Abstract
We investigate the use of the Dilithium post-quantum digital signature scheme on memory-constrained systems. Reference and optimized implementations of Dilithium in the benchmarking framework pqm4 (Cortex-M4) require 50–100 KiB of memory, demonstrating the significant challenge to use Dilithium on small Internet-of-Things platforms. We show that compressing polynomials, using an alternative number theoretic transform, and falling back to the schoolbook method for certain multiplications reduces the memory footprint significantly. This results in the first implementation of Dilithium for which the recommended parameter set requires less than 7 KiB of memory for key and signature generation and less than 3 KiB of memory for signature verification. We also provide benchmark details of a portable implementation in order to estimate the performance impact when using these memory reduction methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Accessed February 14, 2022 using revision 3bfbbfd3.
- 2.
These numbers are for NIST round-2 Dilithium and do not directly apply to the round-3 version.
- 3.
- 4.
Commit hash e47864b3, forked on 8 Oct 2021.
- 5.
As of early 2022, this implementation has replaced the port of [8] in pqm4.
- 6.
arm-none-eabi-gcc (15:9-2019-q4-0ubuntu1) 9.2.1 20191025 (release) [ARM/arm-9-branch revision 277599].
- 7.
References
Abdulrahman, A., Hwang, V., Kannwischer, M.J., Sprenkels, A.: Faster Kyber and Dilithium on the Cortex-M4. In: Applied Cryptography and Network Security: 20th International Conference, ACNS 2022, pp. 853–871. Rome, Italy, 20–23 June 2022. Proceedings Jun 2022. https://doi.org/10.1007/978-3-031-09234-3_42
Akleylek, S., Bindel, N., Buchmann, J., Krämer, J., Marson, G.A.: An efficient lattice-based signature scheme with provably secure instantiation. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 44–60. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31517-1_3
Albrecht, M.R., Hanser, C., Hoeller, A., Pöppelmann, T., Virdia, F., Wallner, A.: Implementing RLWE-based schemes using an RSA co-processor. IACR TCHES 2019, 169–208 (2018). https://doi.org/10.13154/tches.v2019.i1.169-208. https://tches.iacr.org/index.php/TCHES/article/view/7338
Bos, J.W., Renes, J., van Vredendaal, C.: Polynomial multiplication with contemporary co-processors: beyond Kronecker, Schönhage-Strassen & Nussbaumer (to appear). In: USENIX Security Symposium. USENIX Association (2022). https://eprint.iacr.org/2020/1303
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS 2012, pp. 309–325. ACM (2012). https://doi.org/10.1145/2090236.2090262
The CRYSTALS-Dilithium team: A lattice-based digital signature scheme. IACR TCHES 2018(1), 238–268 (2018). https://doi.org/10.13154/tches.v2018.i1.238-268. https://tches.iacr.org/index.php/TCHES/article/view/839
Faz-Hernández, A., Kwiatkowski, K.: Introducing CIRCL: an advanced cryptographic library. Cloudflare (2019). https://github.com/cloudflare/circl. v1.1.0 Accessed Feb 2022
Greconici, D.O.C., Kannwischer, M.J., Sprenkels, A.: Compact Dilithium implementations on Cortex-M3 and Cortex-M4. IACR TCHES 2021(1), 1–24 (2021). https://doi.org/10.46586/tches.v2021.i1.1-24. https://tches.iacr.org/index.php/TCHES/article/view/8725
Harvey, D.: Faster polynomial multiplication via multipoint Kronecker substitution. J. Symb. Comput. 44(10), 1502–1510 (2009). https://doi.org/10.1016/j.jsc.2009.05.004
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: Post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: testing and benchmarking NIST PQC on ARM Cortex-M4. Workshop Record of the Second PQC Standardization Conference (2019)
Kannwischer, M.J., Schwabe, P., Stebila, D., Wiggers, T.: Improving software quality in cryptography standardization projects. Cryptology ePrint Archive, Report 2022/337 (2022). https://eprint.iacr.org/2022/337
Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of Fiat-shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552–586. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_18
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5
Kronecker, L.: Grundzüge einer arithmetischen Theorie der algebraischen Grössen. J. für die reine und angewandte Mathematik 92, 1–122 (1882). https://doi.org/10.1515/9783112342404-001
Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565–599 (2014). https://doi.org/10.1007/s10623-014-9938-4
Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_35
Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_43
Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM. Technical Report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Maayan, G.D.: The IoT rundown for 2020: stats, risks, and solutions. https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for-2020.aspx
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
National Institute of Standards and Technology: Post-quantum cryptography standardization. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization
Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th ACM STOC, pp. 461–473. ACM Press (2017). https://doi.org/10.1145/3055399.3055489
Ravi, P., Gupta, S.S., Chattopadhyay, A., Bhasin, S.: Improving speed of Dilithium’s signing procedure. In: Belaïd, S., Güneysu, T. (eds.) CARDIS 2019. LNCS, vol. 11833, pp. 57–73. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42068-0_4
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press (2005). https://doi.org/10.1145/1060590.1060603
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. Assoc. Comput. Mach. 21(2), 120–126 (1978). https://dl.acm.org/doi/10.1145/359340.359342
Wang, W., Tian, S., Jungk, B., Bindel, N., Longa, P., Szefer, J.: Parameterized hardware accelerators for lattice-based cryptography. IACR TCHES 2020(3), 269–306 (2020). https://doi.org/10.13154/tches.v2020.i3.269-306. https://tches.iacr.org/index.php/TCHES/article/view/8591
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bos, J.W., Renes, J., Sprenkels, A. (2022). Dilithium for Memory Constrained Devices. In: Batina, L., Daemen, J. (eds) Progress in Cryptology - AFRICACRYPT 2022. AFRICACRYPT 2022. Lecture Notes in Computer Science, vol 13503. Springer, Cham. https://doi.org/10.1007/978-3-031-17433-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-17433-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17432-2
Online ISBN: 978-3-031-17433-9
eBook Packages: Computer ScienceComputer Science (R0)