our implementation needs no precomputed tables and is twice as fast as the variable-time CDT sampler posted by the BLISS authors with precomputed tables.

show abstract

Efficient implementation of ideal lattice-based cryptography

Cited by 5 publications

References 107 publications

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

Efficient Parallel Implementation of Matrix Multiplication for Lattice-Based Cryptography on Modern ARM Processor

Rounded Gaussians

Contact Info

Product

Resources

About