In recent years, lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are in sight. On the other hand, JavaScript is a standard programming language for Web applications. It is now supported on a wide variety of computing platforms and devices with immense efficiency improvement in the past few years. In this paper, we present the results of our JavaScript implementation of several lattice-based encryption schemes and show the speed performance on four common Web browsers on PC. Furthermore, we show performance results on two smaller computing platforms, namely, tablets running the Android operating system, as well as Tessel, an embedded system equipped with an ARM Cortex M3 microcontroller. Our results demonstrate that some of today's lattice-based cryptosystems can already have efficient JavaScript implementations and hence are ready for use on a growing list of computing platforms with JavaScript support.Keywords: Lattice-based cryptography, JavaScript, Android, Tessel
309Portable Implementation of Lattice-based Cryptography using JavaScript 1. Positive integers n, q, d1, d2, d3, dm; gcd(3, q)=1 (let p=3); 2. Ring:and g ∈ L (n/3,(n/3)−1) ; let F = f 1 ·f 2 + f 3 , then f = 1 + 3F; 4. fq·f ≡ 1(mod q); 5. Secret key: f; 6. Public key: h ≡ 3f q ·g (mod q); Regev's LWE [26,22] 1. Positive integers m, n, l, q, t, r (t q and r q) and a real α > 0; 2. Matrix S∈Z 1. Integers n, q > 0 and a real s > 0; 2. Ring: Rq = Zq[x]/(x n + 1); 3. Three random polynomials e ← χs, a ∈ Rq, and a small s ∈ Rq; 4. b = a ·s + e ∈ Rq; 5. Secret key: s ∈ Rq; 6. Public key: (a, b)∈ Rq×Rq; 1. Plaintext m ∈ {0, 1} n ; 2. Three random polynomials e1, e2 ← χs and a small t ∈ Rq; 3. (c1, c2) = (a ·t + e1, b ·t + e2 + encode(m)) ∈Rq × Rq;LP10 ring-LWE [19] 1. Integers n, q > 0 and a real s > 0; 2. Ring: Rq = Zq[x]/(x n + 1); 3. Three random polynomials r1,r2 ← χs, and a ∈ Rq; 4. b = r1 − a·r2 ∈ Rq; 5. Secret key: r2 ← χs; 6. Public key: (a, b)∈ Rq×Rq; 1. Plaintext m ∈ {0, 1} n ; 2. Three random polynomials e1, e2, e3 ← χs; 3. (c1, c2) = (a ·e1 + e2, b ·e1 + e3 + encode(m)) ∈Rq × Rq;