Ryo Tokuda
ABSTRACT
Program-generation techniques prevail in domains that need high performance, such as linear algebra, image processing, and database. Yet, it is hard to generate high-performance programs with correctness assurance, and cryptography needs both. Masuda and Kameyama proposed a DSL-based framework for implementing a program generator, an analyzer, and a formula generator, and obtained an efficient and correct implementation of Number-Theoretic Transform (NTT) that is necessary for many cryptographic algorithms.
This paper advances their study in two ways. First, we develop a generation-and-analysis framework so that program generation is driven by program analysis. As a concrete result, we have found an optimization missed in previous studies. Second, we investigate whether the framework can be applied to other algorithms, including inverse NTT. By combining generated programs, we have obtained an efficient and correct implementation of polynomial multiplication, the key for several post-quantum cryptographic algorithms.
- Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, and Daniel Apon. 2022. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. https://doi.org/10.6028/NIST.IR.8413
Google Scholar
Cross Ref
- Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. 2016. Post-quantum Key Exchange - A New Hope. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 327–343. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/alkim
Google Scholar
- José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-Assurance and High-Speed Cryptography. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1807–1823. https://doi.org/10.1145/3133956.3134078
Google ScholarDigital Library
- Nada Amin and Tiark Rompf. 2017. LMS-Verify: abstraction without regret for verified systems programming. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 859–873. https://doi.org/10.1145/3009837.3009867
Google ScholarDigital Library
- Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2021. CRYSTALS-Kyber Algorithm Specifications And Supporting Documentation (version 3.02). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf
Google Scholar
- Paul Barrett. 1986. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In Advances in Cryptology - CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, Andrew M. Odlyzko (Ed.) (Lecture Notes in Computer Science, Vol. 263). Springer, 311–323. https://doi.org/10.1007/3-540-47721-7_24
Google ScholarCross Ref
- Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang, and Shang-Yi Yang. 2022. Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022, 1 (2022), 221–244. https://doi.org/10.46586/tches.v2022.i1.221-244
Google ScholarCross Ref
- Mojtaba Bisheh-Niasar, Reza Azarderakhsh, and Mehran Mozaffari Kermani. 2021. High-Speed NTT-based Polynomial Multiplication Accelerator for CRYSTALS-Kyber Post-Quantum Cryptography. IACR Cryptol. ePrint Arch., 563. https://eprint.iacr.org/2021/563
Google Scholar
- Jacques Carette, Oleg Kiselyov, and Chung-chieh Shan. 2009. Finally tagless, partially evaluated: Tagless staged interpreters for simpler typed languages. J. Funct. Program., 19, 5 (2009), 509–543. https://doi.org/10.1017/S0956796809007205
Google ScholarDigital Library
- Donald Donglong Chen, Nele Mentens, Frederik Vercauteren, Sujoy Sinha Roy, Ray C. C. Cheung, Derek Chi-Wai Pao, and Ingrid Verbauwhede. 2015. High-Speed Polynomial Multiplication Architecture for Ring-LWE and SHE Cryptosystems. IEEE Trans. Circuits Syst. I Regul. Pap., 62-I, 1 (2015), 157–166. https://doi.org/10.1109/TCSI.2014.2350431
Google ScholarCross Ref
- Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2009. Introduction to Algorithms, 3rd Edition. MIT Press. isbn:978-0-262-03384-8 http://mitpress.mit.edu/books/introduction-algorithms
Google ScholarDigital Library
- Patrick Cousot and Radhia Cousot. 2010. A gentle introduction to formal verification of computer systems by abstract interpretation. In Logics and Languages for Reliability and Security, Javier Esparza, Bernd Spanfelner, and Orna Grumberg (Eds.) (NATO Science for Peace and Security Series - D: Information and Communication Security, Vol. 25). IOS Press, 1–29. https://doi.org/10.3233/978-1-60750-100-8-1
Google ScholarCross Ref
- Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, and Adam Chlipala. 2020. Simple High-Level Code For Cryptographic Arithmetic: With Proofs, Without Compromises. ACM SIGOPS Oper. Syst. Rev., 54, 1 (2020), 23–30. https://doi.org/10.1145/3421473.3421477
Google ScholarDigital Library
- Arie Gurfinkel, Temesghen Kahsai, and Jorge A. Navas. 2015. SeaHorn: A Framework for Verifying C Programs (Competition Contribution). In Tools and Algorithms for the Construction and Analysis of Systems - 21st International Conference, TACAS 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings, Christel Baier and Cesare Tinelli (Eds.) (Lecture Notes in Computer Science, Vol. 9035). Springer, 447–450. https://doi.org/10.1007/978-3-662-46681-0_41
Google ScholarDigital Library
- Vincent Hwang, Jiaxiang Liu, Gregor Seiler, Xiaomu Shi, Ming-Hsien Tsai, Bow-Yaw Wang, and Bo-Yin Yang. 2022. Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022, 4 (2022), 718–750. https://doi.org/10.46586/tches.v2022.i4.718-750
Google ScholarCross Ref
- Patrick Longa and Michael Naehrig. 2016. Speeding up the Number Theoretic Transform for Faster Ideal Lattice-Based Cryptography. In Cryptology and Network Security - 15th International Conference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings, Sara Foresti and Giuseppe Persiano (Eds.) (Lecture Notes in Computer Science, Vol. 10052). 124–139. https://doi.org/10.1007/978-3-319-48965-0_8
Google ScholarDigital Library
- Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. On Ideal Lattices and Learning with Errors over Rings. J. ACM, 60, 6 (2013), 43:1–43:35. https://doi.org/10.1145/2535925
Google ScholarDigital Library
- Masahiro Masuda and Yukiyoshi Kameyama. 2021. FFT Program Generation for Ring LWE-Based Cryptography. In Advances in Information and Computer Security - 16th International Workshop on Security, IWSEC 2021, Virtual Event, September 8-10, 2021, Proceedings, Toru Nakanishi and Ryo Nojima (Eds.) (Lecture Notes in Computer Science, Vol. 12835). Springer, 151–171. https://doi.org/10.1007/978-3-030-85987-9_9
Google ScholarDigital Library
- Masahiro Masuda and Yukiyoshi Kameyama. 2022. Unified Program Generation and Verification: A Case Study on Number-Theoretic Transform. In Functional and Logic Programming - 16th International Symposium, FLOPS 2022, Kyoto, Japan, May 10-12, 2022, Proceedings, Michael Hanus and Atsushi Igarashi (Eds.) (Lecture Notes in Computer Science, Vol. 13215). Springer, 133–151. https://doi.org/10.1007/978-3-030-99461-7_8
Google ScholarDigital Library
- Kevin Millar, Marcin Lukowiak, and Stanislaw P. Radziszowski. 2019. Design of a Flexible Schönhage-Strassen FFT Polynomial Multiplier with High- Level Synthesis to Accelerate HE in the Cloud. In 2019 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2019, Cancun, Mexico, December 9-11, 2019, David Andrews, René Cumplido, Claudia Feregrino, and Marco Platzner (Eds.). IEEE, 1–5. https://doi.org/10.1109/ReConFig48160.2019.8994790
Google ScholarCross Ref
- Peter L. Montgomery. 1985. Modular Multiplication Without Trial Division. Math. Comp., 44 (1985), 519–521. https://www.ams.org/journals/mcom/1985-44-170/S0025-5718-1985-0777282-X/S0025-5718-1985-0777282-X.pdf
Google ScholarCross Ref
- Jorge A. Navas, Bruno Dutertre, and Ian A. Mason. 2020. Verification of an Optimized NTT Algorithm. In Software Verification - 12th International Conference, VSTTE 2020, and 13th International Workshop, NSV 2020, Los Angeles, CA, USA, July 20-21, 2020, Revised Selected Papers, Maria Christakis, Nadia Polikarpova, Parasara Sridhar Duggirala, and Peter Schrammel (Eds.) (Lecture Notes in Computer Science, Vol. 12549). Springer, 144–160. https://doi.org/10.1007/978-3-030-63618-0_9
Google ScholarDigital Library
- Thomas Pöppelmann, Tobias Oder, and Tim Güneysu. 2015. High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers. In Progress in Cryptology - LATINCRYPT 2015 - 4th International Conference on Cryptology and Information Security in Latin America, Guadalajara, Mexico, August 23-26, 2015, Proceedings, Kristin E. Lauter and Francisco Rodríguez-Henríquez (Eds.) (Lecture Notes in Computer Science, Vol. 9230). Springer, 346–365. https://doi.org/10.1007/978-3-319-22174-8_19
Google ScholarDigital Library
- Yang Yang, Sanmukh R. Kuppannagari, Rajgopal Kannan, and Viktor K. Prasanna. 2022. NTTGen: a framework for generating low latency NTT implementations on FPGA. In CF ’22: 19th ACM International Conference on Computing Frontiers, Turin, Italy, May 17 - 22, 2022, Luca Sterpone, Andrea Bartolini, and Anastasiia Butko (Eds.). ACM, 30–39. https://doi.org/10.1145/3528416.3530225
Google ScholarDigital Library
- Tian Ye, Yang Yang, Sanmukh R. Kuppannagari, Rajgopal Kannan, and Viktor K. Prasanna. 2021. FPGA Acceleration of Number Theoretic Transform. In High Performance Computing - 36th International Conference, ISC High Performance 2021, Virtual Event, June 24 - July 2, 2021, Proceedings, Bradford L. Chamberlain, Ana Lucia Varbanescu, Hatem Ltaief, and Piotr Luszczek (Eds.) (Lecture Notes in Computer Science, Vol. 12728). Springer, 98–117. https://doi.org/10.1007/978-3-030-78713-4_6
Google ScholarDigital Library
- Neng Zhang, Bohan Yang, Chen Chen, Shouyi Yin, Shaojun Wei, and Leibo Liu. 2020. Highly Efficient Architecture of NewHope-NIST on FPGA using Low-Complexity NTT/INTT. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2020, 2 (2020), 49–72. https://doi.org/10.13154/tches.v2020.i2.49-72
Google ScholarCross Ref
- Jean Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A Verified Modern Cryptographic Library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1789–1806. https://doi.org/10.1145/3133956.3134043
Google ScholarDigital Library
Index Terms
- Generating Programs for Polynomial Multiplication with Correctness Assurance
Recommendations
Program generation meets program verification: A case study on number-theoretic transform
AbstractProgram generation allows us to produce high-performance code specialized to each application domain. Although it has had great success in various domains, it remains to be seen whether it is effective for cryptography, where the correctness of ...
Highlights- A highly efficient implementation for Number-Theoretic Transform was generated.
- Our framework can not only generate, but also analyze and verify programs.
- Our analyzer gives more precise results than the state-of-the-art analyzer.
Side-channel Analysis of Lattice-based Post-quantum Cryptography: Exploiting Polynomial Multiplication
Polynomial multiplication algorithms such as Toom-Cook and the Number Theoretic Transform are fundamental building blocks for lattice-based post-quantum cryptography. In this work we present correlation power-analysis-based side-channel analysis ...
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityThis paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK+ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...
Comments