Abstract
A signature scheme based on multivariate quadratic equations, Rainbow, was selected as one of digital signature finalists for NIST Post-Quantum Cryptography Standardization Round 3. In this paper, we provide efficient implementations of Rainbow and UOV using the AVX2 instruction set. These efficient implementations include several optimizations for signing to accelerate solving linear systems and the Vinegar value substitution. We propose a new block matrix inversion (BMI) method using the Lower-Diagonal-Upper decomposition of blocks matrices based on the Schur complement that accelerates solving linear systems. Compared to UOV implemented with Gaussian elimination, our implementations with the BMI result in speedups of 12.36%, 24.3%, and 34% for signing at security categories I, III, and V, respectively. Compared to Rainbow implemented with Gaussian elimination, our implementations with the BMI result in speedups of 16.13% and 20.73% at the security categories III and V, respectively. We show that precomputation for the Vinegar value substitution and solving linear systems dramatically improve their signing. UOV with precomputation is 16.9 times, 35.5 times, and 62.8 times faster than UOV without precomputation at the three security categories, respectively. Rainbow with precomputation is 2.1 times, 2.2 times, and 2.8 times faster than Rainbow without precomputation at the three security categories, respectively. We then investigate resilience against leakage or reuse of the precomputed values in UOV and Rainbow to use the precomputation securely: leakage or reuse of the precomputed values leads to their full secret key recoveries in polynomial-time.
Highlights
Developments of a quantum computer have inspired great interest in post-quantum cryptographic primitives that are believed to remain secure against a quantum computer
We implement Unbalanced Oil-and-Vinegar (UOV) with the new parameters and Rainbow with the modified parameters submitted to NIST Post-Quantum Cryptography (PQC) at the three security categories I, III, and V [DCP+20a]
We provide implementations of UOV and Rainbow based on codes submitted to NIST PQC Standardization Round 3 [DCP+20b]
Summary
Developments of a quantum computer have inspired great interest in post-quantum cryptographic primitives that are believed to remain secure against a quantum computer. Ward Beullens [Beu20] gave new intersection attacks on UOV and Rainbow, and MinRank attacks on Rainbow He claimed that the attacks reduced the cost of a key recovery by a factor of 216, 230, and 246 for the parameter sets of Rainbow submitted to NIST PQC at three security categories, respectively. We implement UOV with the new parameters and Rainbow with the modified parameters submitted to NIST PQC at the three security categories I, III, and V [DCP+20a] After profiling their implementations, we determine target optimizations. We present efficient UOV/Rainbow implementations with our optimizations using the AVX2 instruction set and investigate their speedups compared to the original schemes.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.