Polynomial Multiplication in NTRU Prime

Alkım, Erdem; Cheng, Dean Yun-Li; Chung, Chi-Ming; Evkan, Hülya; Huang, Leo Wei-Lun; Hwang, Vincent; Li, Ching-Lin Trista; Niederhagen, Ruben; Shih, Cheng-Jhih; Wälde, Julian; Yang, Bo‐Yin

doi:10.46586/tches.v2021.i1.217-238

Cited by 10 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It appears that the number-theoretic transforms are cores of all high-speed implementations of lattice-based crypto for the Cortex-M4. It is either prescribed in the specification of Dilithium, Falcon, and Kyber, or maintains to be the fastest polynomial multiplication methods in Saber, NTRU [CHK+21], and NTRU Prime [ACC+20].…”

Section: Introductionmentioning

confidence: 99%

“…While the techniques are already known, they have so far not been applied to Kyber and Dilithium. This includes (1) the use of Cooley-Tukey butterflies for the inverse NTT of both Kyber and Dilithium previously proposed for Saber in [ACC+21]; (2) the use of floating point registers for caching values in the NTT of Dilithium and Kyber which was first proposed in the context of NTTs for NTRU Prime in [ACC+20]. This allows to merge more layers of the NTT and reduce memory access time for loading twiddle factors; (3) we make use of the "asymmetric multiplication" proposed in [BHK+21] which eliminates some duplicate computation in the base multiplication of Kyber at the cost of extra stack usage; and (4) we use an idea from [CHK+21] to improve the accumulation in the matrix-vector product of Kyber by using a 32-bit accumulator allowing to eliminate some modular reductions at the cost of more stack usage.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Faster Kyber and Dilithium on the Cortex-M4

Abdulrahman

Hwang²,

Kannwischer³

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper presents faster implementations of the latticebased schemes Dilithium and Kyber on the Cortex-M4. Dilithium is one of three signature finalists in the NIST post-quantum project (NIST PQC), while Kyber is one of four key-encapsulation mechanism (KEM) finalists.Our optimizations affect the core polynomial arithmetic involving number-theoretic transforms in both schemes. Our main contributions are threefold: We present a faster signed Barrett reduction for Kyber, propose to switch to a smaller prime modulus for the polynomial multiplications cs1 and cs2 in the signing procedure of Dilithium, and apply various known optimizations to the polynomial arithmetic in both schemes. Using a smaller prime modulus is particularly interesting as it allows using the Fermat number transform resulting in especially fast code.We outperform the state-of-the-art for both Dilithium and Kyber. For Dilithium, our NTT and iNTT are faster by 5.2% and 5.7%. Switching to a smaller modulus results in speed-up of 33.1%-37.6% for the relevant operations (sum of the base multiplication and iNTT) in the signing procedure. For Kyber, the optimizations results in 15.9%-17.8% faster matrix-vector product which is a core arithmetic operation in Kyber.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Faster Kyber and Dilithium on the Cortex-M4

Abdulrahman

Hwang²,

Kannwischer³

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The superiority of safegcd has also provided new solution approaches for other algorithms. In [23], researchers proposed three polynomial multiplication methods based on NTT and implemented them on Cortex-M4 microcontrollers using safegcd. Similarly, researchers [24] have studied public key compression capabilities using safegcd.…”

Section: Introduction 1related Workmentioning

confidence: 99%

A Novel JSF-Based Fast Implementation Method for Multiple-Point Multiplication

Chen,

2023

Electronics

View full text Add to dashboard Cite

ECC is a popular public-key cryptographic algorithm, but it lacks an effective solution to multiple-point multiplication. This paper proposes a novel JSF-based fast implementation method for multiple-point multiplication. The proposed method requires a small storage space and has high performance, making it suitable for resource-constrained IoT application scenarios. This method stores and encodes the required coordinates in the pre-computation phase and uses table lookup operations to eliminate the conditional judgment operations in JSF-5, which improves the efficiency by about 70% compared to the conventional JSF-5 in generating the sparse form. This paper utilizes Co-Z combined with safegcd to achieve low computational complexity for curve coordinate pre-computation, which further reduces the complexity of multiple-point multiplication in the execution phase of the algorithm. The experiments were performed with two short Weierstrass elliptic curves, nistp256r1 and SM2. In comparison to the various CPU architectures used in the experiments, our proposed method showed an improvement of about 3% over 5-NAF.

show abstract