Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors

被引:2
作者
Seo, Hwajeong [1 ]
Liu, Zhe [2 ]
Park, Taehwan [3 ]
Kwon, Hyeokchan [4 ]
Lee, Sokjoon [4 ]
Kim, Howon [3 ]
机构
[1] Hansung Univ, Dept IT, 116 Samseongyoro 16gil, Seoul 136792, South Korea
[2] Univ Luxembourg, APSIA, Interdisciplinary Ctr Secur Reliabil & Trust SnT, Luxembourg, Luxembourg
[3] Pusan Natl Univ, Sch Comp Sci & Engn, San 30, Busan 609735, South Korea
[4] Elect & Telecommun Res Inst, Syst Secur Res Grp, Daejeon 34129, South Korea
来源
INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2017 | 2018年 / 10779卷
关键词
Ring learning with errors; Software implementation; Public key encryption; 8-bit AVR; Number theoretic transform; Discrete gaussian sampling; Timing attack; RSA;
D O I
10.1007/978-3-319-78556-1_10
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats. Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability. For this reason, they failed to provide secure implementations against general side channel attacks, such as timing attack. In this paper, we present secure and fastest Ring-LWE encryption implementation on low-end 8-bit AVR processors. We targeted the most expensive operation, i.e. Number Theoretic Transform (NTT) based polynomial multiplication, to provide countermeasures against timing attacks and best performance among similar implementations till now. Our contributions for optimizations are concluded as follows: (1) we propose the Look-Up Table (LUT) based fast reduction techniques for speeding up the modular coefficient multiplication in regular fashion, (2) we use the modular addition and subtraction operations, which are performed in constant timing. With these optimization techniques, the proposed NTT implementation enhances the performance by 18.3-22% than previous works. Finally, our Ring-LWE encryption implementations require only 680,796 and 1,754,064 clock cycles for 128-bit and 256-bit security levels, respectively.
引用
收藏
页码:175 / 188
页数:14
相关论文
共 25 条
[1]  
[Anonymous], 2014514 CRYPT EPRINT
[2]  
[Anonymous], 2012, 230 IACR CRYPT
[3]  
[Anonymous], 2017434 CRYPT EPRINT
[4]  
[Anonymous], 18 DES AUT TEST EUR
[5]  
[Anonymous], 51 ANN DES AUT C DAC
[6]  
[Anonymous], 2014, IACR CRYPTOL EPRINT
[7]  
[Anonymous], 1994, PROC 35 ANN S FDN CO, DOI DOI 10.1109/SFCS.1994.365700
[8]  
[Anonymous], 2016, ACM T EMBED COMPUT S, DOI DOI 10.1145/2967103
[9]  
서화정, 2017, Journal of Information and Communication Convergence Engineering, V15, P160, DOI 10.6109/jicce.2017.15.3.160
[10]  
Liu Z., 2015, PROC ACM S INF COMPU, P145