Reference : Batching CSIDH Group Actions using AVX-512
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49349
Batching CSIDH Group Actions using AVX-512
English
Cheng, Hao mailto [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > APSIA >]
Fotiadis, Georgios mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA >]
Groszschädl, Johann mailto [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
Ryan, Peter Y A [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
Roenne, Peter [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA >]
Aug-2021
IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Ruhr-Universität Bochum
2021
4
618-649
Yes (verified by ORBilu)
No
International
2569-2925
Conference on Cryptographic Hardware and Embedded Systems (CHES 2021)
2021-09-13 to 2021-09-17
Beijing
China
[en] Post-Quantum Cryptography ; Isogeny-Based Cryptography ; CSIDH ; AVX-512IFMA ; Software Optimization ; Constant-Time Implementation
[en] Commutative Supersingular Isogeny Diffie-Hellman (or CSIDH for short) is a recently-proposed post-quantum key establishment scheme that belongs to the family of isogeny-based cryptosystems. The CSIDH protocol is based on the action of an ideal class group on a set of supersingular elliptic curves and comes with some very attractive features, e.g. the ability to serve as a “drop-in” replacement for the standard elliptic curve Diffie-Hellman protocol. Unfortunately, the execution time of CSIDH is prohibitively high for many real-world applications, mainly due to the enormous computational cost of the underlying group action. Consequently, there is a strong demand for optimizations that increase the efficiency of the class group action evaluation, which is not only important for CSIDH, but also for related cryptosystems like the signature schemes CSI-FiSh and SeaSign. In this paper, we explore how the AVX-512 vector extensions (incl. AVX-512F and AVX-512IFMA) can be utilized to optimize constant-time evaluation of the CSIDH-512 class group action with the goal of, respectively, maximizing throughput and minimizing latency. We introduce different approaches for batching group actions and computing them in SIMD fashion on modern Intel processors. In particular, we present a hybrid batching technique that, when combined with optimized (8 × 1)-way prime-field arithmetic, increases the throughput by a factor of 3.64 compared to a state-of-the-art (non-vectorized) x64 implementation. On the other hand, vectorization in a 2-way fashion aimed to reduce latency makes our AVX-512 implementation of the group action evaluation about 1.54 times faster than the state-of-the-art. To the best of our knowledge, this paper is the first to demonstrate the high potential of using vector instructions to increase the throughput (resp. decrease the latency) of constant-time CSIDH.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Fonds National de la Recherche - FnR
http://hdl.handle.net/10993/49349
10.46586/tches.v2021.i4.618-649
https://tches.iacr.org/index.php/TCHES/article/view/9077
FnR ; FNR13643617 > Peter Y. A. Ryan > EquiVox > Secure, Quantum-safe, Practical Voting Technologies > 01/04/2020 > 31/03/2023 > 2019

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
TCHES2021.pdfAuthor postprint767 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.