A Lightweight Implementation of NTRU Prime for the Post-Quantum Internet of Things

Cheng, Hao; Dinu, Dumitru-Daniel; Groszschädl, Johann; Roenne, Peter; Ryan, Peter

doi:10.1007/978-3-030-41702-4_7

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

A Lightweight Implementation of NTRU Prime for the Post-Quantum Internet of Things

Cheng, Hao; Dinu, Dumitru-Daniel; Groszschädl, Johann et al.

2019 • In Laurent, Maryline; Giannetsos, Thanassis (Eds.) Information Security Theory and Practice, 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings

Peer reviewed

Permalink
https://hdl.handle.net/10993/42985

DOI
10.1007/978-3-030-41702-4_7

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

WISTP2019.pdf

Author postprint (388.81 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Lightweight Cryptography; Post-Quantum Cryptography; Key Encapsulation Mechanism; NTRU Prime; Efficient implementation

Abstract :

[en] The dawning era of quantum computing has initiated various initiatives for the standardization of post-quantum cryptosystems with the goal of (eventually) replacing RSA and ECC. NTRU Prime is a variant of the classical NTRU cryptosystem that comes with a couple of tweaks to minimize the attack surface; most notably, it avoids rings with "worrisome" structure. This paper presents, to our knowledge, the first assembler-optimized implementation of Streamlined NTRU Prime for an 8-bit AVR microcontroller and shows that high-security lattice-based cryptography is feasible for small IoT devices. An encapsulation operation using parameters for 128-bit post-quantum security requires 8.2 million clock cycles when executed on an 8-bit ATmega1284 microcontroller. The decapsulation is approximately twice as costly and has an execution time of 15.6 million cycles. We achieved this performance through (i) new low-level software optimization techniques to accelerate Karatsuba-based polynomial multiplication on the 8-bit AVR platform and (ii) an efficient implementation of the coefficient modular reduction written in assembly language. The execution time of encapsulation and decapsulation is independent of secret data, which makes our software resistant against timing attacks. Finally, we assess the performance one could theoretically gain by using a so-called product-form polynomial as part of the secret key and discuss potential security implications.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Computer science

Author, co-author :

Cheng, Hao ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

Dinu, Dumitru-Daniel; Intel Corporation > Intel Product Assurance and Security (IPAS) Group

Groszschädl, Johann ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Roenne, Peter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

yes

Language :

English

Title :

A Lightweight Implementation of NTRU Prime for the Post-Quantum Internet of Things

Publication date :

December 2019

Event name :

13th International Conference on Information Security Theory and Practice (WISTP 2019)

Event place :

Paris, France

Event date :

2019-12-11 to 2019-12-12

Audience :

International

Main work title :

Information Security Theory and Practice, 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings

Editor :

Laurent, Maryline

Giannetsos, Thanassis

Publisher :

Springer Verlag

ISBN/EAN :

978-3-030-41701-7

Collection name :

Lecture Notes in Computer Science, volume 12024

Pages :

103-119

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

http://link.springer.com/chapter/10.1007/978-3-030-41702-4_7

European Projects :

H2020 - 779391 - FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module

Funders :

CE - Commission Européenne [BE]

Available on ORBilu :

since 19 April 2020

Statistics

Number of views

551 (36 by Unilu)

Number of downloads

575 (18 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange-a new hope. In: Holz, T., Savage, S. (eds.) Proceedings of the 25th USENIX Security Symposium (USS 2016), pp. 327–343. USENIX Association (2016)
Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in constrained devices. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262–272. Springer, Heidelberg (2001).https://doi.org/10. 1007/3-540-44709-1 22
Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7
Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 235–260. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9 12
Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU Prime: Round 2 specification (2019). http://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions
Cheng, H., Dinu, D., Großschädl, J.: Efficient implementation of the SHA-512 hash function for 8-Bit AVR microcontrollers. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 273–287. Springer, Cham (2019). https://doi.org/10. 1007/978-3-030-12942-2 21
Cheng, H., Großschädl, J., Rønne, P.B., Ryan, P.Y.: A lightweight implementation of NTRUEncrypt for 8-bit AVR microcontrollers. In: Proceedings of the 2nd NIST PQC Standardization Conference (2019). http://csrc.nist.gov/Events/2019/second-pqc-standardization-conference
Düll, M., et al.: High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Des. Codes Crypt. 77(2–3), 493–514 (2015)
GCC Team: AVR-GCC Wiki (2017). http://gcc.gnu.org/wiki/avr-gcc# Exceptions to the Calling Convention
Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5 9
Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2004). https://doi.org/10.1007/b97644
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosys-tem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Hoffstein, J., Silverman, J.H.: Optimizations for NTRU. In: Alster, K., Urbanowicz, J., Williams, H.C. (eds.) Public-Key Cryptography and Computational Number Theory, De Gruyter Proceedings in Mathematics, pp. 77–88. Walter de Gruyter (2001)
Hoffstein, J., Silverman, J.H.: Random small Hamming weight products with applications to cryptography. Discret. Appl. Math. 130(1), 37–49 (2003)
Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in Z2 m[x] on Cortex-M4 to speed up NIST PQC candidates. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 281–301. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2 14
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM Cortex-M4. Cryptology ePrint Archive, Report 2019/844 (2019). http://eprint.iacr.org
Karatsuba, A.A., Ofman, Y.P.: Multiplication of multidigit numbers on automata. In: Soviet Physics-Doklady, vol. 7, no. 7, pp. 595–596 (1963)
Karmakar, A., Bermudo Mera, J.M., Roy, S.S., Verbauwhede, I.: Saber on ARM: CCA-secure module lattice-based key encapsulation on ARM. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 243–266 (2018)
Kaye, P.R., Laflamme, R., Mosca, M.: An Introduction to Quantum Computing. Oxford University Press, Oxford (2007)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. Commun. ACM 60(6), 43:1–43:35 (2013)
Mariantoni, M.: Building a superconducting quantum computer. Invited presentation given at the 6th International Conference on Post-Quantum Cryptography (PQCrypto 2014), Waterloo, ON, Canada, October 2014. http://www.youtube. com/watch?v=wWHAs-HA1c
National Institute of Standards and Technology (NIST): NIST reveals 26 algorithms advancing to the post-quantum crypto ‘semifinals’. Press release (2019). http://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals
Schanck, J.M.: Practical Lattice Cryptosystems: NTRUEncrypt and NTRUMLS. M.Sc. thesis, University of Waterloo, Waterloo, ON, Canada (2015)
Scott, M.: Missing a trick: Karatsuba variations. Cryptogr. Commun. 10(1), 5–15 (2018)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings of the 35th Annual Symposium on Foundations of Computer Science (FOCS 1994), pp. 124–134. IEEE Computer Society Press (1994)
Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: Proceedings of the 4th International Symposium on Information Processing in Sensor Networks (IPSN 2005), pp. 477–482. IEEE (2005)
Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Math.-Doklady 4(3), 714–716 (1963)