ABSTRACT
The mathematical constructs, nature of computations and challenges in optimizing lattice post-quantum cryptographic algorithms on modern many-core processors are discussed in this paper. Identification of time-consuming functions and subsequent hardware optimization using vector units and hardware accelerators of one of the candidates, CRYSTALS-Kyber, leads to performance improvement of around 52% for its SHA3 variant and 83% for its AES variant. Detailed Cycles-per-Instruction (CPI) stack breakdown before and after optimization indicates a CPI of around 0.5 and dominance of load/store operations in these workloads.
- Aug 17, 2020. IBM’s POWER10 Processor on Samsung 7nm. https://www.anandtech.com/show/15985/hot-chips-2020-live-blog-ibms-power10-processor-on-samsung-7nm-1000am-pt (Last accessed Oct 7, 2020).Google Scholar
- August 2015. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Accessed: 2019-10-17.Google Scholar
- July 22, 2020. PQC Standardization Process. https://csrc.nist.gov/News/2020/pqc-third-round-candidate-announcement (Last accessed Aug 1, 2020).Google Scholar
- Miklós Ajtai. 1996. Generating hard instances of lattice problems. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing. ACM, 99–108.Google ScholarDigital Library
- Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. [n.d.]. Post-quantum Key Exchange—A New Hope.Google Scholar
- P. BARRETT. 1987. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. Proc. CRYPTO 1986 (1987), 311–323. https://ci.nii.ac.jp/naid/80003465671/en/Google Scholar
- J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J. M. Schanck, P. Schwabe, G. Seiler, and D. Stehle. 2018. CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM. In 2018 IEEE European Symposium on Security and Privacy (EuroS P). 353–367. https://doi.org/10.1109/EuroSP.2018.00032Google Scholar
- Joppe W. Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, and Douglas Stebila. 2016. Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE. IACR Cryptology ePrint Archive 2016 (2016), 659.Google Scholar
- Jan-Pieter D’Anvers, Angshuman Karmakar, Sujoy Sinha Roy, and Frederik Vercauteren. 2018. SABER: Module-LWR Based Key Exchange, CPA-Secure Encryption and CCA-Secure KEM. In Progress in Cryptology – AFRICACRYPT 2018, Antoine Joux, Abderrahmane Nitaj, and Tajjeeddine Rachidi (Eds.). Springer International Publishing, Cham, 282–305.Google Scholar
- Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In Proceedings of the forty-first annual ACM symposium on Theory of computing. 169–178.Google ScholarDigital Library
- Craig Gentry and Shai Halevi. 2011. Implementing Gentry’s Fully-Homomorphic Encryption Scheme. In Advances in Cryptology – EUROCRYPT 2011, Kenneth G. Paterson (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 129–148.Google ScholarCross Ref
- Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory, Joe P. Buhler (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 267–288.Google ScholarDigital Library
- David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik, and Geovandro Pereira. 2019 (accessed June 7, 2020). Supersingular Isogeny Key Encapsulation. https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissionsGoogle Scholar
- Cameron F. Kerry, Acting Secretary, and Charles Romine Director. 2013. FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS).Google Scholar
- Sandhya Koteshwara, Manoj Kumar, and Pratap Pattnaik. 2020. Performance Optimization of Lattice Post-Quantum Cryptographic Algorithms on Many-Core Processors. In 2020 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). IEEE.Google Scholar
- H. Q. Le, J. A. Van Norstrand, B. W. Thompto, J. E. Moreira, D. Q. Nguyen, D. Hrusecky, M. J. Genden, and M. Kroener. 2018. IBM POWER9 processor core. IBM Journal of Research and Development 62, 4/5 (July 2018), 2:1–2:12. https://doi.org/10.1147/JRD.2018.2854039Google ScholarDigital Library
- Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. In International Conference on Cryptology and Network Security. Springer, 124–139.Google ScholarDigital Library
- Kevin C. Miao, Joseph P. Blanton, Christopher P. Anderson, Alexandre Bourassa, Alexander L. Crook, Gary Wolfowicz, Hiroshi Abe, Takeshi Ohshima, and David D. Awschalom. 2020. Universal coherence protection in a solid-state spin qubit. Science (2020). https://doi.org/10.1126/science.abc5186 arXiv:https://arxiv.org/ftp/arxiv/papers/2005/2005.06082.pdfGoogle Scholar
- Daniele Micciancio and Shafi Goldwasser. 2002. Complexity of Lattice Problems: A Cryptographic Perspective. Springer Science+Business Media, LLC.Google Scholar
- P. L. MONTGOMERY. 1985. Modular multiplication without trial division. Math. Comp. 44(1985), 519–521. https://ci.nii.ac.jp/naid/20001171236/en/Google ScholarCross Ref
- Michael A. Nielsen and Isaac L. Chuang. 2010. Quantum Computation and Quantum Information. Cambridge University Press.Google ScholarDigital Library
- Chris Peikert. 2016. A Decade of Lattice Cryptography. Foundations and Trends® in Theoretical Computer Science 10, 4(2016), 283–424. https://doi.org/10.1561/0400000074Google ScholarDigital Library
- Oded Regev. 2005. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing (Baltimore, MD, USA) (STOC ’05). ACM, New York, NY, USA, 84–93. https://doi.org/10.1145/1060590.1060603Google ScholarDigital Library
- S. K. Sadasivam, B. W. Thompto, R. Kalla, and W. J. Starke. 2017. IBM Power9 Processor Architecture. IEEE Micro 37, 2 (Mar 2017), 40–51. https://doi.org/10.1109/MM.2017.40Google ScholarDigital Library
- Gregor Seiler. 2018. Faster AVX2 optimized NTT multiplication for Ring-LWE lattice cryptography.IACR Cryptology ePrint Archive 2018 (2018), 39.Google Scholar
- Peter W. Shor. 1999. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Rev. 41, 2 (1999), 303 – 332. https://doi.org/10.1137/S0036144598347011Google ScholarDigital Library
- M. Srinivas, B. Sinharoy, R. J. Eickemeyer, R. Raghavan, S. Kunkel, T. Chen, W. Maron, D. Flemming, A. Blanchard, P. Seshadri, J. W. Kellington, A. Mericas, A. E. Petruski, V. R. Indukuru, and S. Reyes. 2011. IBM POWER7 performance modeling, verification, and evaluation. IBM Journal of Research and Development 55, 3 (May 2011), 4:1–4:19. https://doi.org/10.1147/JRD.2011.2147170Google ScholarCross Ref
- Miklós Ajtai. 1996. Generating Hard Instances of Lattice Problems. Electronic Colloquium on Computational Complexity (ECCC) 3, 7(1996). http://eccc.hpi-web.de/eccc-reports/1996/TR96-007/index.htmlGoogle Scholar
Index Terms
- Analysis and Hardware Optimization of Lattice Post-Quantum Cryptography Workloads
Recommendations
Post-Quantum Lattice-Based Cryptography Implementations: A Survey
The advent of quantum computing threatens to break many classical cryptographic schemes, leading to innovations in public key cryptography that focus on post-quantum cryptography primitives and protocols resistant to quantum computing threats. Lattice-...
Lattice-based certificateless encryption scheme
Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does ...
Hidden attribute-based signcryption scheme for lattice
As a novel cryptographic primitive, signcryption realizes the function of digital signature and public-key encryption simultaneously, at a cost significantly lower than that of the traditional sign-then-encrypt approach. To the best of the authors' ...
Comments