Highly Vectorized SIKE for AVX-512

Cheng, Hongbo; Fotiadis, Georgios; Großschädl, Johann; Ryan, Peter Y. A.

doi:10.46586/tches.v2022.i2.41-68

Cited by 9 publications

(23 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Under this environment, PCS is very effective and can reduce a large amount of the execution time over PCP. A speed-up of up to 34.05% is achieved by our four-core implementation when compared to the single-core implementation of [CFGR22].…”

Section: Introductionmentioning

confidence: 95%

“…The latest generation of Intel's Advanced Vector eXtensions (AVX), which is AVX-512, provides a way to vectorize and speed-up a software by using vectors of length 512 bits and vectorized instructions. One extension of AVX-512 used by [CFGR22] and this work is the Integer Fused Multiply-Add extension (IFMA or AVX-512IFMA) which is useful for software libraries requiring large integer arithmetic. As we are mainly interested in the strategy-level optimization, we briefly explain the high-level usage of AVX-512.…”

Section: Intel's Advanced Vector Extension Avx-512mentioning

confidence: 99%

“…For the latest generation of AVX, called AVX-512, each vector (consisting of an array of data) is of length 512 bits and can be operated as eight 64-bit elements, meaning that eight 64-bit operations can be performed within a similar time as a single 64-bit operation. The advantages of AVX-512 have been exploited to speed-up the isogeny computation by a few works [KG19,CFGR22]. In [CFGR22], the authors proposed optimizations in several layers, including base-field arithmetic, extension-field arithmetic, elliptic curve arithmetic, and isogeny computation.…”

Section: Introductionmentioning

confidence: 99%

“…The advantages of AVX-512 have been exploited to speed-up the isogeny computation by a few works [KG19,CFGR22]. In [CFGR22], the authors proposed optimizations in several layers, including base-field arithmetic, extension-field arithmetic, elliptic curve arithmetic, and isogeny computation. Combining all those techniques, the execution time of their implementation is 2.40 times faster compared to that of [Mic17].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Vectorized and Parallel Computation of Large Smooth-Degree Isogenies using Precedence-Constrained Scheduling

Phalakarn¹,

Suppakitpaisarn²,

Rodríguez-Henríquez³

et al. 2023

TCHES

View full text Add to dashboard Cite

Strategies and their evaluations play important roles in speeding up the computation of large smooth-degree isogenies. The concept of optimal strategies for such computation was introduced by De Feo et al., and virtually all implementations of isogeny-based protocols have adopted this approach, which is provably optimal for single-core platforms. In spite of its inherent sequential nature, several recent works have studied ways of speeding up this isogeny computation by exploiting the rich parallelism available in vectorized and multi-core platforms. One obstacle to taking full advantage of this parallelism, however, is that De Feo et al.’s strategies are not necessarily optimal in multi-core environments. To illustrate how the speed of vectorized and parallel isogeny computation can be improved at the strategylevel, we present two novel software implementations that utilize a state-of-the-art evaluation technique, called precedence-constrained scheduling (PCS), presented by Phalakarn et al., with our proposed strategies crafted for these environments. Our first implementation relies only on the parallelism provided by multi-core processors. The second implementation targets multi-core processors supporting the latest generation of the Intel’s Advanced Vector eXtensions (AVX) technology, commonly known as AVX-512IFMA instructions. To better handle the computational concurrency associated with PCS, we equip both implementations with extensive synchronization techniques. Our first implementation outperforms the implementation of Cervantes-Vázquez et al. by yielding up to 14.36% reduction in the execution time, when targeting platforms with two- to four-core processors. Our second implementation, equipped with four cores, achieves up to 34.05% reduction in the execution time compared to the single-core implementation of Cheng et al. of CHES 2022.

show abstract

Section: Introductionmentioning

confidence: 95%

Section: Intel's Advanced Vector Extension Avx-512mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Vectorized and Parallel Computation of Large Smooth-Degree Isogenies using Precedence-Constrained Scheduling

Phalakarn¹,

Suppakitpaisarn²,

Rodríguez-Henríquez³

et al. 2023

TCHES

View full text Add to dashboard Cite

show abstract

“…For AVX-512 implementations of PQC algorithms, some arithmetics like large integer multiplication, Montgomery multiplication, and NTT AVX-512 implementation have received researchers' attention [20]- [25]. Cheng et al [26] proposed a highly vectorized implementation for SIKE. [27] presented an implementation using AVX-512 to batch CSIDH group actions.…”

Section: Introductionmentioning

confidence: 99%

Parallel Small Polynomial Multiplication for Dilithium: A Faster Design and Implementation

Zheng

Shen

et al. 2022

Proceedings of the 38th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

CRYSTALS-Dilithium is a lattice-based signature scheme to be standardized by NIST as the primary post-quantum signature algorithm. In this work, we make a thorough study of optimizing the implementations of Dilithium by utilizing the Advanced Vector Extension (AVX) instructions, specifically AVX2 and the latest AVX512.We first present an improved parallel small polynomial multiplication with tailored early evaluation (PSPM-TEE) to further speed up the signing procedure, which results in a speedup of 5%-6% compared with the original PSPM Dilithium implementation. We then present a tailored reduction method that is simpler and faster than Montgomery reduction. Our optimized AVX2 implementation exhibits a speedup of 3%-8% compared with the state-of-the-art of Dilithium AVX2 software. Finally, for the first time, we propose a fully and highly vectorized implementation of Dilithium using AVX-512. This is achieved by carefully vectorizing most of Dilithium functions with the AVX512 instructions in order to improve efficiency both for time and for space simultaneously.With all the optimization efforts, our AVX-512 implementation improves the performance by 37.3%/50.7%/39.7% in key generation, 34.1%/37.1%/42.7% in signing, and 38.1%/38.7%/40.7% in verification for the parameter sets of Dilithium2/3/5 respectively. To the best of our knowledge, our AVX512 implementation has the best performance for Dilithium on the Intel x64 CPU platform to date.

show abstract