Highly Vectorized SIKE for AVX-512

[en] It is generally accepted that a large-scale quantum computer would be capable to break any public-key cryptosystem used today, thereby posing a serious threat to the security of the Internet’s public-key infrastructure. The US National Institute of Standards and Technology (NIST) addresses this threat with an open process for the standardization of quantum-safe key establishment and signature schemes, which is now in the final phase of the evaluation of candidates. SIKE (an abbreviation of Supersingular Isogeny Key Encapsulation) is one of the alternate candidates under evaluation and distinguishes itself from other candidates due to relatively short key lengths and relatively high computing costs. In this paper, we analyze how the latest generation of Intel’s Advanced Vector Extensions (AVX), in particular AVX-512IFMA, can be used to minimize the latency (resp. maximize the throughput) of the SIKE key encapsulation mechanism when executed on Ice LakeCPUs based on the Sunny Cove microarchitecture. We present various techniques to parallelize and speed up the base/extension field arithmetic, point arithmetic, and isogeny computations performed by SIKE. All these parallel processing techniques are combined in AVXSIKE, a highly optimized implementation of SIKE using Intel AVX-512IFMA instructions. Our experiments indicate that AVXSIKE instantiated with the SIKEp503 parameter set is approximately 1.5 times faster than the to-date best AVX-512IFMA-based SIKE software from the literature. When executed on an Intel Core i3-1005G1 CPU, AVXSIKE outperforms the x64 assembly implementation of SIKE contained in Microsoft’s SIDHv3.4 library by a factor of about 2.5 for key generation and decapsulation, while the encapsulation is even 3.2 times faster.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Computer science

Author, co-author :

Cheng, Hao ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > APSIA

Fotiadis, Georgios ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

Groszschädl, Johann ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

Ryan, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

External co-authors :

Language :

English

Title :

Highly Vectorized SIKE for AVX-512

Publication date :

February 2022

Event name :

Conference on Cryptographic Hardware and Embedded Systems (CHES 2022)

Event place :

Leuven, Belgium

Event date :

from 18-09-2022 to 21-09-2022

Audience :

International

Journal title :

IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)

ISSN :

2569-2925

Publisher :

Ruhr-Universität Bochum

Volume :

2022

Issue :

Pages :

41-68

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://tches.iacr.org/index.php/TCHES/article/view/9480

FnR Project :

FNR13643617 - Secure, Quantum-safe, Practical Voting Technologies, 2019 (01/04/2020-31/03/2023) - Peter Y. A. Ryan

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 17 October 2022

Statistics

Number of views

338 (42 by Unilu)

Number of downloads

212 (18 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

[AAM21] Mila Anastasova, Reza Azarderakhsh, and Mehran Mozaffari Kermani. Fast strategies for the implementation of SIKE round 3 on ARM Cortex-M4. IEEE Transactions on Circuits and Systems I: Regular Papers, 68(10):4129–4141, October 2021.
[ABJK18] Reza Azarderakhsh, Elena Bakos Lang, David Jao, and Brian Koziel. EdSIDH: Supersingular isogeny Diffie-Hellman key exchange on Edwards curves. In Anupam Chattopadhyay, Chester Rebeiro, and Yuval Yarom, editors, Security, Privacy, and Applied Cryptography Engineering — SPACE 2018, volume 11348 of Lecture Notes in Computer Science, pages 125–141. Springer Verlag, 2018.
[Ber06] Daniel J. Bernstein. Curve25519: New Diffie-Hellman speed records. In Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin, editors, Public Key Cryptography — PKC 2006, volume 3958 of Lecture Notes in Computer Science, pages 207–228. Springer Verlag, 2006.
[BF20] Joppe W. Bos and Simon J. Friedberger. Faster modular arithmetic for isogeny-based crypto on embedded devices. Journal of Cryptographic Engineering, 10(2):97–109, June 2020.
[BI21] Cyril Bouvier and Laurent Imbert. An alternative approach for SIDH arithmetic. In Juan A. Garay, editor, Public-Key Cryptography — PKC 2021, volume 12710 of Lecture Notes in Computer Science, pages 27–44. Springer Verlag, 2021.
[CFG+21] Hao Cheng, Georgios Fotiadis, Johann Großschädl, Peter Y. A. Ryan, and Peter B. Rønne. Batching CSIDH group actions using AVX-512. Transactions on Cryptographic Hardware and Embedded Systems, 2021(4):618–649, August 2021.
[CGT+21] Hao Cheng, Johann Großschädl, Jiaqi Tian, Peter B. Rønne, and Peter Y. A. Ryan. High-throughput elliptic curve cryptography using AVX2 vector instructions. In Orr Dunkelman, Michael J. Jacobson, Jr., and Colin O’Flynn, editors, Selected Areas in Cryptography — SAC 2020, volume 12804 of Lecture Notes in Computer Science, pages 698–719. Springer Verlag, 2021.
[Cho16] Tung Chou. Sandy2x: New Curve25519 speed records. In Orr Dunkelman and Liam Keliher, editors, Selected Areas in Cryptography — SAC 2015, volume 9566 of Lecture Notes in Computer Science, pages 145–160. Springer Verlag, 2016.
[CJL+16] Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. Report on post-quantum cryptography. National Institute of Standards and Technology (NIST) Interagency Report 8105, available for download at https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf, 2016.
[CLN16] Craig Costello, Patrick Longa, and Michael Naehrig. Efficient algorithms for supersingular isogeny Diffie-Hellman. In Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology — CRYPTO 2016, volume 9814 of Lecture Notes in Computer Science, pages 572–601. Springer Verlag, 2016.
[COR20] Daniel Cervantes-Vázquez, Eduardo Ochoa-Jiménez, and Francisco RodríguezHenríquez. Parallel strategies for SIDH: Towards computing SIDH twice as fast. Cryptology ePrint Archive, Report 2020/383, 2020.
[CS09] Neil Costigan and Peter Schwabe. Fast elliptic-curve cryptography on the Cell Broadband Engine. In Bart Preneel, editor, Progress in Cryptology — AFRICACRYPT 2009, volume 5580 of Lecture Notes in Computer Science. Springer Verlag, 2009.
[DJP14] Luca De Feo, David Jao, and Jérôme Plût. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. Journal of Mathematical Cryptology, 8(3):209–247, 2014.
[FL15] Armando Faz-Hernández and Julio López. Fast implementation of Curve25519 using AVX2. In Kristin E. Lauter and Francisco Rodríguez-Henríquez, editors, Progress in Cryptology — LATINCRYPT 2015, volume 9230 of Lecture Notes in Computer Science, pages 329–345. Springer Verlag, 2015.
[FLD19] Armando Faz-Hernández, Julio López, and Ricardo Dahab. High-performance implementation of elliptic curve cryptography using vector instructions. ACM Transactions on Mathematical Software, 45(3):1–35, July 2019.
[FLOR18] Armando Faz-Hernández, Julio C. López-Hernández, Eduardo Ochoa-Jiménez, and Francisco Rodríguez-Henríquez. A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. IEEE Transactions on Computers, 67(11):1622–1636, November 2018.
[Gal99] Steven D. Galbraith. Constructing isogenies between elliptic curves over finite fields. LMS Journal of Computation and Mathematics, 2:118–138, 1999.
[GK16] Shay Gueron and Vlad Krasnov. Accelerating big integer arithmetic using Intel IFMA extensions. In Paolo Montuschi, Michael J. Schulte, Javier Hormigo, Stuart F. Oberman, and Nathalie Revol, editors, Proceedings of the 23rd IEEE Symposium on Computer Arithmetic (ARITH 2016), pages 32–38. IEEE Computer Society, 2016.
[HEY20] Hüseyin Hişil, Berkan Eğrice, and Mert Yassi. Fast 4 way vectorized ladder for the complete set of Montgomery curves. Cryptology ePrint Archive, Report 2020/388, 2020.
[HHK17] Dennis Hofheinz, Kathrin Hövelmanns, and Eike Kiltz. A modular analysis of the Fujisaki-Okamoto transformation. In Yael Kalai and Leonid Reyzin, editors, Theory of Cryptography — TCC 2017, volume 10677 of Lecture Notes in Computer Science, pages 341–371. Springer Verlag, 2017.
[HMV04] Darrel R. Hankerson, Alfred J. Menezes, and Scott A. Vanstone. Guide to Elliptic Curve Cryptography. Springer Verlag, 2004.
[Int18] Intel Corporation. Intel 64 and ia-32 architectures optimization reference manual. Available for download at https://software.intel.com/content/dam/develop/public/us/en/documents/64-ia-32-architectures-optimization-manual.pdf, 2018.
[JAC+20] David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Aaron Hutchinson, Amir Jalali, Koray Karabina, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Geovandro Pereira, Joost Renes, Vladimir Soukharev, and David Urbanik. Supersingular isogeny key encapsulation. Specification, available for download at https://sike.org/files/SIDH-spec.pdf, 2020.
[JD11] David Jao and Luca De Feo. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In Bo-Yin Yang, editor, Post-Quantum Cryptography — PQCrypto 2011, volume 7071 of Lecture Notes in Computer Science, pages 19–34. Springer Verlag, 2011.
[KG19] Dusan Kostic and Shay Gueron. Using the new VPMADD instructions for the new post quantum key encapsulation mechanism SIKE. In Naofumi Takagi, Sylvie Boldo, and Martin Langhammer, editors, Proceedings of the 26th IEEE Symposium on Computer Arithmetic (ARITH 2019), pages 215–218. IEEE, 2019.
[KO63] Anatoly A. Karatsuba and Yurii P. Ofman. Multiplication of multidigit numbers on automata. Soviet Physics-Doklady, 7(7):595–596, January 1963.
[KP21] Matthias J. Kannwischer and Richard Petri. pqm4: NISTPQC round 3 results on the Cortex-M4. Presentation given at the 3rd NIST PQC Standardization Conference, slides available for download at https://csrc.nist.gov/CSRC/media/Presentations/pqm4-nistpqc-round-3-results-on-the-cortex-m4/images-media/session-3-kannwischer-pqm4.pdf, 2021.
[Mon85] Peter L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44(170):519–521, April 1985.
[Mon87] Peter L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation, 48(177):243–264, January 1987.
[Nat15] National Institute of Standards and Technology (NIST). SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS Publication 202, available for download at https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.202.pdf, August 2015.
[Nat19] National Institute of Standards and Technology (NIST). NIST reveals 26 algorithms advancing to the post-quantum crypto ‘semifinals’. Press release, available online at https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals, 2019.
[Nat20] National Institute of Standards and Technology (NIST). NIST’s post-quantum cryptography program enters ‘selection round’. Press release, available online at https://www.nist.gov/news-events/news/2020/07/nists-post-quantum-cryptography-program-enters-selection-round, 2020.
[NS20] Kaushik Nath and Palash Sarkar. Efficient 4-way vectorizations of the Montgomery ladder. Cryptology ePrint Archive, Report 2020/378, 2020.
[OAL18] Gabriell Orisaka, Diego F. Aranha, and Julio López. Finite field arithmetic using AVX-512 for isogeny-based cryptography. In Proceedings of the 18th Brazilian Symposium on Information and Computational Systems Security (SBSEG 2018), pages 49–56. Brazilian Computing Society, 2018.
[Sin19] Sujoy Sinha Roy. SaberX4: High-throughput software implementation of Saber key encapsulation mechanism. In Proceedings of the 37th IEEE International Conference on Computer Design (ICCD 2019), pages 321–324. IEEE, 2019.
[SLLH18] Hwajeong Seo, Zhe Liu, Patrick Longa, and Zhi Hu. SIDH on ARM: Faster modular multiplications for faster post-quantum supersingular isogeny key exchange. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3):1–20, September 2018.
[Tan09] Seiichiro Tani. Claw finding algorithms using quantum walk. Theoretical Computer Science, 410(50):5285–5297, November 2009.
[Tat66] John Tate. Endomorphisms of abelian varieties over finite fields. Inventiones Mathematicae, 2(2):134–144, April 1966.
[TWL+20] Jing Tian, Piaoyang Wang, Zhe Liu, Jun Lin, Zhongfeng Wang, and Johann Großschädl. Efficient software implementation of the SIKE protocol using a new data representation. Cryptology ePrint Archive, Report 2020/660, 2020.
[Vél71] Jacques Vélu. Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences de Paris, Série A, 273(4):238–241, July 1971.