Publication: Cortex-M4 Optimizations for {R,M}LWE Schemes
| dc.authorscopusid | 43261000900 | |
| dc.authorscopusid | 57211169344 | |
| dc.authorscopusid | 6504402955 | |
| dc.authorscopusid | 57192682944 | |
| dc.contributor.author | Alkım, E. | |
| dc.contributor.author | Bilgin, Y.A. | |
| dc.contributor.author | Cenk, M. | |
| dc.contributor.author | Gérard, F. | |
| dc.date.accessioned | 2025-12-11T00:24:00Z | |
| dc.date.issued | 2020 | |
| dc.department | Ondokuz Mayıs Üniversitesi | en_US |
| dc.department-temp | [Alkım] Erdem, Department of Computer Engineering, Ondokuz Mayis Üniversitesi, Samsun, Turkey, Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Hessen, Germany; [Bilgin] Yusuf Alper, ASELSAN A.Ş., Yenimahalle, Ankara, Turkey, Institute of Applied Mathematics, Middle East Technical University (METU), Ankara, Ankara, Turkey; [Cenk] Murat, Institute of Applied Mathematics, Middle East Technical University (METU), Ankara, Ankara, Turkey; [Gérard] François, Université Libre de Bruxelles, Brussels, BRU, Belgium | en_US |
| dc.description.abstract | This paper proposes various optimizations for lattice-based key encapsulation mechanisms (KEM) using the Number Theoretic Transform (NTT) on the popular ARM Cortex-M4 microcontroller. Improvements come in the form of a faster code using more efficient modular reductions, optimized small-degree polynomial multiplications, and more aggressive layer merging in the NTT, but also in the form of reduced stack usage. We test our optimizations in software implementations of Kyber and NewHope, both round 2 candidates in the NIST post-quantum project, and also NewHope-Compact, a recently proposed variant of NewHope with smaller parameters. Our software is the first implementation of NewHope-Compact on the Cortex-M4 and shows speed improvements over previous high-speed implementations of Kyber and NewHope. Moreover, it gives a common framework to compare those schemes with the same level of optimization. Our results show that NewHope-Compact is the fastest scheme, followed by Kyber, and finally NewHope, which seems to suffer from its large modulus and error distribution for small dimensions. © 2020, Ruhr-University of Bochum. All rights reserved. | en_US |
| dc.identifier.doi | 10.13154/tches.v2020.i3.336-357 | |
| dc.identifier.endpage | 357 | en_US |
| dc.identifier.issn | 2569-2925 | |
| dc.identifier.issue | 3 | en_US |
| dc.identifier.scopus | 2-s2.0-85112706567 | |
| dc.identifier.scopusquality | Q1 | |
| dc.identifier.startpage | 336 | en_US |
| dc.identifier.uri | https://doi.org/10.13154/tches.v2020.i3.336-357 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12712/36304 | |
| dc.identifier.volume | 2020 | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Ruhr-University of Bochum | en_US |
| dc.relation.ispartof | IACR Transactions on Cryptographic Hardware and Embedded Systems | en_US |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | ARM Cortex-M4 | en_US |
| dc.subject | Kyber | en_US |
| dc.subject | Lattice-Based Cryptography | en_US |
| dc.subject | MLWE | en_US |
| dc.subject | NewHope | en_US |
| dc.subject | NewHope-Compact | en_US |
| dc.subject | NTT | en_US |
| dc.subject | Post-Quantum Key Encapsulation | en_US |
| dc.subject | RLWE | en_US |
| dc.title | Cortex-M4 Optimizations for {R,M}LWE Schemes | en_US |
| dc.type | Article | en_US |
| dspace.entity.type | Publication |