Implementing RLWE-based Schemes Using an RSA Co-Processor

Martin Albrecht, Christian Hanser, Andrea Hoeller, Thomas Pöppelmann, Fernando Virdia, Andreas Wallner

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)peer-review

212 Downloads (Pure)

Abstract

We repurpose existing RSA/ECC co-processors for (ideal) lattice-based cryptography by exploiting the availability of fast long integer multiplication. Such co-processors are deployed in smart cards in passports and identity cards, secured microcontrollers and hardware security modules (HSM). In particular, we demonstrate an implementation of a variant of the Module-LWE-based Kyber Key Encapsulation Mechanism (KEM) that is tailored for high performance on a commercially available smart card chip (SLE 78). To benefit from the RSA/ECC co-processor we use Kronecker substitution in combination with schoolbook and Karatsuba polynomial multiplication. Moreover, we speed-up symmetric operations in our Kyber variant using the AES co-processor to implement a PRNG and a SHA-256 co-processor to realise hash functions. This allows us to execute CCA-secure Kyber768 key generation in 79.6 ms, encapsulation in 102.4 ms and decapsulation in 132.7 ms.
Original languageEnglish
Title of host publicationIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
PublisherRuhr University of Bochum
Volume2019, Issue 1
DOIs
Publication statusPublished - 14 Oct 2018

Keywords

  • learning with errors
  • smart card
  • implementation

Cite this