Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU
Postquantum cryptography requires a different set of arithmetic routines from traditional public-key cryptography such as elliptic curves. In particular, in each of the lattice-based NISTPQC Key Establishment finalists, every state-ofthe-art optimized implementation for lattice-based schemes still...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2022-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/9838 |
| _version_ | 1797326093088194560 |
|---|---|
| author | Vincent Hwang Jiaxiang Liu Gregor Seiler Xiaomu Shi Ming-Hsien Tsai Bow-Yaw Wang Bo-Yin Yang |
| author_facet | Vincent Hwang Jiaxiang Liu Gregor Seiler Xiaomu Shi Ming-Hsien Tsai Bow-Yaw Wang Bo-Yin Yang |
| author_sort | Vincent Hwang |
| collection | DOAJ |
| description |
Postquantum cryptography requires a different set of arithmetic routines from traditional public-key cryptography such as elliptic curves. In particular, in each of the lattice-based NISTPQC Key Establishment finalists, every state-ofthe-art optimized implementation for lattice-based schemes still in the NISTPQC round 3 currently uses a different complex multiplication based on the Number Theoretic Transform. We verify the NTT-based multiplications used in NTRU, Kyber, and SABER for both the AVX2 implementation for Intel CPUs and for the pqm4 implementation for the ARM Cortex M4 using the tool CryptoLine. e extended CryptoLine and as a result are able to verify that in six instances multiplications are correct including range properties.
We demonstrate the feasibility for a programmer to verify his or her high-speed assembly code for PQC, as well as to verify someone else’s high-speed PQC software in assembly code, with some cooperation from the programmer.
|
| first_indexed | 2024-03-08T06:18:36Z |
| format | Article |
| id | doaj.art-95a15d0d0d594180b273a9c8ffd3be44 |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-03-08T06:18:36Z |
| publishDate | 2022-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-95a15d0d0d594180b273a9c8ffd3be442024-02-04T16:20:41ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252022-08-0120224Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRUVincent Hwang0Jiaxiang Liu1Gregor Seiler2Xiaomu Shi3Ming-Hsien Tsai4Bow-Yaw Wang5Bo-Yin Yang6Academia Sinica, Taipei, Taiwan; National Taiwan University, Taipei, TaiwanShenzhen University, Shenzhen, ChinaIBM Research Zurich, Zurich, SwitzerlandShenzhen University, Shenzhen, ChinaNational Applied Research Labs, Taipei, TaiwanAcademia Sinica, Taipei, TaiwanAcademia Sinica, Taipei, Taiwan Postquantum cryptography requires a different set of arithmetic routines from traditional public-key cryptography such as elliptic curves. In particular, in each of the lattice-based NISTPQC Key Establishment finalists, every state-ofthe-art optimized implementation for lattice-based schemes still in the NISTPQC round 3 currently uses a different complex multiplication based on the Number Theoretic Transform. We verify the NTT-based multiplications used in NTRU, Kyber, and SABER for both the AVX2 implementation for Intel CPUs and for the pqm4 implementation for the ARM Cortex M4 using the tool CryptoLine. e extended CryptoLine and as a result are able to verify that in six instances multiplications are correct including range properties. We demonstrate the feasibility for a programmer to verify his or her high-speed assembly code for PQC, as well as to verify someone else’s high-speed PQC software in assembly code, with some cooperation from the programmer. https://tches.iacr.org/index.php/TCHES/article/view/9838NIST PQCNTTverificationNTRUKyberSaber |
| spellingShingle | Vincent Hwang Jiaxiang Liu Gregor Seiler Xiaomu Shi Ming-Hsien Tsai Bow-Yaw Wang Bo-Yin Yang Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU Transactions on Cryptographic Hardware and Embedded Systems NIST PQC NTT verification NTRU Kyber Saber |
| title | Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU |
| title_full | Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU |
| title_fullStr | Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU |
| title_full_unstemmed | Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU |
| title_short | Verified NTT Multiplications for NISTPQC KEM Lattice Finalists: Kyber, SABER, and NTRU |
| title_sort | verified ntt multiplications for nistpqc kem lattice finalists kyber saber and ntru |
| topic | NIST PQC NTT verification NTRU Kyber Saber |
| url | https://tches.iacr.org/index.php/TCHES/article/view/9838 |
| work_keys_str_mv | AT vincenthwang verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT jiaxiangliu verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT gregorseiler verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT xiaomushi verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT minghsientsai verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT bowyawwang verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru AT boyinyang verifiednttmultiplicationsfornistpqckemlatticefinalistskybersaberandntru |