Open AccessImplementing RLWE-based Schemes Using an RSA Co-Processor
Author(s) -
M. Albrecht,
Christian Hanser,
Andrea Hoeller,
Thomas Pöppelmann,
Fernando Virdia,
Andreas Wallner
Publication year - 2018
Publication title -
iacr transactions on cryptographic hardware and embedded systems
Language(s) - English
Resource type - Journals
ISSN - 2569-2925
DOI - 10.46586/tches.v2019.i1.169-208
Subject(s) - computer science , key encapsulation , cryptography , smart card , coprocessor , embedded system , hash function , symmetric key algorithm , parallel computing , isogeny , microcontroller , public key cryptography , arithmetic , computer hardware , encryption , elliptic curve , operating system , mathematics , algorithm , computer security , mathematical analysis
We repurpose existing RSA/ECC co-processors for (ideal) lattice-based cryptography by exploiting the availability of fast long integer multiplication. Such co-processors are deployed in smart cards in passports and identity cards, secured microcontrollers and hardware security modules (HSM). In particular, we demonstrate an implementation of a variant of the Module-LWE-based Kyber Key Encapsulation Mechanism (KEM) that is tailored for high performance on a commercially available smart card chip (SLE 78). To benefit from the RSA/ECC co-processor we use Kronecker substitution in combination with schoolbook and Karatsuba polynomial multiplication. Moreover, we speed-up symmetric operations in our Kyber variant using the AES co-processor to implement a PRNG and a SHA-256 co-processor to realise hash functions. This allows us to execute CCA-secure Kyber768 key generation in 79.6 ms, encapsulation in 102.4 ms and decapsulation in 132.7 ms.