ABSTRACT
Many lattice-based cryptosystems are based on the security of the Ring learning with errors (Ring-LWE) problem. The most critical and computationally intensive operation of these Ring-LWE based cryptosystems is polynomial multiplication. In this paper, we exploit the number theoretic transform to build a high-speed polynomial multiplier for the Ring-LWE based public key cryptosystems. We present a versatile pipelined polynomial multiplication architecture to calculate the product of two $n$-degree polynomials in about ((nlg n)/4 + n/2) clock cycles. In addition, we introduce several optimization techniques to reduce the required ROM storage. The experimental results on a Spartan-6 FPGA show that the proposed hardware architecture can achieve a speedup of on average 2.25 than the state of the art of high-speed design. Meanwhile, our design is able to save up to 47.06% memory blocks.
- M. Ajtai. Generating hard instances of lattice problems (extended abstract). Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, pages 99--108, 1996. Google ScholarDigital Library
- A. Aysu, C. Patterson, and P. Schaumont. Low-cost and area-efficient fpga implementations of lattice-based cryptography. Hardware-Oriented Security and Trust (HOST), 2013 IEEE International Symposium on, pages 81--86, June 2013.Google ScholarCross Ref
- D. Bernstein. Introduction to post-quantum cryptography. Springer Berlin Heidelberg, 2009.Google ScholarCross Ref
- D. Chen, N. Mentens, F. Vercauteren, S. Roy, R. Cheung, D. Pao, and I. Verbauwhede. High-speed polynomial multiplication architecture for ring-lwe and she cryptosystems. Circuits and Systems I: Regular Papers, IEEE Transactions on, 62(1):157--166, Jan 2015Google Scholar
- J. W. Cooley and J. W. Tukey. An algorithm for the machine calculation of complex fourier series. Math. Comp., 19:297--301, 1965.Google ScholarCross Ref
- T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms, 3rd Edition. The MIT Press, 3rd edition, 7 2009. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, pages 169--178, 2009. Google ScholarDigital Library
- N. Göttert, T. Feller, M. Schneider, J. Buchmann, andS. Huss. On the design of hardware building blocks for modern lattice-based encryption schemes. Cryptographic Hardware and Embedded Systems CHES 2012, 7428:512--529, 2012. Google ScholarDigital Library
- N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48:203--209, 1987.Google ScholarDigital Library
- R. Lindner and C. Peikert. Better key sizes (and attacks) for lwe-based encryption. Cryptology ePrint Archive, Report 2010/613, 2010. http://eprint.iacr.org.Google Scholar
- V. Lyubashevsky. Lattice signatures without trapdoors. Advances in Cryptology EUROCRYPT 2012, 7237:738--755, 2012. Google ScholarDigital Library
- V. Lyubashevsky, C. Peikert, and O. Regev. On ideal lattices and learning with errors over rings. Advances in Cryptology EUROCRYPT 2010, 6110:1--23, 2010. Google ScholarDigital Library
- V. Miller. Use of elliptic curves in cryptography. Advances in Cryptology CRYPTO '85 Proceedings, 218: 417--426, 1986. Google ScholarDigital Library
- M. Naehrig, K. Lauter, and V. Vaikuntanathan. Can homomorphic encryption be practical? Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pages 113--124, 2011. Google ScholarDigital Library
- J. M. Pollard. The fast Fourier transform in a finite field. Math. Comp., 25:365--374, 1971.Google ScholarCross Ref
- T. Pöppelmann and T. Güneysu. Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware. Progress in Cryptology LATINCRYPT 2012, 7533:139--158, 2012. Google ScholarDigital Library
- R. Lindner and C. Peikert. Better key sizes (and attacks) for lwe-based encryption. Topics in Cryptology CT-RSA 2011, 6558:319--339, 2011. Google ScholarDigital Library
- R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120--126, feb 1978. Google ScholarDigital Library
- S. Roy, F. Vercauteren, N. Mentens, D. Chen, and I. Verbauwhede. Compact ring-lwe cryptoprocessor. Cryptographic Hardware and Embedded Systems CHES 2014, 8731:371--391, 2014. Google ScholarDigital Library
- M. RAijckert and M. Schneider. Estimating the security of lattice-based cryptosystems. Cryptology ePrint Archive, Report 2010/137, 2010. http://eprint.iacr.orgGoogle Scholar
- P. Shor. Algorithms for quantum computation: discrete logarithms and factoring. Foundations of Computer Science, 1994 Proceedings., 35th Annual Symposium on, pages 124--134, Nov 1994. Google ScholarDigital Library
- F. Winkler. Polynomial algorithms in computer algebra. Texts and monographs in symbolic computation. Springer, Wien, New York, 1996. Google ScholarDigital Library
Index Terms
High-Speed Polynomial Multiplier Architecture for Ring-LWE Based Public Key Cryptosystems
Recommendations
A Family of Scalable Polynomial Multiplier Architectures for Lattice-Based Cryptography
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial ...
A Family of Scalable Polynomial Multiplier Architectures for Lattice-Based Cryptography
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial ...
Compact Ring-LWE Cryptoprocessor
Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731In this paper we propose an efficient and compact processor for a ring-LWE based encryption scheme. We present three optimizations for the Number Theoretic Transform NTT used for polynomial multiplication: we avoid pre-processing in the negative wrapped ...
Comments