Abstract
Multiplication on polynomial rings has been widely used in public-key cryptographic schemes based on ideal lattices. It is an important module that significantly affects the efficiency of the schemes. Improved Preprocess-then-NTT (IPtNTT) is an algorithm which can fast realize multiplication on polynomial rings. Compared with the Number Theoretic Transform (NTT), the IPtNTT weakens the parameter restriction of lattice-based public-key cryptographic schemes. By optimizing the IPtNTT with the AVX2 instruction set, we reduce the clock cycles consumed by multiplication on polynomial rings to 15%–22%. According to the experimental results, we give specific suggestions on using AVX2 optimized IPtNTT to realize multiplication on polynomial rings with different parameters chosen in lattice-based public-key cryptosystems.
Highlights
Lattice-based public-key cryptography has emerged as a hot research direction in postquantum cryptography
Compared with the classic hard lattice problems such as the shortest vector problem and the closest vector problem, the Learning with Errors (LWE) problem [1] seems more suitable for constructing lattice-based public-key cryptographic schemes, especially the Ring-Learning with Errors (RLWE) problem [2] on which NEWHOPE is based, and the ModuleLearning with Errors (MLWE) problem [3] on which KYBER is based
Having made several experiments with some common parameters used in lattice-based public-key encryption schemes, we compare the implementation efficiency before and after optimization. e experimental results show that the clock cycles consumed by AVX2 optimized αIPtNTTare 15%–22% of standard C implementation
Summary
Lattice-based public-key cryptography has emerged as a hot research direction in postquantum cryptography. Various algorithms including Karatsuba algorithm [4, 5] and Fast Fourier Transform (FFT) algorithm [6] have been proposed to improve the implementation efficiency of polynomial multiplication. The condition that q and n must satisfy to fasten the multiplication on polynomial rings through NTT severely limits the parameter selection in lattice-based public-key cryptosystem. Seiler [9] presented a method to optimize NTT with AVX2 instructions to implement NTT more efficiently. Having made several experiments with some common parameters used in lattice-based public-key encryption schemes, we compare the implementation efficiency before and after optimization. According to the experimental results, we give specific suggestions on using AVX2 optimized IPtNTT to realize multiplication on polynomial rings with certain q and n.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
