Implementing RLWE-based Schemes Using an RSA Co-Processor. / Albrecht, Martin; Hanser, Christian; Hoeller, Andrea; Pöppelmann, Thomas; Virdia, Fernando; Wallner, Andreas.

IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Vol. 2019, Issue 1 Ruhr University of Bochum, 2018.

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)

Published

Documents

  • 2018-425

    Final published version, 768 KB, PDF-document

Abstract

We repurpose existing RSA/ECC co-processors for (ideal) lattice-based cryptography by exploiting the availability of fast long integer multiplication. Such co-processors are deployed in smart cards in passports and identity cards, secured microcontrollers and hardware security modules (HSM). In particular, we demonstrate an implementation of a variant of the Module-LWE-based Kyber Key Encapsulation Mechanism (KEM) that is tailored for high performance on a commercially available smart card chip (SLE 78). To benefit from the RSA/ECC co-processor we use Kronecker substitution in combination with schoolbook and Karatsuba polynomial multiplication. Moreover, we speed-up symmetric operations in our Kyber variant using the AES co-processor to implement a PRNG and a SHA-256 co-processor to realise hash functions. This allows us to execute CCA-secure Kyber768 key generation in 79.6 ms, encapsulation in 102.4 ms and decapsulation in 132.7 ms.
Original languageEnglish
Title of host publicationIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
PublisherRuhr University of Bochum
Volume2019, Issue 1
StatePublished - 14 Oct 2018
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 31816325