Faster Multiplication in Z2m [x] on Cortex-M4 to Speed up NIST PQC Candidates

被引：15

作者：

Kannwischer, Matthias J. ^{[1
]}

Rijneveld, Joost ^{[1
]}

Schwabe, Peter ^{[1
]}

机构：

[1] Radboud Univ Nijmegen, Nijmegen, Netherlands

来源：

APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, ACNS 2019 | 2019年 / 11464卷

关键词：

ARM Cortex-M4; Karatsuba; Toom; Lattice-based KEMs; NTRU;

D O I：

10.1007/978-3-030-21568-2_14

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper we optimize multiplication of polynomials in Z(2)m[x] on the ARM Cortex-M4 microprocessor. We use these optimized multiplication routines to speed up the NIST post-quantum candidates RLizard, NTRU-HRSS, NTRUEncrypt, Saber, and Kindi. For most of those schemes the only previous implementation that executes on the CortexM4 is the reference implementation submitted to NIST; for some of those schemes our optimized software is more than factor of 20 faster. One of the schemes, namely Saber, has been optimized on the Cortex-M4 in a CHES 2018 paper; the multiplication routine for Saber we present here outperforms the multiplication from that paper by 42%, yielding speedups of 22% for key generation, 20% for encapsulation and 22% for decapsulation. Out of the five schemes optimized in this paper, the best performance for encapsulation and decapsulation is achieved by NTRU-HRSS. Specifically, encapsulation takes just over 400 000 cycles, which is more than twice as fast as for any other NIST candidate that has previously been optimized on the ARM Cortex-M4.

引用

页码：281 / 301

页数：21

共 50 条

[21] New quaternary sulfides MCuXS2 and M2CU3FeS4 (M=K, Rb, Cs; X=Mn, Z) (M=K, Rb, and Cs)
Saveleva, MV
Gromilov, SA
ZHURNAL NEORGANICHESKOI KHIMII, 1996, 41 (09): : 1423 - 1426
[22] Left-right symmetric model from geometric formulation of gauge theory in M4 x Z2 x Z2
Konisi, G
Maki, Z
Nakahara, M
Saito, T
PROGRESS OF THEORETICAL PHYSICS, 1999, 101 (05): : 1105 - 1118
[23] High-speed 4 x 4 silicon photonic plasma dispersive switch, operating at the 2 μm waveband
Wang, Jiawei
Sia, Jia Xu Brian
Li, Xiang
Guo, Xin
Wang, Wanjun
Qiao, Zhongliang
Littlejohns, Callum G.
Liu, Chongyang
Reed, Graham T.
Rusli
Wang, Hong
OPTICS EXPRESS, 2023, 31 (20) : 33548 - 33564
[24] APPEARANCE AND IONIZATION ENERGIES OF C-60-2M(Z+) AND C-70-2M(Z+) IONS (WITH Z AND M UP TO 4) PRODUCED BY ELECTRON-IMPACT IONIZATION OF C-60 AND C-70, RESPECTIVELY
WORGOTTER, R
DUNSER, B
SCHEIER, P
MARK, TD
JOURNAL OF CHEMICAL PHYSICS, 1994, 101 (10): : 8674 - 8679
[25] A field-theoretic approach to Connes' gauge theory on M4 x Z2
Kase, H
Morita, K
Okumura, Y
INTERNATIONAL JOURNAL OF MODERN PHYSICS A, 2001, 16 (19): : 3203 - 3216
[26] Weak mixing angle and the SU(3)C x SU(3) model on M4 x S1/(Z2 x Z2′)
Li, TJ
Liao, W
PHYSICS LETTERS B, 2002, 545 (1-2) : 147 - 152
[27] An Embedded Real-Time Red Peach Detection System Based on an OV7670 Camera, ARM Cortex-M4 Processor and 3D Look-Up Tables
Teixido, Merce
Font, Davinia
Palleja, Tomas
Tresanchez, Marcel
Nogues, Miquel
Palacin, Jordi
SENSORS, 2012, 12 (10): : 14129 - 14143
[28] Theoretical evaluation of monolayer MA2Z4 (M = Ti, Zr, or Hf; A = Si or Ge; and Z = P or As) family as promising candidates for lithium-sulfur batteries
Du, Jiguang
Zhou, Xuying
Cheng, Xiujuan
Jiang, Gang
JOURNAL OF COLLOID AND INTERFACE SCIENCE, 2025, 678 : 150 - 158
[29] The complete solution of the Diophantine equation (4m2+1)x+(5m2-1)y=(3m)z\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(4m^2+1)^x+(5m^2-1)^y=(3m)^z$$\end{document}
Csanád Bertók
Periodica Mathematica Hungarica, 2016, 72 (1) : 37 - 42
[30] DFT studies on the interaction of PtxRuyMz (M = Fe, Ni, Cu, Mo, Sn, x + y + z = 4, x ≥ 1, y ≥ 1) alloy clusters with O2
Guo, Wenlong
Lian, Xin
Xiao, Peng
Liu, Feila
Yang, Yang
Zhang, Yunhuai
Zhang, Xiaoxing
MOLECULAR PHYSICS, 2015, 113 (08) : 854 - 865

← 1 2 3 4 5 →