International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Saber on ARM CCA-secure module lattice-based key encapsulation on ARM

Authors:
Angshuman Karmakar , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, Bus 2452, B-3001 Leuven-Heverlee
Jose M. Bermudo Mera , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, Bus 2452, B-3001 Leuven-Heverlee
Sujoy Sinha Roy , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, Bus 2452, B-3001 Leuven-Heverlee
Ingrid Verbauwhede , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, Bus 2452, B-3001 Leuven-Heverlee
Download:
DOI: 10.13154/tches.v2018.i3.243-266
URL: https://tches.iacr.org/index.php/TCHES/article/view/7275
Search ePrint
Search Google
Abstract: The CCA-secure lattice-based post-quantum key encapsulation scheme Saber is a candidate in the NIST’s post-quantum cryptography standardization process. In this paper, we study the implementation aspects of Saber in resourceconstrained microcontrollers from the ARM Cortex-M series which are very popular for realizing IoT applications. In this work, we carefully optimize various parts of Saber for speed and memory. We exploit digital signal processing instructions and efficient memory access for a fast implementation of polynomial multiplication. We also use memory efficient Karatsuba and just-in-time strategy for generating the public matrix of the module lattice to reduce the memory footprint. We also show that our optimizations can be combined with each other seamlessly to provide various speed-memory trade-offs. Our speed optimized software takes just 1,147K, 1,444K, and 1,543K clock cycles on a Cortex-M4 platform for key generation, encapsulation and decapsulation respectively. Our memory efficient software takes 4,786K, 6,328K, and 7,509K clock cycles on an ultra resource-constrained Cortex-M0 platform for key generation, encapsulation, and decapsulation respectively while consuming only 6.2 KB of memory at most. These results show that lattice-based key encapsulation schemes are perfectly practical for securing IoT devices from quantum computing attacks.
BibTeX
@article{tches-2018-29045,
  title={Saber on ARM CCA-secure module lattice-based key encapsulation on ARM},
  journal={IACR Trans. Cryptogr. Hardw. Embed. Syst.},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 3},
  pages={243-266},
  url={https://tches.iacr.org/index.php/TCHES/article/view/7275},
  doi={10.13154/tches.v2018.i3.243-266},
  author={Angshuman Karmakar and Jose M. Bermudo Mera and Sujoy Sinha Roy and Ingrid Verbauwhede},
  year=2018
}