Skip to main content
Springer Nature Link
Log in

Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware

  • Conference paper
Progress in Cryptology – LATINCRYPT 2012 (LATINCRYPT 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7533))

Abstract

In recent years lattice-based cryptography has emerged as quantum secure and theoretically elegant alternative to classical cryptographic schemes (like ECC or RSA). In addition to that, lattices are a versatile tool and play an important role in the development of efficient fully or somewhat homomorphic encryption (SHE/FHE) schemes. In practice, ideal lattices defined in the polynomial ring ℤ p [x]/〈x n + 1〉 allow the reduction of the generally very large key sizes of lattice constructions. Another advantage of ideal lattices is that polynomial multiplication is a basic operation that has, in theory, only quasi-linear time complexity of \({\mathcal O}(n \log{n})\) in ℤ p [x]/〈x n + 1〉. However, few is known about the practical performance of the FFT in this specific application domain and whether it is really an alternative. In this work we make a first step towards efficient FFT-based arithmetic for lattice-based cryptography and show that the FFT can be implemented efficiently on reconfigurable hardware. We give instantiations of recently proposed parameter sets for homomorphic and public-key encryption. In a generic setting we are able to multiply polynomials with up to 4096 coefficients and a 17-bit prime in less than 0.5 milliseconds. For a parameter set of a SHE scheme (n=1024,p=1061093377) our implementation performs 9063 polynomial multiplications per second on a mid-range Spartan-6.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Agarwal, R., Burrus, C.: Fast convolution using fermat number transforms with applications to digital filtering. IEEE Transactions on Acoustics, Speech and Signal Processing 22(2), 87–97 (1974)

    Article  MathSciNet  Google Scholar 

  2. Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM (1996)

    Google Scholar 

  3. Arbitman, Y., Dogon, G., Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFTX: A proposal for the SHA-3 standard. Submission to NIST (2008)

    Google Scholar 

  4. Atici, A.C., Batina, L., Fan, J., Verbauwhede, I., Yalcin, S.B.O.: Low-cost implementations of NTRU for pervasive security. In: International Conference on Application-Specific Systems, Architectures and Processors, ASAP 2008, pp. 79–84. IEEE (2008)

    Google Scholar 

  5. Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262–272. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Baktir, S., Kumar, S., Paar, C., Sunar, B.: A state-of-the-art elliptic curve cryptographic processor operating in the frequency domain. Mob. Netw. Appl. 12(4), 259–270 (2007)

    Article  Google Scholar 

  7. Baktir, S., Sunar, B.: Achieving efficient polynomial multiplication in fermat fields using the fast fourier transform. In: Proceedings of the 44th Annual Southeast Regional Conference, ACM-SE 44, pp. 549–554. ACM, New York (2006)

    Chapter  Google Scholar 

  8. Bergland, G.: Fast fourier transform hardware implementations–an overview. IEEE Transactions on Audio and Electroacoustics 17(2), 104–108 (1969)

    Article  Google Scholar 

  9. Bernstein, D.J.: Fast multiplication and its applications. Algorithmic Number Theory 44, 325–384 (2008)

    Google Scholar 

  10. Blahut, R.E.: Fast Algorithms for Signal Processing. Cambridge University Press (2010)

    Google Scholar 

  11. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 18, p. 111 (2011)

    Google Scholar 

  12. Buchmann, J., May, A., Vollmer, U.: Perspectives for cryptographic long-term security. Communications of the ACM 49(9), 50–55 (2006)

    Article  Google Scholar 

  13. Buchmann, J., Lindner, R.: Secure Parameters for SWIFFT. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 1–17. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Cheng, L.S., Miri, A., Yeap, T.H.: Efficient FPGA implementation of FFT based multipliers. In: Canadian Conference on Electrical and Computer Engineering, pp. 1300–1303. IEEE (2005)

    Google Scholar 

  15. Cooley, J.W., Tukey, J.W.: An algorithm for the machine calculation of complex fourier series. Math. Comput 19(90), 297–301 (1965)

    Article  MathSciNet  MATH  Google Scholar 

  16. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press (July 2009)

    Google Scholar 

  17. Corona, C.C., Moreno, E.F., Henriquez, F.R., et al.: Hardware design of a 256-bit prime field multiplier suitable for computing bilinear pairings. In: 2011 International Conference on Reconfigurable Computing and FPGAs (ReConFig), pp. 229–234. IEEE (2011)

    Google Scholar 

  18. Deschamps, J.P., Sutter, G.: Comparison of FPGA implementation of the mod M reduction. Latin American Applied Research 37(1), 93–97 (2007)

    Google Scholar 

  19. Dreschmann, M., Meyer, J., Huebner, M., Schmogrow, R., Hillerkuss, D., Becker, J., Leuthold, J., Freude, W.: Implementation of an Ultra-High Speed 256-Point FFT for Xilinx Virtex-6 Devices. In: 2011 9th IEEE International Conference on Industrial Informatics (INDIN), pp. 829–834 (July 2011)

    Google Scholar 

  20. Emeliyanenko, P.: Efficient Multiplication of Polynomials on Graphics Hardware. In: Dou, Y., Gruber, R., Joller, J.M. (eds.) APPT 2009. LNCS, vol. 5737, pp. 134–149. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Frederiksen, T.K.: A practical implementation of Regev’s LWE-based cryptosystem (2010), http://daimi.au.dk/~jot2re/lwe/resources/A%20Practical%20Implementation%20of%20Regevs%20LWE-based%20Cryptosystem.pdf

  22. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Proceedings of the Theory and Applications of Cryptographic Techniques 27th Annual International Conference on Advances in Cryptology, pp. 31–51. Springer (2008)

    Google Scholar 

  23. Gautam, V., Ray, K.C., Haddow, P.: Hardware efficient design of variable length FFT processor. In: 2011 IEEE 14th International Symposium on Design and Diagnostics of Electronic Circuits Systems (DDECS), pp. 309–312 (April 2011)

    Google Scholar 

  24. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM (2009)

    Google Scholar 

  25. Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. IACR Cryptology ePrint Archive, 2012:99 (2012)

    Google Scholar 

  26. Göttert, N., Feller, T., Schneider, M., Huss, S.A., Buchmann, J.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Cryptographic Hardware and Embedded Systems–CHES 2012 (2012)

    Google Scholar 

  27. Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: A signature scheme for embedded systems. In: Cryptographic Hardware and Embedded Systems–CHES 2012 (2012)

    Google Scholar 

  28. Güneysu, T., Paar, C.: Ultra High Performance ECC over NIST Primes on Commercial FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 62–78. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  29. Györfi, T., Cret, O., Hanrot, G., Brisebarre, N.: High-throughput hardware architecture for the SWIFFT / SWIFFTX hash functions. In: IACR Cryptology ePrint Archive, 2012:343 (2012)

    Google Scholar 

  30. Hoffstein, J., Pipher, J., Silverman, J.: NTRU: A ring-based public key cryptosystem. Algorithmic Number Theory, 267–288 (1998)

    Google Scholar 

  31. Kamal, A.A., Youssef, A.M.: An FPGA implementation of the NTRUEncrypt cryptosystem. In: 2009 International Conference on Microelectronics (ICM), pp. 209–212. IEEE (2009)

    Google Scholar 

  32. Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady 7, 595 (1963)

    Google Scholar 

  33. Lindner, R., Peikert, C.: Better Key Sizes (and Attacks) for LWE-Based Encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  34. Lyubashevsky, V.: Lattice-Based Identification Schemes Secure Under Active Attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  35. Lyubashevsky, V., Micciancio, D.: Generalized Compact Knapsacks Are Collision Resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  36. Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  37. Lyubashevsky, V.: Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  38. Lyubashevsky, V.: Lattice Signatures without Trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  39. Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: A Modest Proposal for FFT Hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  40. Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  41. Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity 16(4), 365–411 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  42. Micciancio, D., Regev, O.: Lattice-based cryptography. In: Post-Quantum Cryptography, pp. 147–191 (2009)

    Google Scholar 

  43. Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 113–124. ACM, New York (2011)

    Chapter  Google Scholar 

  44. Pease, M.C.: An adaptation of the fast fourier transform for parallel processing. J. ACM 15(2), 252–264 (1968)

    Article  MATH  Google Scholar 

  45. Percival, C.: Rapid multiplication modulo the sum and difference of highly composite numbers. Mathematics of Computation 72(241), 387–396 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  46. Pollard, J.M.: The fast fourier transform in a finite field. Mathematics of Computation 25(114), 365–374 (1971)

    Article  MathSciNet  MATH  Google Scholar 

  47. Rader, C.M.: Discrete convolutions via mersenne transforms. IEEE Transactions on Computers 100(12), 1269–1273 (1972)

    Article  MathSciNet  Google Scholar 

  48. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, May 22-24, p. 84. ACM Press (2005)

    Google Scholar 

  49. Regev, O.: The learning with errors problem. Invited Survey in CCC (2010)

    Google Scholar 

  50. Rückert, M., Schneider, M.: Estimating the security of lattice-based cryptosystems. Cryptology ePrint Archive, Report 2010/137 (2010), http://eprint.iacr.org/

  51. Schönhage, A., Strassen, V.: Schnelle Multiplikation Grosser Zahlen. Computing 7(3), 281–292 (1971)

    Article  MATH  Google Scholar 

  52. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 1994 Proceedings of 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society Press, Los Alamitos (1994)

    Chapter  Google Scholar 

  53. Shoup, V.: NTL: A library for doing number theory (2001)

    Google Scholar 

  54. Stehlé, D., Steinfeld, R.: Making NTRU as Secure as Worst-Case Problems Over Ideal Lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  55. Suleiman, A., Saleh, H., Hussein, A., Akopian, D.: A family of scalable FFT architectures and an implementation of 1024-point radix-2 FFT for real-time communications. In: IEEE International Conference on Computer Design, ICCD 2008, pp. 321–327 (October 2008)

    Google Scholar 

  56. von zur Gathen, J., Shokrollahi, J.: Efficient FPGA-based Karatsuba multipliers for polynomials over \(\mathbb{F}_2\). In: Selected Areas in Cryptography, pp. 359–369. Springer (2006)

    Google Scholar 

  57. Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba algorithm for polynomial multiplication (2003)

    Google Scholar 

  58. Wey, C.-L., Lin, S.-Y., Tang, W.-C.: Efficient memory-based FFT processors for OFDM applications. In: 2007 IEEE International Conference on Electro/Information Technology, pp. 345–350 (May 2007)

    Google Scholar 

  59. Winkler, F.: Polynomial Algorithms in Computer Algebra (Texts and Monographs in Symbolic Computation), 1st edn. Springer (August 1996)

    Google Scholar 

  60. Xilinx. Smartxplorer for ISE project navigator users, Version 12.1 (2010), http://www.xilinx.com/support/documentation/sw_manuals/xilinx13_1/ug689.pdf

  61. Yao, Y., Huang, J., Khanna, S., Shelat, A., Calhoun, B.H., Lach, J., Evans, D.: A sub-0.5V lattice-based public-key encryption scheme for RFID platforms in 130nm CMOS. In: Workshop on RFID Security (RFIDsec 2011 Asia), Cryptology and Information Security, pp. 96–113. IOS Press (April 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

    Thomas Pöppelmann & Tim Güneysu

Authors
  1. Thomas Pöppelmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tim Güneysu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Chile, Blanco Encalada 2120, Tercer Piso, Santiago, Chile

    Alejandro Hevia

  2. IBM Research - Zürich, Säumerstrasse 4, 8803, Rüschlikon, Switzerland

    Gregory Neven

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pöppelmann, T., Güneysu, T. (2012). Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware. In: Hevia, A., Neven, G. (eds) Progress in Cryptology – LATINCRYPT 2012. LATINCRYPT 2012. Lecture Notes in Computer Science, vol 7533. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33481-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33481-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33480-1

  • Online ISBN: 978-3-642-33481-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics