Abstract
Saber, a CCA-secure lattice-based post-quantum key encapsulation scheme, is one of the second round candidate algorithms in the post-quantum cryptography standardization process of the US National Institute of Standards and Technology (NIST) in 2019. In this work, we provide an efficient implementation of Saber on ESP32, an embedded microcontroller designed for IoT environment with WiFi and Bluetooth support. RSA coprocessor was used to speed up the polynomial multiplications for Kyber variant in a CHES 2019 paper. We propose an improved implementation utilizing the big integer coprocessor for the polynomial multiplications in Saber, which contains significant lower software overhead and takes a better advantage of the big integer coprocessor on ESP32. By using the fast implementation of polynomial multiplications, our single-core version implementation of Saber takes 1639K, 2123K, 2193K clock cycles on ESP32 for key generation, encapsulation and decapsulation respectively. Benefiting from the dual core feature on ESP32, we speed up the implementation of Saber by rearranging the computing steps and assigning proper tasks to two cores executing in parallel. Our dual-core version implementation takes 1176K, 1625K, 1514K clock cycles for key generation, encapsulation and decapsulation respectively.
This work has been supported by National Natural Science Foundation of China (Grant No. 61602475, No. 61802395) and by National Cryptographic Foundation of China (Grant No. MMJJ20170212).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf
NIST post-quantum cryptography round 1 submissions (2017). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions
TSR Report: 2017 wireless connectivity market analysis (2018). www.t-s-r.co.jp/e/report/4543.html
Espressif milestones (2019). www.espressif.com/en/company/about-us/milestones
mbedtls (2019). https://tls.mbed.org/
ESP32 development-boards (2019). https://www.espressif.com/en/products/hardware/development-boards
ESP32 software development kit (2019). https://github.com/espressif/arduino-esp32
FreeRTOS (2019). https://www.freertos.org/
NIST post-quantum cryptography round 2 submissions (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions
Albrecht, M.R., Hanser, C., Höller, A., Pöppelmann, T., Virdia, F., Wallner, A.: Implementing RLWE-based schemes using an RSA co-processor. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(1), 169–208 (2019). https://doi.org/10.13154/tches.v2019.i1.169-208
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 327–343. USENIX Association (2016). https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/alkim
Bodrato, M., Zanoni, A.: Integer and polynomial multiplication: towards optimal Toom-Cook matrices. In: Wang, D. (ed.) Proceedings of the International Symposium on Symbolic and Algebraic Computation, ISSAC 2007, Waterloo, Ontario, Canada, 28 July–1 August 2007, pp. 17–24. ACM (2007). https://doi.org/10.1145/1277548.1277552
Bos, J.W., et al.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1006–1018. ACM (2016). https://doi.org/10.1145/2976749.2978425
Bos, J.W., et al.: CRYSTALS - kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, 24–26 April 2018, pp. 353–367. IEEE (2018). https://doi.org/10.1109/EuroSP.2018.00032
D’Anvers, J.P., Karmakar, A., Roy, S.S., Vercauteren, F.: Saber algorithm information in the NIST round-1 submissions (2017). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions
D’Anvers, J.P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_16
D’Anvers, J.P., Karmakar, A., Roy, S.S., Vercauteren, F.: Saber algorithm information in the NIST round-2 submissions (2019). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-2-Submissions
Harvey, D.: Faster polynomial multiplication via multipoint kronecker substitution. J. Symb. Comput. 44(10), 1502–1510 (2009). https://doi.org/10.1016/j.jsc.2009.05.004
Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_12
Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in \(\mathbb{Z}_{2^m}[x]\) on Cortex-M4 to speed up NIST PQC candidates. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 281–301. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_14
Karatsuba, A.A., Ofman, Y.P.: Multiplication of many-digital numbers by automatic computers. In: Doklady Akademii Nauk, vol. 145, pp. 293–294. Russian Academy of Sciences (1962)
Karmakar, A., Mera, J.M.B., Roy, S.S., Verbauwhede, I.: Saber on ARM CCA-secure module lattice-based key encapsulation on ARM. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 243–266 (2018). https://doi.org/10.13154/tches.v2018.i3.243-266
Knuth, D.E.: The Art of Computer Programming, Volume I: Fundamental Algorithms, 3rd edn. Addison-Wesley (1997). http://www.worldcat.org/oclc/312910844
Nussbaumer, H.: Fast polynomial transform algorithms for digital convolution. IEEE Trans. Acoust. Speech Signal Process. 28(2), 205–215 (1980)
Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves. arXiv preprint quant-ph/0301141 (2003)
Schönhage, A.: Schnelle multiplikation von polynomen über körpern der charakteristik 2. Acta Inf. 7, 395–398 (1977). https://doi.org/10.1007/BF00289470
Schwabe, P., et al.: Kyber algorithm information in the NIST round-2 submissions (2019). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, B., Gu, X., Yang, Y. (2020). Saber on ESP32. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12146. Springer, Cham. https://doi.org/10.1007/978-3-030-57808-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-57808-4_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57807-7
Online ISBN: 978-3-030-57808-4
eBook Packages: Computer ScienceComputer Science (R0)