research-article

Lattice-based Encryption Over Standard Lattices In Hardware

Authors:

K. BeedenAuthors Info & Claims

DAC '16: Proceedings of the 53rd Annual Design Automation Conference

Article No.: 162, Pages 1 - 6

https://doi.org/10.1145/2897937.2898037

Published: 05 June 2016 Publication History

Abstract

Lattice-based cryptography has gained credence recently as a replacement for current public-key cryptosystems, due to its quantum-resilience, versatility, and relatively low key sizes. To date, encryption based on the learning with errors (LWE) problem has only been investigated from an ideal lattice standpoint, due to its computation and size efficiencies. However, a thorough investigation of standard lattices in practice has yet to be considered. Standard lattices may be preferred to ideal lattices due to their stronger security assumptions and less restrictive parameter selection process.

In this paper, an area-optimised hardware architecture of a standard lattice-based cryptographic scheme is proposed. The design is implemented on a FPGA and it is found that both encryption and decryption fit comfortably on a Spartan-6 FPGA. This is the first hardware architecture for standard lattice-based cryptography reported in the literature to date, and thus is a benchmark for future implementations. Additionally, a revised discrete Gaussian sampler is proposed which is the fastest of its type to date, and also is the first to investigate the cost savings of implementing with λ/2-bits of precision.

Performance results are promising compared to the hardware designs of the equivalent ring-LWE scheme, which in addition to providing stronger security proofs; generate 1272 encryptions per second and 4395 decryptions per second.

References

[1]

M. Ajtai. Generating hard instances of lattice problems (extended abstract). In STOC, pages 99--108, 1996.

Digital Library

[2]

M. Albrecht. Discrete Gaussian samplers over lattices. http://doc.sagemath.org/html/en/reference/\allowbreakstats/sage/stats/distributions/discrete_gaussian_lattice.html, 2014.

[3]

A. Becker and T. Laarhoven. Efficient (ideal) lattice sieving using cross-polytope LSH. IACR Cryptology ePrint Archive, 2015:823, 2015.

[4]

D. J. Bernstein. A subfield-logarithm attack against ideal lattices. http://blog.cr.yp.to/20140213-ideal.html. Feb. 2014. Accessed: 21.10.2015.

[5]

J. W. Bos, M. Naehrig, and J. van de Pol. Sieving for shortest vectors in ideal lattices: a practical perspective. IACR Cryptology ePrint Archive, 2014:880, 2014.

[6]

Z. Brakerski, A. Langlois, C. Peikert, O. Regev, and D. Stehlé. Classical hardness of learning with errors. In STOC, pages 575--584, 2013.

Digital Library

[7]

J. Buchmann, D. Cabarcas, F. Göpfert, A. Hülsing, and P. Weiden. Discrete Ziggurat: A time-memory trade-off for sampling from a Gaussian distribution over the integers. In Selected Areas in Cryptography, pages 402--417, 2013.

[8]

H. Chen, K. Lauter, and K. E. Stange. Attacks on search RLWE. Cryptology ePrint Archive, Report 2015/971, 2015.

[9]

R. Cramer, L. Ducas, C. Peikert, and O. Regev. Recovering short generators of principal ideals in cyclotomic rings. IACR Cryptology ePrint Archive, 2015:313, 2015.

[10]

L. Ducas, A. Durmus, T. Lepoint, and V. Lyubashevsky. Lattice signatures and bimodal Gaussians. In CRYPTO (1), pages 40--56, 2013. Full version: https://eprint.iacr.org/2013/383.pdf.

[11]

K. Eisenträger, S. Hallgren, and K. Lauter. Weak instances of PLWE. In Selected Areas in Cryptography--SAC 2014, pages 183--194. Springer, 2014.

[12]

Y. Elias, K. Lauter, E. Ozman, and K. Stange. Provably weak instances of ring-LWE. In CRYPTO, volume 9215, pages 63--92. 2015.

[13]

C. Gentry, C. Peikert, and V. Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In STOC, pages 197--206, 2008.

Digital Library

[14]

N. Göttert, T. Feller, M. Schneider, J. Buchmann, and S. A. Huss. On the design of hardware building blocks for modern lattice-based encryption schemes. In CHES, pages 512--529, 2012.

Digital Library

[15]

T. Ishiguro, S. Kiyomoto, Y. Miyake, and T. Takagi. Parallel Gauss sieve algorithm: Solving the SVP challenge over a 128-dimensional ideal lattice. In PKC, pages 411--428, 2014.

Digital Library

[16]

D. E. Knuth and A. C. Yao. The complexity of nonuniform random number generation. Algorithms and complexity: new directions and recent results, pages 357--428, 1976.

[17]

R. Lindner and C. Peikert. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA, pages 319--339, 2011.

Digital Library

[18]

V. Lyubashevsky. Lattice signatures without trapdoors. In EUROCRYPT, pages 738--755, 2012.

Digital Library

[19]

V. Lyubashevsky and D. Micciancio. Generalized compact knapsacks are collision resistant. In Automata, Languages and Programming, pages 144--155. Springer, 2006.

Digital Library

[20]

T. Matsumoto and H. Imai. Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In EUROCRYPT, pages 419--453. Springer, 1988.

Digital Library

[21]

R. J. McEliece. A public-key cryptosystem based on algebraic coding theory. DSN progress report, 42(44):114--116, 1978.

[22]

R. C. Merkle. A certified digital signature. In CRYPTO, pages 218--238. Springer, 1990.

Digital Library

[23]

R. Overbeck and N. Sendrier. Code-based cryptography. In Post-Quantum Cryptography, pages 95--145. 2009.

[24]

C. Peikert. An efficient and parallel Gaussian sampler for lattices. In CRYPTO, pages 80--97, 2010.

Digital Library

[25]

T. Pöppelmann, L. Ducas, and T. Güneysu. Enhanced lattice-based signatures on reconfigurable hardware. In CHES, pages 353--370, 2014. Full version: https://eprint.iacr.org/2014/254.pdf.

Digital Library

[26]

T. Pöppelmann and T. Güneysu. Towards practical lattice-based public-key encryption on reconfigurable hardware. In Selected Areas in Cryptography, pages 68--85, 2013.

[27]

T. Pöppelmann and T. Güneysu. Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In ISCAS, pages 2796--2799, 2014.

[28]

O. Regev. On lattices, learning with errors, random linear codes, and cryptography. In STOC, pages 84--93, 2005.

Digital Library

[29]

O. Regev. The learning with errors problem. Invited survey in CCC, 2010.

Digital Library

[30]

S. Rich and B. Gellman. NSA seeks to build quantum computer that could crack most types of encryption. The Washington Post, January 2014.

[31]

S. S. Roy, O. Reparaz, F. Vercauteren, and I. Verbauwhede. Compact and side channel secure discrete Gaussian sampling. IACR Cryptology ePrint Archive, 2014:591, 2014.

[32]

S. S. Roy, F. Vercauteren, N. Mentens, D. D. Chen, and I. Verbauwhede. Compact ring-LWE cryptoprocessor. In CHES, pages 371--391. Springer, 2014.

Digital Library

[33]

S. S. Roy, F. Vercauteren, and I. Verbauwhede. High Precision Discrete Gaussian Sampling on FPGAs. In Selected Areas in Cryptography, pages 1--39, 2013.

[34]

M.-J. O. Saarinen. Gaussian sampling precision and information leakage in lattice cryptography. Cryptology ePrint Archive, Report 2015/953, 2015.

[35]

M. Schneider. Sieving for shortest vectors in ideal lattices. In AFRICACRYPT, pages 375--391, 2013.

[36]

P. W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26(5):1484--1509, Oct. 1997.

Digital Library

Cited By

Xie JZhao WLee HRoy DZhang X(2024)Hardware Circuits and Systems Design for Post-Quantum Cryptography—A Tutorial BriefIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2024.335783671:3(1670-1676)Online publication date: Mar-2024
https://doi.org/10.1109/TCSII.2024.3357836
Ahmadunnisa SMathe S(2024)Multi-LFSR Architectures for BRLWE-Based Post Quantum CryptographyIEEE Access10.1109/ACCESS.2024.342699012(96258-96272)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3426990
Baidya PMandal SPaul R(2024)Near Threshold Computation of Partitioned Ring Learning With Error (RLWE) Hardware Accelerator on Reconfigurable ArchitectureIEEE Access10.1109/ACCESS.2024.340123512(68814-68827)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3401235
Show More Cited By

Lattice-based Encryption Over Standard Lattices In Hardware
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques

Recommendations

Lattice-based certificateless public-key encryption in the standard model

The notion of certificateless public-key encryption (CL-PKE) was introduced by Al-Riyami and Paterson in 2003 that avoids the drawbacks of both traditional PKI-based public-key encryption (i.e., establishing public-key infrastructure) and identity-based ...
Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model
Computer Security – ESORICS 2021
Abstract
Proxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. ...
Lattice-based certificateless encryption scheme

Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

DAC '16: Proceedings of the 53rd Annual Design Automation Conference

June 2016

1048 pages

ISBN:9781450342360

DOI:10.1145/2897937

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

European Union Horizon 2020

Conference

DAC '16

DAC '16: The 53rd Annual Design Automation Conference 2016

June 5 - 9, 2016

Texas, Austin

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
361
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)5

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xie JZhao WLee HRoy DZhang X(2024)Hardware Circuits and Systems Design for Post-Quantum Cryptography—A Tutorial BriefIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2024.335783671:3(1670-1676)Online publication date: Mar-2024
https://doi.org/10.1109/TCSII.2024.3357836
Ahmadunnisa SMathe S(2024)Multi-LFSR Architectures for BRLWE-Based Post Quantum CryptographyIEEE Access10.1109/ACCESS.2024.342699012(96258-96272)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3426990
Baidya PMandal SPaul R(2024)Near Threshold Computation of Partitioned Ring Learning With Error (RLWE) Hardware Accelerator on Reconfigurable ArchitectureIEEE Access10.1109/ACCESS.2024.340123512(68814-68827)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3401235
Ahmadunnisa SMathe S(2024)x2DLIET Quantum Communication10.1049/qtc2.121105:4(349-359)Online publication date: 29-Dec-2024
https://dl.acm.org/doi/10.1049/qtc2.12110
Ahmadunnisa SMathe S(2024)CNC: A lightweight architecture for Binary Ring-LWE based PQCMicroprocessors and Microsystems10.1016/j.micpro.2024.105044106(105044)Online publication date: Apr-2024
https://doi.org/10.1016/j.micpro.2024.105044
Bao THe PXie JJacinto H(2023)AEKA: FPGA Implementation of Area-Efficient Karatsuba Accelerator for Ring-Binary-LWE-based Lightweight PQCACM Transactions on Reconfigurable Technology and Systems10.1145/3637215Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637215
He PBao TXie JAmin M(2023)FPGA Implementation of Compact Hardware Accelerators for Ring-Binary-LWE-based Post-quantum CryptographyACM Transactions on Reconfigurable Technology and Systems10.1145/356945716:3(1-23)Online publication date: 21-Jun-2023
https://dl.acm.org/doi/10.1145/3569457
He PTu YXie JJacinto H(2023)KINA: Karatsuba Initiated Novel Accelerator for Ring-Binary-LWE (RBLWE)-Based Post-Quantum CryptographyIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.330228931:10(1551-1564)Online publication date: Oct-2023
https://doi.org/10.1109/TVLSI.2023.3302289
Wahlang RK. C(2023)Unbreakable Security in a Quantum Age: A Systematic Literature Review on Post-Quantum Lattice-Based Standards2023 IEEE International Conference on Quantum Computing and Engineering (QCE)10.1109/QCE57702.2023.00023(131-141)Online publication date: 17-Sep-2023
https://doi.org/10.1109/QCE57702.2023.00023
He PBao TTu YXie J(2023)Efficient Implementation of Ring-Binary-LWE-based Lightweight PQC Accelerator on the FPGA Platform2023 IEEE 31st Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM)10.1109/FCCM57271.2023.00021(114-120)Online publication date: May-2023
https://doi.org/10.1109/FCCM57271.2023.00021
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten