Abstract
With the development of quantum computers, NIST started post-quantum cryptography standardization to design post-quantum-secure cryptographic algorithms. Saber is a cryptosystem in third-round public-key encryption and key-establishment algorithm finalists. Because of its power of 2 number theoretic transform (NTT)-unfriendly ring, originally, Karatsuba polynomial multiplication algorithm (KPMA) and Toom-Cook polynomial multiplication algorithm (TCPMA) are used to speed up its computation-intensive matrix-vector multiplications. In later studies, NTT-based methods are applied to Saber on ARM platforms and result in a 61% speed-up. This work aims at adapting Saber with existing polynomial multiplication algorithms (PMAs), including non-NTT-based and NTT-based PMAs, to two energy-efficient RISC-V development boards, SiFive HiFive1 Rev B as well as Terasic T-Core. A 32-bit multiplier adapting Barrett reduction is designed to solve the overflow problem caused by RISC-V platform limitation. Experiment results show that the computation complexity depends on the algorithm choice and the underlying platform. NTT-based algorithms analytically have obvious advantages compared with non-NTT-based PMAs. However, the on-board cycle count on T-Core shows that NTT-based algorithms may have no comparability with non-NTT-based algorithms due to the high complexity overflow solutions. In addition, using the newly designed 32-bit multiplier can result in a 36.4% speed-up in practice. These results suggest several criteria for selecting algorithms on different platforms. This project can serve as a reference for future exploratory studies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdulrahman, A., Chen, J., Chen, Y., Hwang, V., Kannwischer, M.J., Yang, B.: Multi-moduli NTTs for saber on Cortex-M3 and Cortex-M4. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 127–151 (2022). https://doi.org/10.46586/tches.v2022.i1.127-151
Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_19
Bodrato, M., Zanoni, A.: Integer and polynomial multiplication: towards optimal Toom-Cook matrices. In: Wang, D. (ed.) Proceedings of the 2007 International Symposium on Symbolic and Algebraic Computation, ISSAC 2007, Waterloo, Ontario, Canada, 28 July–1 August 2007, pp. 17–24. ACM (2007). https://doi.org/10.1145/1277548.1277552
Chung, C.M., Hwang, V., Kannwischer, M.J., Seiler, G., Shih, C., Yang, B.: NTT multiplication for NTT-unfriendly rings new speed records for Saber and NTRU on Cortex-M4 and AVX2. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(2), 159–188 (2021). https://doi.org/10.46586/tches.v2021.i2.159-188
D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_16
Fritzmann, T., et al.: Masked accelerators and instruction set extensions for post-quantum cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 414–460 (2022). https://doi.org/10.46586/tches.v2022.i1.414-460
Fritzmann, T., Sigl, G., Sepúlveda, J.: RISQ-V: tightly coupled RISC-V accelerators for post-quantum cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 239–280 (2020). https://doi.org/10.13154/tches.v2020.i4.239-280
Hwang, V., et al.: Verified NTT multiplications for NISTPQC KEM lattice finalists: Kyber, SABER, and NTRU. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(4), 718–750 (2022). https://doi.org/10.46586/tches.v2022.i4.718-750
Mera, J.M.B., Karmakar, A., Verbauwhede, I.: Time-memory trade-off in Toom-Cook multiplication: an application to module-lattice based cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 222–244 (2020). https://doi.org/10.13154/tches.v2020.i2.222-244
Ye, Z., Cheung, R.C.C., Huang, K.: PipeNTT: a pipelined number theoretic transform architecture. IEEE Trans. Circ. Syst. II Express Briefs 69(10), 4068–4072 (2022). https://doi.org/10.1109/TCSII.2022.3184703
Zhang, N., Yang, B., Chen, C., Yin, S., Wei, S., Liu, L.: Highly efficient architecture of NewHope-NIST on FPGA using low-complexity NTT/INTT. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 49–72 (2020). https://doi.org/10.13154/tches.v2020.i2.49-72
Acknowledgments
The authors would like to thank the anonymous reviewers for their constructive suggestions and comments on our paper. This work is partially supported by the National Natural Science Foundation of China (No. 62002023), Guangdong Provincial Key Laboratory of Interdisciplinary Research and Application for Data Science, BNU-HKBU United International College (2022B1212010006), and UIC research grant (R0400001-22).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, H., Su, R., Lin, R., Dong, J., Chen, D. (2023). Efficient Arithmetic for Polynomial Multiplication in Post-quantum Lattice-Based Cryptosystem on RISC-V Platform. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-41181-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-41180-9
Online ISBN: 978-3-031-41181-6
eBook Packages: Computer ScienceComputer Science (R0)