No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
CHIRP: C ompact and H igh-Performance FPGA Implementation of Un i fied Hardware Accelerators for R ing-Binary-LWE-based P QC
Abstract
Post-quantum cryptography (PQC) has drawn significant attention from the hardware design research community, especially on field-programmable gate array (FPGA) platforms. In line with this trend, in this paper, we present a novel FPGA-based PQC design work (CHIRP), i.e., C ompact and high- P erformance FPGA implementation of un I fied accelerators for R ing-Binary-Learning-with-Errors (RBLWE)-based P QC, a promising lightweight PQC suited for related applications like Internet-of-Things. The proposed accelerators offer flexibility across the available two security levels, thus expanding their application potential. In total, we presented four distinct hardware accelerators tailored to different performance and resource requirements, ranging from resource-constrained devices to high-throughput applications. Our innovation encompasses three key efforts: (i) we derived four optimized algorithms for RBLWE-ENC’s unified operation (covering the available two security levels), allowing flexible switching of security sizes while boosting calculations; (ii) we then presented the four novel accelerators (CHIRP) targeting FPGA platforms, featuring dedicated hardware structures; (iii) we finally conducted a comprehensive evaluation to validate the efficiency of the proposed accelerators on various FPGA devices. Compared to the existing unified design, the proposed accelerator demonstrated up to 91.4% reduction in area-delay product (ADP) on the Straix-V device. Even when compared with the state-of-the-art single security designs, the proposed accelerator (best version) obtains much better resource usage and ADP performance while unified operation (flexibly switching between two security levels) is considered on both AMD-Xilinx and Intel devices. We anticipate the findings of this research will foster advancements in FPGA implementation techniques for lightweight PQC development.
ResearchGate has not been able to resolve any citations for this publication.
Due to the increasing threats from possible large-scale quantum computers, post-quantum cryptography (PQC) has drawn significant attention from various communities recently. In particular, along with the National Institute of Standards and Technology (NIST) PQC standardization process, more works have gradually switched to the PQC hardware implementations. Following this trend, this tutorial brief, led by a group of experts in the field, aims to deliver a comprehensive tutorial on hardware circuits and systems design for PQC. After introducing primary arithmetic operations and algorithmic features of different PQC, we introduced related PQC hardware circuits and systems design techniques (from component to system levels). Future research and directions are also provided. This tutorial will provide useful information for the TCAS-II community and the broader Circuits and Systems Society.
Along with the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standardization process, lightweight PQC-related research, and development have also gained substantial attention from the research community. Ring-binary-learning-with-errors (RBLWE), a ring variant of binary-LWE (BLWE), has been used to build a promising lightweight PQC scheme for emerging Internet-of-Things (IoT) and edge computing applications, namely the RBLWE-based encryption scheme (RBLWE-ENC). The parameter settings of RBLWE-ENC, however, are not in favor of deploying typical fast algorithms like number theoretic transform (NTT). Following this direction, in this work, we propose a Karatsuba initiated novel accelerator (KINA) for efficient implementation of RBLWE-ENC. Overall, we have made several coherent interdependent stages of efforts to carry out the proposed work: 1) we have innovatively used the Karatsuba algorithm (KA) to derive the major arithmetic operation of RBLWE-ENC into a new form for high-performance operation; 2) we have then effectively mapped the proposed algorithm into an efficient hardware accelerator with the help of a number of optimization techniques; and 3) we have also provided detailed complexity analysis and implementation comparison to demonstrate the superior performance of the proposed KINA, e.g., the proposed design with
u=2
involves 64.71% higher throughput and 15.37% less area-delay product (ADP) than the state-of-the-art design for
n=512
(Virtex-7). The proposed KINA offers flexible processing speed and is suitable for high-performance applications like IoT servers. This work is expected to be useful for lightweight PQC development.
Significant innovation has been made in the development of public-key cryptography that is able to withstand quantum attacks, known as post-quantum cryptography (PQC). This paper focuses on the development of an efficient PQC hardware implementation. Specifically, an implementation of the binary Ring-learning-with-errors (BRLWE)-based encryption scheme, a promising lightweight PQC suitable for resource-constrained applications, is proposed. The paper first develops the mathematical formulation to present the proposed algorithmic process. The corresponding hardware accelerators are then described in detail. Finally, comparisons with previous implementations are provided to demonstrate the superior performance of the proposed design. For instance, the proposed low-complexity accelerator has 34.7% less area-delay product (ADP) than the state-of-the-art design for
n=256
in the field-programmable gate array (FPGA) platform. Apart from the efficiency of the hardware architectures, the proposed design also has a complete input/output processing setup, and thus is feasible for emerging lightweight applications.
Post-quantum cryptography (PQC) has gained significant attention from the community recently as it is proven that the existing public-key cryptosystems are vulnerable to the attacks launched from the well-developed quantum computers. The finite field arithmetic
AB+C
, where A and C are integer polynomials and
B
is a binary polynomial, is the key component for the binary Ring-learning-with-errors (BRLWE)-based encryption scheme (a low-complexity PQC suitable for emerging lightweight applications). In this paper, we propose a novel hardware implementation of the finite field arithmetic
AB+C
through three stages of interdependent efforts: (i) a rigorous mathematical formulation process is presented first; (ii) an efficient hardware architecture is then presented with detailed description; (iii) a thorough implementation has also been given along with the comparison. Overall, (i) the proposed basic structure (
u=1
) outperforms the existing designs, e.g., it involves 46.3\% less area-delay product (ADP) than \cite{b14b} for
n=512
; (ii) the proposed design also offers very efficient performance in time-complexity and can be used in many future applications.
The recent advance in the post-quantum cryptography (PQC) field has gradually shifted from the theory to the implementation of the cryptosystem, especially on the hardware platforms. Following this trend, in this paper, we aim to present efficient implementations of the finite field arithmetic (key component) for the binary Ring-Learning-with-Errors (BRLWE)-based PQC through a novel lookup-table (LUT)-like method. We have carried out four stages of interdependent efforts: (i) an algorithm-hardware co-design driven derivation of the proposed LUT-like method is provided detailedly for the key arithmetic of the BRLWE-based scheme; (ii) the proposed hardware architecture is then presented along with the internal structural description; (iii) we have also presented a novel hybrid size structure suitable for flexible operation, which is the first report in the literature; (iv) the final implementation and comparison processes have also been given, demonstrating that our proposed structures deliver significant improved performance over the state-of-the-art solutions. The proposed designs are highly efficient and are expected to be employed in many emerging applications. Index Terms-BRLWE based scheme, finite field arithmetic, hybrid size structure, lookup table, post-quantum cryptography
With the development of the Internet of Things (IoT) and cloud computing technology, various cryptographic systems have been proposed to protect increasing personal information. Recently, Post-Quantum Cryptography (PQC) algorithms have been proposed to counter quantum algorithms that threaten public key cryptography. To efficiently use PQC in a server environment dealing with large amounts of data, optimization studies are required. In this paper, we present optimization methods for FrodoKEM and NewHope, which are the NIST PQC standardization round 2 competition algorithms in the Graphics Processing Unit (GPU) platform. For each algorithm, we present a part that can perform parallel processing of major operations with a large computational load using the characteristics of the GPU. In the case of FrodoKEM, we introduce parallel optimization techniques for matrix generation operations and matrix arithmetic operations such as addition and multiplication. In the case of NewHope, we present a parallel processing technique for polynomial-based operations. In the encryption process of FrodoKEM, the performance improvements have been confirmed up to 5.2, 5.75, and 6.47 times faster than the CPU implementation in FrodoKEM-640, FrodoKEM-976, and FrodoKEM-1344, respectively. In the encryption process of NewHope, the performance improvements have been shown up to 3.33 and 4.04 times faster than the CPU implementation in NewHope-512 and NewHope-1024, respectively. The results of this study can be used in the IoT devices server or cloud computing service server. In addition, the results of this study can be utilized in image processing technologies such as facial recognition technology.
Abstract--- The type-II optimal normal basis (ONB) is popularly used to represent GF(2^{m})
for elliptic curve cryptosystems. It is shown in the literature that multiplication in binary fields, including those represented by type-II ONB, shifted polynomial basis, and dual basis, can be transformed into non-symmetric Toeplitz matrix-vector product (TMVP) form. In this paper, we show that type-II ONB multiplication can be realized by two symmetric TMVPs (STMVP). Moreover, we have proposed a novel folded TMVP block recombination (TMVPBR) approach for the computation of STMVP. Based on the proposed folded TMVPBR approach, we have proposed a new digit-serial structure for type-II ONB multiplication, while traditional parallel ONB multipliers are based on non-symmetric TMVPBR approach to achieve subquadratic space complexity architecture. The proposed digit-serial structure also involves subquadratic space complexity. By theoretical analysis as well as from synthesis result, we show that the proposed architecture has significantly less area and less area-delay product compared to the existing digit-serial type-II ONB multipliers.
Postquantum cryptography (PQC) has recently garnered significant attention across various communities. Alongside the ongoing standardization process for general-purpose PQC algorithms by the National Institute of Standards and Technology (NIST), the research community is actively exploring the realm of lightweight PQC schemes. A ring-binary-learning-with-error (RBLWE)-based encryption scheme (RBLWE-ENC) is a promising lightweight PQC candidate suitable for Internet-of-Things (IoT) and edge computing applications. The parameters of the RBLWE-ENC, however, do not favor deploying typical fast algorithms, such as number-theoretic transform (NTT). In this article, therefore, we propose to design a
T
oeplitz matrix-vector product (TMVP)-
i
nitiated
n
ovel
a
ccelerator (TINA) for RBLWE-ENC. We innovatively used TMVP (a subquadratic-complexity fast algorithm for polynomial multiplication) to derive the significant arithmetic operation of RBLWE-ENC into a new form for high-performance operation. This novel formulation culminates in the development of a comprehensive accelerator known as TINA. Through implementation and comparative analysis, we demonstrate the efficiency gains achieved by our proposed accelerator. To the authors’ best knowledge, this is the first report on the TMVP strategy-initiated RBLWE-ENC accelerator. The findings of this work are expected to provide valuable references in the ongoing advancement of lightweight PQC development.
Lightweight PQC-related research and development have gradually gained attention from the research community recently. Ring-Binary-Learning-with-Errors (RBLWE)-based encryption scheme (RBLWE-ENC), a promising lightweight PQC based on small parameter sets to fit related applications (but not in favor of deploying popular fast algorithms like number theoretic transform). To solve this problem, in this paper, we present a novel implementation of hardware acceleration for RBLWE-ENC based on Karatsuba algorithm, particularly on the field-programmable gate array (FPGA) platform. In detail, we have proposed an area-efficient Karatsuba Accelerator (AEKA) for RBLWE-ENC, based on three layers of innovative efforts. First of all, we reformulate the signal processing sequence within the major arithmetic component of the KA-based polynomial multiplication for RBLWE-ENC to obtain a new algorithm. Then, we have designed the proposed algorithm into a new hardware accelerator with several novel algorithm-to-architecture mapping techniques. Finally, we have conducted thorough complexity analysis and comparison to demonstrate the efficiency of the proposed accelerator, e.g., it involves 62.5% higher throughput and 60.2% less area-delay product (ADP) than the state-of-the-art design for n = 512 (Virtex-7 device, similar setup). The proposed AEKA design strategy is highly efficient on the FPGA devices, i.e., small resource usage with superior timing, which can be integrated with other necessary systems for lightweight-oriented high-performance applications (e.g., servers). The outcome of this work is also expected to generate impacts for lightweight PQC advancement.
Providing end-to-end security is vital for most networks. Emerging quantum computers make it necessary to design secure crypto-systems against quantum attacks. Binary Ring Learning With Error (Ring-Bin LWE) is a Lattice-based cryptography that is hard to solve by quantum computers. Also, this algorithm does not have costly operations in terms of area, making Ring-Bin LWE a suitable algorithm for resource-constraint devices. This work presents a lightweight hardware implementation of Ring-Bin LWE. In the proposed design, a new multiplication method and design for Ring-Bin LWE is introduced which results in latency reduction by a factor of two. Using column-based multiplication, our design processes two consecutive coefficients in each cycle. The architecture is designed based on the proposed multiplication and contains one specific register bank with two sub-bank registers. The design is implemented on the FPGA platforms. The implementation results show an impressive improvement in execution time and Area-Time metrics over previous similar works.
KyberKEM is one of the final round key encapsulation mechanisms in the NIST post-quantum cryptography competition. Number theoretic transform (NTT), as the computing bottleneck of KyberKEM, has been widely studied. Discrete Galois Transformation (DGT) is a variant of NTT that reduces transform length into half but requires more multiplication operations than the latest NTT algorithm in theoretical analysis. This paper proposes the split-radix DGT, a novel DGT variant utilizing the split-radix method, to reduce the computing complexity without compromising the transform length. Specifically, for length-128 polynomial, the split-radix DGT algorithm saves at least 10% multiplication operations compared with the latest NTT algorithm in theoretical analysis. Furthermore, we proposed a unified split-radix DGT processor with the dedicated stream permutation network for KyberKEM and implemented it on the Xilinx Artix-7 FPGA. The processor achieves at least 49.4% faster transformation and 65.3% faster component-wise multiplication, with at most 87% and 32% LUT-NTT area-time product and LUT-CWM area-time product, compared with the state-of-the-art polynomial multipliers in KyberKEM with the same BFU setting on similar platforms. Lastly, we designed a highly efficient KyberKEM architecture using the proposed split-radix DGT processor. The implementation results on Artix-7 FPGA show significant performance improvements over the state-of-the-art KyberKEM designs.
Post-quantum cryptography (PQC) has recently drawn substantial attention from various communities owing to the proven vulnerability of existing public-key cryptosystems against the attacks launched from well-established quantum computers. The Ring-Binary-Learning-with-Errors (RBLWE), a variant of Ring-LWE, has been proposed to build PQC for lightweight applications. As more Field-Programmable Gate Array (FPGA) devices are being deployed in lightweight applications like Internet-of-Things (IoT) devices, it would be interesting if the RBLWE-based PQC can be implemented on the FPGA with ultra-low complexity and flexible processing. However, thus far, limited information is available for such implementations. In this paper, we propose novel RBLWE-based PQC accelerators on the FPGA with ultra-low implementation complexity and flexible timing. We first present the process of deriving the key operation of the RBLWE-based scheme into the proposed algorithmic operation. The corresponding hardware accelerator is then efficiently mapped from the proposed algorithm with the help of algorithm-to-architecture implementation techniques, and extended to obtain higher-throughput designs. The final complexity analysis and implementation results (on a variety of FPGAs) show that the proposed accelerators have significantly smaller area-time complexities than the state-of-the-art designs. Overall, the proposed accelerators feature low implementation complexity and flexible processing, making them desirable for emerging FPGA-based lightweight applications.
Learning with error (LWE) over the ring based on binary distribution (ring-BinLWE) has become a potential Internet-of-Things (IoT) confidentiality solution with its anti-quantum attack properties and uncomplicated calculations. Compared with ring-LWE based on discrete Gaussian distribution, the decryption scheme of ring-LWE based on binary distribution needs to be re- determined due to the asymmetry of the error distribution. The direct application of the ring-LWE decryption function based on discrete Gaussian distribution can cause serious misjudgment. In this article, we propose a more accurate and robust decryption scheme for ring-BinLWE based on 2’s complement ring. Compared with the previous decryption function, the re- derived decryption function significantly improves the decoding rate by 50%. Furthermore, based on the proposed decryption function, high-performance, and lightweight hardware architectures for terminal devices in IoT are, respectively, proposed, which are scalable and can be easily adapted to ring-BinLWE hardware deployment with other parameter sets. When the parameter set is
256,
256, the high-performance implementation consumes 7.6k LUTs, 6.2k FFs, and 2.3k SLICEs on Spartan 6 field-programmable gate array (FPGA) platform. Compared with the previous implementation, our resource overhead increases by only 23% while the decryption accuracy is significantly improved by 50%. The lightweight implementation for parameter set
256,
256 consumes only 230 LUTs, 338 FFs, and 84 SLICEs on the Spartan 6 FPGA platform. Compared with the previous work, the area
time (AT) is reduced by 47.8%, which is more suitable for deployment on resource-constrained IoT nodes.
italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Ring learning-with-errors
(RLWE)-based encryption scheme is a lattice-based cryptographic algorithm that constitutes one of the most promising candidates for Post-Quantum Cryptography (PQC) standardization due to its efficient implementation and low computational complexity.
Binary Ring
-LWE (BRLWE) is a new optimized variant of RLWE, which achieves smaller computational complexity and higher efficient hardware implementations. In this paper, two efficient architectures based on
Linear-Feedback Shift Register
(LFSR) for the arithmetic used in
Inverted Binary Ring
-LWE (
Inv
BRLWE)-based encryption scheme are presented, namely the operation of
over the polynomial ring
. The first architecture optimizes the resource usage for major computation and has a novel input processing setup to speed up the overall processing latency with minimized input loading cycles. The second architecture deploys an innovative serial-in serial-out processing format to reduce the involved area usage further yet maintains a regular input loading time-complexity. Experimental results show that the architectures presented here improve the complexities obtained by competing schemes found in the literature, e.g., involving 71.23% less area-delay product than recent designs. Both architectures are highly efficient in terms of area-time complexities and can be extended for deploying in different lightweight application environments.
Post-quantum cryptography (PQC) refers to the cryptosystem that can resist the attacks launched from mature quantum computers in the not far future and has recently gained intensive attention from the research community as most of the existing public-key cryptosystems are vulnerable to attacks from quantum computers. Ring-Learning-with-Errors (Ring-LWE)-based scheme is an essential type of the lattice-based PQC due to its strong security proof and ease of implementation. As the latest variant of the Ring-LWE, the binary Ring-LWE (BRLWE)-based scheme possesses even smaller computational complexity and thus is more suitable for resource-constrained applications. However, the existing works have not well covered various aspects related to this new scheme, especially on the low-complexity hardware implementation. In this paper, we aim to present a novel implementation of the BRLWE-based scheme on the hardware platform with very low-complexity with this point of view. To carry out the specified work in a successful manner, we have proposed mainly four layers of coherent interdependent efforts: (i) we have provided the necessary algorithmic derivation process in detail to formulate the desired algorithm for the polynomial multiplication over hybrid fields, which is the major arithmetic component of the BRLWE scheme; (ii) we have presented the corresponding hardware architecture in a thorough format with sufficient description of the internal structures; (iii) we have also provided the complexity analysis and implementation-based comparison to demonstrate the superior performance of the proposed polynomial multiplication over the state-of-the-art design; (iv) finally, we have extended the proposed low-complexity polynomial multiplication to the major operational phase of the BRLWE scheme. We have shown that the proposed BRLWE structure involves significantly lower area-time complexities over the existing design, e.g., the proposed design has at least 66.01% less area-delay product (ADP) than the newly reported (Straix V device). Overall, the proposed design and implementation strategies are highly efficient, and the proposed BRLWE structure is desirable for many emerging applications.
Internet of Things (IoT) connects a myriad of small devices over a huge network, encompassing many different and varied applications and environments. As the IoT network continues to grow, providing end-to-end security over IoT is becoming a paramount issue. To mitigate existing and future security risks within IoT, two important factors should be considered. First, some resource-constrained edge devices have an insufficient area to contain the security part. Second, the advent of quantum computers threatens the security of current public-key cryptography algorithms. In response to these challenges, lattice-based cryptography (LBC) has emerged as a promising technique for IoT security in the quantum era. The feasibility of LBC integration onto resource-constrained devices has been demonstrated in previous research. Multiplication is the main operation in Ring-BinLWE, a type of LBC. In this paper, a new multiplication method is proposed, which is called In-place modular Reduction and anti-circular Rotation Column-based Multiplication (In-place Rot-Col-Mul), and new Ring-BinLWE architecture is designed. In-place Rot-Col-Mul performs a column-based multiplication in which one rotation is executed per cycle. The design was implemented on TSMC-65nm technology and FPGA platforms. ASIC implementation results show a respective improvement in power and area over the state-of-the-art design by 48.42% and 57.8%, respectively.
By exponential increase in applications of the internet of things (IoT), such as smart ecosystems or e-health, more security threats have been introduced. In order to resist known attacks for IoT networks, multiple security protocols must be established among nodes. Thus, IoT devices are required to execute various cryptographic operations such as public key encryption/decryption. However, classic public key cryptosystems such as RSA and ECC are computationally more complex to be efficiently implemented on IoT devices and are vulnerable regarding quantum attacks. Therefore, after complete development of quantum computing, these cryptosystems will not be secure and practical. In this paper, we propose InvRBLWE, an optimized variant for binary learning with errors over the ring (Ring-LWE) scheme that is proven to be secure against quantum attacks and is highly efficient for hardware implementations. We propose two architectures for InvRBLWE: 1) a high-speed architecture targeting edge and powerful IoT devices, 2) an ultra-lightweight architecture, which can be implemented on resource-constrained nodes in IoT. The proposed architectures are scalable regarding security levels and we provide experimental results for two versions of the InvRBLWE scheme providing 84 and 190 bits of classic security. Our implementation results on FPGA dominate the best of the classic and post-quantum previous implementations. Moreover, our two different ASIC implementations show improvement in terms of speed, area, power and/or energy. To the best of our knowledge, we are the first to implement LWE-based cryptosystems on ASIC platform.
Recently, an increasing amount of papers proposing post-quantum schemes also provide concrete parameter sets aiming for concrete post-quantum security levels. Security evaluations of such schemes need to include all possible attacks, in particular those by quantum adversaries. In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine. In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions. Our quantum attack is based on Howgrave-Graham’s Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals. We analyze its runtime complexity and optimize it over all possible choices of the attack parameters. In addition, we analyze the concrete post-quantum security levels of the parameter sets proposed for the New Hope and Frodo key exchange schemes, as well as several instances of the Lindner-Peikert encryption scheme. Our results show that – depending on the assumed basis reduction costs – our Quantum Hybrid Attack either significantly outperforms, or is at least comparable to all other attacks covered by Albrecht–Player–Scott in their work “On the concrete hardness of Learning with Errors”. We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.
Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Hardening cryptographic implementations with appropriate countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects.
In this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12 %.
In the emerging Internet of Things, lightweight public-key cryptography is an essential component for many cost-efficient security solutions. Since conventional public-key schemes, such as ECC and RSA, remain expensive and energy hungry even after aggressive optimization, this work investigates a possible alternative. In particular, we show the practical potential of replacing the Gaussian noise distribution in the Ring-LWE based encryption scheme by Lindner and Peikert/Lyubashevsky et al. with a binary distribution. When parameters are carefully chosen, our construction is resistant against any state-of-the-art cryptanalytic techniques (e.g., attacks on original Ring-LWE or NTRU) and suitable for low-cost scenarios. In the end, our scheme can enable public-key encryption even on very small and low-cost 8-bit (ATXmega128) and 32-bit (Cortex-M0) microcontrollers.
A transform analogous to the discrete Fourier transform may be defined in a finite field, and may be calculated efficiently by the 'fast Fourier transform algorithm. The transform may be applied to the problem of calculating convolutions of long integer sequences by means of integer arithmetic.
The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in lattice-based cryptography, and are provably as hard as approximate lattice problems in the worst case. An important question from both a practical and theoretical perspective is how small their parameters can be made, while preserving their hardness.
We prove two main results on SIS and LWE with small parameters. For SIS, we show that the problem retains its hardness for moduli q ≥ β·n
δ
for any constant δ > 0, where β is the bound on the Euclidean norm of the solution. This improves upon prior results which required , and is close to optimal since the problem is trivially easy for q ≤ β. For LWE, we show that it remains hard even when the errors are small (e.g., uniformly random from {0,1}), provided that the number of samples is small enough (e.g., linear in the dimension n of the LWE secret). Prior results required the errors to have magnitude at least and to come from a Gaussian-like distribution.
Imagine that it’s fifteen years from now and someone announces the successful construction of a large quantum computer. The
New York Times runs a frontpage article reporting that all of the public-key algorithms used to protect the Internet have been broken. Users
panic. What exactly will happen to cryptography?
Perhaps, after seeing quantum computers destroy RSA and DSA and ECDSA, Internet users will leap to the conclusion that cryptography
is dead; that there is no hope of scrambling information to make it incomprehensible to, and unforgeable by, attackers; that
securely storing and communicating information means using expensive physical shields to prevent attackers from seeing the
information—for example, hiding USB sticks inside a locked briefcase chained to a trusted courier's wrist.
Based on Toeplitz matrix-vector products and coordinate transformation techniques, we present a new scheme for subquadratic space complexity parallel multiplication in GF(2n) using the shifted polynomial basis. Both the space complexity and the asymptotic gate delay of the proposed multiplier are better than those of the best existing subquadratic space complexity parallel multipliers. For example, with n being a power of 2, the space complexity is about 8 percent better, while the asymptotic gate delay is about 33 percent better, respectively. Another advantage of the proposed matrix-vector product approach is that it can also be used to design subquadratic space complexity polynomial, dual, weakly dual, and triangular basis parallel multipliers. To the best of our knowledge, this is the first time that subquadratic space complexity parallel multipliers are proposed for dual, weakly dual, and triangular bases. A recursive design algorithm is also proposed for efficient construction of the proposed subquadratic space complexity multipliers. This design algorithm can be modified for the construction of most of the subquadratic space complexity multipliers previously reported in the literature
A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanalysis.) 1 Introduction Since the discovery of quantum mechanics, people have found the behavior of...
Security in a Post-Quantum World
- Edoardo Persichetti
- Shi Bai
- Jean-Francois Biasse
- Persichetti Edoardo