Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware

Pöppelmann, Thomas; Güneysu, Tim

doi:10.1007/978-3-642-33481-8_8

Cited by 118 publications

(92 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This chapter contains only preliminaries but no original work by the author of this thesis. The background regarding the NTT and polynomial multiplication is based on [PG12,GLP15] and some general content from [OPG14, HPO + 15] is included. The description of the Bernoulli and convolution cumulative distribution table (CDT) samplers originally appeared in [PDG14a,PDG14b].…”

Section: Chaptermentioning

confidence: 99%

“…It supports a simple instruction set suitable to realize the polynomial arithmetic of RLWEenc encryption (see Chapter 5) as well as parts of GLP and BLISS signatures (see Chapter 7). This chapter is mainly based on work published in [PG12]. However, more detailed coverage of efficient methods to realize the processing element (PE) and general improvements to the architecture have been added.…”

Section: Chapter 4 Polynomial Multiplication On Reconfigurable Hardwarementioning

confidence: 99%

“…In this section we discuss follow-up works by other authors [APS13, CMV + 14, RVM + 14] works who directly refer to the original publication of the proposed polynomial multiplier [PG12] or the microcode engine [PG13] for comparison.…”

Section: Review Of Follow-up Work On Polynomial Multiplicationmentioning

confidence: 99%

“…and somewhat homomorphic encryption (SHE) [NLV11] parameter sets of [PG12] has been given by Chen et al in [CMV + 14]. Their design goal is high speed and low latency which is achieved by using two PEs and two additional integer modular multipliers.…”

Section: Polynomial Multiplier By Chen Et Al [Cmvmentioning

confidence: 99%

“…Additional optimizations include the precomputation of n −1 ψ −i (instead of just ψ −i ) for 0 ≤ i < n and the observation that in the first FFT stage multiplications by ω 0 = 1 can be removed. The authors further introduce a method to select primes that lead to an efficient implementation of modular reduction based on the techniques introduced by Solinas [Sol99] that were also used previously for efficient modular reduction in [PG12,GLP12]. 4.…”

Section: Polynomial Multiplier By Chen Et Al [Cmvmentioning

confidence: 99%

See 4 more Smart Citations

Efficient implementation of ideal lattice-based cryptography

Pöppelmann¹

2017

It - Information Technology

Self Cite

View full text Add to dashboard Cite

Digital signatures and public-key encryption are used to protect almost any secure communication channel on the Internet or between embedded devices. Currently, protocol designers and engineers usually rely on schemes that are either based on the factoring assumption (RSA) or on the hardness of the discrete logarithm problem (DSA/ECDSA). But in case of advances in classical cryptanalysis or progress on the development of quantum computers the hardness of these closely related problems might be seriously weakened. In order to prepare for such an event, research on alternatives is required to provide long-term security.In this thesis, we focus on the efficient implementation of such alternative public-key cryptosystems whose security is based on the intractability of certain computational problems on ideal lattices. While an extensive theoretical background exists for lattice-based and ideal latticebased cryptography, not much is known about the efficiency of practical instantiations, especially on constrained and cost-sensitive platforms. We thus investigate novel algorithms and implementation techniques for fast and flexible polynomial multiplication and Gaussian sampling and then use these building blocks to implement public-key encryption and signature schemes. The results provided in this thesis show that lattice-based schemes can be optimized for high performance or resource efficiency on embedded microcontrollers and reconfigurable hardware. Our implementations of a public-key encryption scheme based on the ring learning with errors problems (RLWE) or of the bimodal lattice signature scheme (BLISS) can even outperform classical ECC-and RSA-based implementations.Lattice-based cryptography can also be used to realize homomorphic cryptography that allows computation on encrypted data. However, due to the large parameter sets and complex operations required, even for simple homomorphic evaluation operations, the performance of these schemes is a major issue preventing practical usage. In this thesis we investigate options for acceleration of homomorphic cryptography in a cloud environment using reconfigurable hardware. We implement all evaluation operations of the YASHE homomorphic encryption scheme and propose methods to deal with large ciphertext and key sizes as well as limited memory bandwidth. KeywordsPost-quantum cryptography, public-key cryptosystem, embedded system, microcontroller, FPGA KurzfassungDigitale Signaturen und Public-Key-Verschlüsselung werden für den Schutz nahezu jeder sicheren Kommunikation über das Internet oder zwischen eingebetteten Systemen genutzt. Die Sicherheit basiert dabei entweder auf der Faktorisierungsannahme (RSA) oder der Annahme, dass es schwer ist, das diskrete Logarithmus-Problem (DSA/ECDSA) zu lösen. Durch Fortschritte in der klassischen Kryptoanalyse oder bei der Entwicklung von Quantencomputern könnten diese Probleme allerdings in Zukunft ernsthaft geschwächt oder gelöst werden. Daher ist Forschung zu alternativen Public-Key-Kryptosystemen erforderlich, die in ...

show abstract

Section: Chaptermentioning

confidence: 99%

Section: Chapter 4 Polynomial Multiplication On Reconfigurable Hardwarementioning

confidence: 99%

Section: Review Of Follow-up Work On Polynomial Multiplicationmentioning

confidence: 99%

Section: Polynomial Multiplier By Chen Et Al [Cmvmentioning

confidence: 99%

Section: Polynomial Multiplier By Chen Et Al [Cmvmentioning

confidence: 99%

See 3 more Smart Citations

Efficient implementation of ideal lattice-based cryptography

Pöppelmann¹

2017

It - Information Technology

Self Cite

View full text Add to dashboard Cite

show abstract

Elliptic‐curve cryptography for wireless sensor network nodes without hardware multiplier support

Gulen

Baktır

2016

Security Comm Networks

View full text Add to dashboard Cite

With its relatively small key size, elliptic‐curve cryptography (ECC) is considered as the public‐key cryptographic algorithm of choice for wireless sensor networks (WSNs). In this work, we implemented ECC in the frequency domain, that is, by using the number theoretic transform, and without using hardware multiplier support, on the constrained MSP430 microcontroller widely used in WSNs. Our 169‐bit ECC implementation uses Edwards curves and performs scalar point multiplication in only 1.97 and 0.98 s for multiplication of random and fixed points, respectively. Unlike many implementations in literature, our implementation does not use hardware multiplier support, which makes it desirable for low‐power applications on constrained WSN platforms. To our knowledge, this study presents the first ever software implementation of ECC in the frequency domain on a constrained low‐power microcontroller without hardware multiplier support. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract