survey

Post-Quantum Lattice-Based Cryptography Implementations: A Survey

Authors:

Hamid Nejatollahi,

Francesco Regazzoni,

Indranil Banerjee,

Rosario CammarotaAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 6

Article No.: 129, Pages 1 - 41

https://doi.org/10.1145/3292548

Published: 28 January 2019 Publication History

Abstract

The advent of quantum computing threatens to break many classical cryptographic schemes, leading to innovations in public key cryptography that focus on post-quantum cryptography primitives and protocols resistant to quantum computing threats. Lattice-based cryptography is a promising post-quantum cryptography family, both in terms of foundational properties as well as in its application to both traditional and emerging security problems such as encryption, digital signature, key exchange, and homomorphic encryption. While such techniques provide guarantees, in theory, their realization on contemporary computing platforms requires careful design choices and tradeoffs to manage both the diversity of computing platforms (e.g., high-performance to resource constrained), as well as the agility for deployment in the face of emerging and changing standards. In this work, we survey trends in lattice-based cryptographic schemes, some recent fundamental proposals for the use of lattices in computer security, challenges for their implementation in software and hardware, and emerging needs for their adoption. The survey means to be informative about the math to allow the reader to focus on the mechanics of the computation ultimately needed for mapping schemes on existing hardware or synthesizing part or all of a scheme on special-purpose har dware.

References

[1]

Hamid Nejatollahi, Nikil Dutt, Sandip Ray, Francesco Regazzoni, Indranil Banerjee, and Rosario Cammarota. 2017. Software and hardware implementation of lattice-cased cryptography schemes. University of California Irvine, CECS TR 17-04 (2017).

[2]

Peter W. Shor. 1997. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal of Computing (1997).

Digital Library

[3]

Gui-Lu Long. 2001. Grover algorithm with zero theoretical failure rate. Physical Review A (2001).

[4]

Ali Ansarmohammadi, Saeed Shahinfar, and Hamid Nejatollahi. 2015. Fast and area efficient implementation for chaotic image encryption algorithms. In CADS.

[5]

Ali Ansarmohammadi, Hamid Nejatollahi, and Ghasemi Mehdi. 2013. A low-cost implementation of AES accelerator using HW/SW co-design technique. In CADS.

[6]

Oscar Garcia-Morchon, Ronald Rietman, Sahil Sharma, Ludo Tolhuizen, and Jose Luis Torre-Arce. 2015. DTLS-HIMMO: Achieving DTLS certificate security with symmetric key overhead. In ESORICS.

Digital Library

[7]

Oded Regev. 2005. On lattices, learning with errors, random linear codes, and cryptography. (2005).

[8]

Miklós Ajtai. 1996. Generating hard instances of lattice problems (extended abstract). In STOC.

Digital Library

[9]

Daniele Micciancio and Oded Regev. 2009. Lattice-based Cryptography.

[10]

Miklós Ajtai, Ravi Kumar, and Dandapani Sivakumar. 2001. A sieve algorithm for the shortest lattice vector problem. In STOC.

Digital Library

[11]

Daniele Micciancio and Panagiotis Voulgaris. 2010. Faster exponential time algorithms for the shortest vector problem. In SODA.

Digital Library

[12]

Divesh Aggarwal, Daniel Dadush, Oded Regev, and Noah Stephens-Davidowitz. 2015. Solving the shortest vector problem in 2N time using discrete Gaussian sampling: Extended abstract. In STOC.

Digital Library

[13]

Daniele Micciancio. 2010. Cryptographic Functions from Worst-Case Complexity Assumptions.

[14]

Damien Stehlé, Ron Steinfeld, Keisuke Tanaka, and Keita Xagawa. 2009. Efficient public key encryption based on ideal lattices. In ASIACRYPT.

Digital Library

[15]

Zvika Brakerski, Adeline Langlois, Chris Peikert, Oded Regev, and Damien Stehlé. 2013. Classical hardness of learning with errors. In STOC.

Digital Library

[16]

Benny Applebaum, et al. 2009. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO.

Digital Library

[17]

Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On ideal lattices and learning with errors over rings. In EUROCRYPT’10.

Digital Library

[18]

Abhishek Banerjee, Chris Peikert, and Alon Rosen. 2012. Pseudorandom functions and lattices. In Proceedings of the Annual International Conference on Theory and Applications of Cryptographic Techniques.

Digital Library

[19]

Adeline Langlois and Damien Stehlé. 2012. Worst-case to average-case reductions for module lattices. Cryptology ePrint Archive. (2012).

[20]

Hamid Nejatollahi, Nikil Dutt, and Rosario Cammarota. 2017. Trends, challenges and needs for lattice-based cryptography implementations: Special session. In CODES.

Digital Library

[21]

Donald E. Knuth. 1997. The Art of Computer Programming, Volume 2 (3rd Ed.): Seminumerical Algorithms.

Digital Library

[22]

Stephen Cook, et al. 1969. On the minimum computation time of functions. Ph.D. Dissertation, Harvard University (1969).

[23]

Anatolii Karatsuba and Yu Ofman. 1963. Multiplication of many-digital numbers by automatic computers. In USSR Academy of Sciences.

[24]

Arnold Schönhage and Volker Strassen. 1971. Schnelle multiplikation Grosser Zahlen. Computing (1971).

[25]

Martin Fürer. 2009. Faster integer multiplication. SIAM Journal of Comput. (2009).

Digital Library

[26]

Henri Nussbaumer. 1980. Fast polynomial transform algorithms for digital convolution. TASSP (1980).

[27]

James W. Cooley, et al. 1965. An algorithm for the machine calculation of complex journal = Mathematics of Computation, fourier booktitle. (1965).

[28]

W Morven Gentleman, et al. 1966. Fast fourier transforms: For fun and profit. In AFIPS’66.

Digital Library

[29]

Peter L Montgomery. 1985. Modular multiplication without trial division. Mathematics of Computation (1985).

[30]

Paul Barrett. 1986. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In CRYPTO.

Digital Library

[31]

J. Howe, C. Moore, M. O’Neill, F. Regazzoni, T. Güneysu, and K. Beeden. 2016. Lattice-based encryption over standard lattices in hardware. In DAC.

[32]

Joppe Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, and Douglas Stebila. 2016. Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE. In CCS.

Digital Library

[33]

Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. 2013. Lattice signatures and bimodal Gaussians. In CRYPTO.

[34]

James Howe, Thomas Pöppelmann, Máire O’Neill, Elizabeth O’Sullivan, and Tim Güneysu. 2015. Practical lattice-based digital signature schemes. TECS (2015).

Digital Library

[35]

Tobias Oder, Tim Güneysu, Felipe Valencia, Ayesha Khalid, Maire O’Neill, and Francesco Regazzoni. 2016. Lattice-based cryptography: From reconfigurable hardware to ASIC. In ISIC.

[36]

Franz Winkler. 1996. Polynomial algorithms in computer algebra. In TMSC.

Digital Library

[37]

Sujoy Sinha Roy, Frederik Vercauteren, Nele Mentens, Donald Donglong Chen, and Ingrid Verbauwhede. 2014. Compact ring-LWE cryptoprocessor. In CHES’14.

[38]

Thomas Pöppelmann, Tobias Oder, and Tim Güneysu. 2015. High-performance ideal lattice-based cryptography on 8-bit ATxmega microcontrollers. In LATINCRYPT.

Digital Library

[39]

Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. Cryptology ePrint Archive. (2016).

[40]

Erdem Alkim, Léo Ducas, Thomas Pűppelmann, and Peter Schwabe. 2015. Post-quantum key exchange: -A new hope. Cryptology ePrint Archive. (2015).

[41]

Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, and Damien Stehlé. 2017. CRYSTALS: Kyber: A CCA-secure Module-Lattice-Based KEM. Cryptology ePrint Archive. (2017).

[42]

Jean Pierre David, et al. 2007. Hardware complexity of modular multiplication and exponentiation. TC (2007).

[43]

Donald Donglong Chen, Gavin Xiaoxu Yao, Ray C. C. Cheung, Derek Pao, and Cetin Kaya Koç. 2016. Parameter space for the architecture of FFT-based montgomery modular multiplication. TC (2016).

[44]

Ciara Rafferty, Maire O’Neill, and Neil Hanley. 2017. Evaluation of large integer multiplication methods on hardware. TC (2017).

[45]

Paul G. Comba. 1990. Exponentiation cryptosystems on the IBM PC. IBM Systems Journal (1990).

Digital Library

[46]

Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA’11.

Digital Library

[47]

Chris Peikert. 2010. An efficient and parallel Gaussian sampler for lattices. In CRYPTO’10.

Digital Library

[48]

Shi Bai, Adeline Langlois, Tancrède Lepoint, Damien Stehlé, and Ron Steinfeld. 2015. Improved security proofs in lattice-based cryptography: Using the Rényi divergence rather than the statistical distance. In ASIACRYPT.

Digital Library

[49]

Markku-Juhani O. Saarinen. 2015. Gaussian sampling precision in lattice cryptography. Cryptology ePrint Archive. (2015).

[50]

Markku-Juhani O. Saarinen. 2017. Arithmetic coding and blinding countermeasures for lattice signatures. Journal of Cryptographic Engineering (2017).

[51]

Paulo S. L. M. Barreto, Patrick Longa, Michael Naehrig, Jefferson E. Ricardini, and Gustavo Zanon. 2016. Sharper Ring-LWE signatures. Cryptology ePrint Archive. (2016).

[52]

J. Howe, A. Khalid, C. Rafferty, F. Regazzoni, and M. O’Neill. 2016. On practical discrete Gaussian samplers for lattice-based cryptography. TC (2016).

[53]

Daniele Micciancio and Michael Walter. 2017. Gaussian sampling over the integers: Efficient, generic, constant-time. Cryptology ePrint Archive. (2017).

[54]

János Folláth. 2014. Gaussian sampling in lattice based cryptography. Tatra Mountains Mathematical Publications (2014).

[55]

John Von Neumann. 1951. Various techniques used in connection with random digits. National Bureau of Standards Applied Mathematics booktitle (1951).

[56]

Norman Göttert et al. 2012. On the design of hardware building blocks for modern lattice-based encryption schemes. In CHES.

Digital Library

[57]

Léo Ducas and Phong Q. Nguyen. 2012. Faster Gaussian lattice sampling using lazy floating-point arithmetic. In ASIACRYPT.

Digital Library

[58]

Thomas Pöppelmann. 2016. Efficient Implementation of Ideal Lattice-Based Cryptography. Ruhr-Universität Bochum.

[59]

Thomas Pöppelmann and Tim Güneysu. 2014. Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In ISCAS.

[60]

Thomas Pöppelmann, Léo Ducas, and Tim Güneysu. 2014. Enhanced lattice-based signatures on reconfigurable hardware. In CHES.

Digital Library

[61]

Tim Güneysu, et al. 2012. Practical lattice-based cryptography: A signature scheme for embedded systems. In CHES.

Digital Library

[62]

Erdem Alkim, Léo Ducas, Thomas Poppelmann, and Peter Schwabe. 2016. NewHope without reconciliation. Cryptology ePrint Archive. (2016).

[63]

Erdem Alkim, Philipp Jakubeit, and Peter Schwabe. 2016. NewHope on ARM cortex-M. In SPACE.

[64]

Silvan Streit and Fabrizio De Santis. 2017. Post-quantum key exchange on ARMv8-A: A New Hope for NEON made simple. Cryptology ePrint Archive. (2017).

[65]

Thomas Poppelmann, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Peter Schwabe, and Douglas Stebila. 2017. NewHope. Technical Report. National Institute of Standards and Technology.

[66]

Markku-Juhani O. Saarinen. 2017. HILA5. Technical Report. National Institute of Standards and Technology.

[67]

Xianhui Lu, Yamin Liu, Dingding Jia, Haiyang Xue, Jingnan He, and Zhenfei Zhang. 2017. LAC. Technical Report. National Institute of Standards and Technology.

[68]

Nigel P. Smart, Martin R. Albrecht, Yehuda Lindell, Emmanuela Orsini, Valery Osheter, Kenny Paterson, and Guy Peer. 2017. LIMA. Technical Report. National Institute of Standards and Technology.

[69]

Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrede Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2017. CRYSTALS-KYBER. Technical Report. National Institute of Standards and Technology.

[70]

Ron Steinfeld, Amin Sakzad, and Raymond K. Zhao. 2017. Titanium. Technical Report. National Institute of Standards and Technology. Available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions.

[71]

Oder Tobias and Güneysu Tim. 2017. Implementing the NewHope-simple key exchange on low-cost FPGAs. In LATINCRYPT.

[72]

George Marsaglia, Wai Wan Tsang, et al. 2000. The Ziggurat method for generating random variables. Journal of Statistical Software (2000).

[73]

George E. P. Box, Mervin E. Muller, et al. 1958. A note on the generation of random normal deviates. The Annals of Mathematical Statistics (1958).

[74]

Cong Chen, Jeffrey Hoffstein, William Whyte, and Zhenfei Zhang. 2017. pqNTRUSign: A Modular Lattice Signature Scheme. Technical Report. National Institute of Standards and Technology.

[75]

Zhenfei Zhang, Cong Chen, Jeffrey Hoffstein, and William Whyte. 2017. NTRUEncrypt. Technical Report. National Institute of Standards and Technology.

[76]

Johannes Buchmann, Daniel Cabarcas, Florian Göpfert, Andreas Hülsing, and Patrick Weiden. 2013. Discrete Ziggurat: A time-memory trade-off for sampling from a Gaussian distribution over the integers. In SAC.

Digital Library

[77]

David B. Thomas, Wayne Luk, Philip H. W. Leong, and John D. Villasenor. 2007. Gaussian random number generators. ACM CSUR (2007).

[78]

Thomas Pöppelmann and Tim Güneysu. 2012. Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware. In LATINCRYPT.

Digital Library

[79]

Thomas Pöppelmann and Tim Güneysu. 2013. Towards practical lattice-based public-key encryption on reconfigurable hardware. In SAC.

Digital Library

[80]

Chaohui Du and Guoqiang Bai. 2015. Towards efficient discrete Gaussian sampling for lattice-based cryptography. In FPL.

[81]

C. Du and G. Ba. 2016. High-performance software implementation of discrete Gaussian sampling for lattice-based cryptography. In ITNEACC.

[82]

A. Khalid, J. Howe, C. Rafferty, and M. O’Neill. 2016. Time-independent discrete Gaussian sampling for post-quantum cryptography. In FPT.

[83]

Donald E. Knuth and Andrew C. Yao. 1976. The complexity of nonuniform random number generation. Algorithms and Complexity: New Directions and Recent Results (1976).

[84]

Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. 2015. Efficient software implementation of ring-LWE encryption. In DATE.

Digital Library

[85]

Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. 2013. High precision discrete Gaussian sampling on FPGAs. In SAC.

Digital Library

[86]

Sujoy Sinha Roy, Oscar Reparaz, Frederik Vercauteren, and Ingrid Verbauwhede. 2014. Compact and side channel secure discrete Gaussian sampling. Cryptology ePrint Archive. (2014).

[87]

Daniele Micciancio and Oded Regev. 2007. Worst-case to average-case reductions based on Gaussian measures. SIAM Journal of Computing (2007).

Digital Library

[88]

Chris Peikert, Vinod Vaikuntanathan, and Brent Waters. 2008. A framework for efficient and composable oblivious transfer. In CRYPTO.

Digital Library

[89]

Jeffrey Hoffstein, et al. 1998. NTRU: A ring-based public key cryptosystem. In ANTS-III.

Digital Library

[90]

Damien Stehlé, et al. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT.

Digital Library

[91]

Mike Hamburg. 2017. Three Bears. Technical Report. National Institute of Standards and Technology.

[92]

Miruna Rosca, Amin Sakzad, Ron Steinfeld, and Damien Stehlé. 2017. Middle-product learning with errors. Cryptology ePrint Archive. (2017).

[93]

Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. 2008. Trapdoors for hard lattices and new cryptographic constructions. In STOC.

Digital Library

[94]

Shi Bai and Steven D. Galbraith. 2014. An improved compression technique for signatures based on learning with errors. In CT-RSA.

[95]

1997. Public-key cryptosystems from lattice reduction problems. In CRYPTO.

[96]

Jeffrey Hoffstein, et al. 2003. NTRUSign: Digital signatures using the NTRU lattice. In CT-RSA.

Digital Library

[97]

Jintai Ding, Xiang Xie, and Xiaodong Lin. 2012. A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, (2012).

[98]

Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. 2015. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In SP.

Digital Library

[99]

Eiichiro Fujisaki and Tatsuaki Okamoto. 1999. How to enhance the security of public-key encryption at minimum cost. In PKC.

Digital Library

[100]

Dennis Hofheinz, Kathrin HÃűvelmanns, and Eike Kiltz. 2017. A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive. (2017).

[101]

2017. NIST: National institute for standards and technology. Postquantum Crypto Project. (2017).

[102]

Le Trieu Phong, Takuya Hayashi, Yoshinori Aono, and Shiho Moriai. 2017. LOTUS. Technical Report. National Institute of Standards and Technology.

[103]

Jung Hee Cheon, Duhyeong Kim, Joohee Lee, and Yongsoo Song. 2016. Lizard: Cut off the tail! Practical post-quantum public-key encryption from LWE and LWR. Cryptology ePrint Archive. (2016).

[104]

Jung Hee Cheon, Sangjoon Park, Joohee Lee, Duhyeong Kim, Yongsoo Song, Seungwan Hong, Dongwoo Kim, Jinsu Kim, Seong-Min Hong, Aaram Yun, Jeongsu Kim, Haeryong Park, Eunyoung Choi, Kimoon kim, Jun-Sub Kim, and Jieun Lee. 2017. Lizard. Technical Report. National Institute of Standards and Technology.

[105]

Jeff Hoffstein, Jill Pipher, John M. Schanck, Joseph H. Silverman, William Whyte, and Zhenfei Zhang. 2017. Choosing parameters for NTRUEncrypt. In CT-RSA.

[106]

Minhye Seo, Jong Hwan Park, Dong Hoon Lee, Suhri Kim, and Seung-Joon Lee. 2017. EMBLEM and R.EMBLEM. Technical Report. National Institute of Standards and Technology.

[107]

Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, and Douglas Stebila. 2017. FrodoKEM. Technical Report. National Institute of Standards and Technology.

[108]

Thomas Plantard. 2017. Odd Manhattan. Technical Report. National Institute of Standards and Technology.

[109]

Oscar Garcia-Morchon, Zhenfei Zhang, Sauvik Bhattacharya, Ronald Rietman, Ludo Tolhuizen, and Jose-Luis Torre-Arce. 2017. Round2. Technical Report. National Institute of Standards and Technology.

[110]

Vadim Lyubashevsky. 2009. Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures. In ASIACRYPT.

Digital Library

[111]

Erdem Alkim, Nina Bindel, Johannes Buchmann, Ãzugijr Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krd'mer, and Filip Pawlega. 2015. Revisiting TESLA in the quantum random oracle model. Cryptology ePrint Archive. (2015).

[112]

Sauvik Bhattacharya, Oscar Garcia-Morchon, Ronald Rietman, and Ludo Tolhuizen. 2017. spKEX: An optimized lattice-based key exchange. Cryptology ePrint Archive. (2017).

[113]

Zhengzhong Jin and Yunlei Zhao. 2017. Optimal key consensus in presence of noise. Cryptology ePrint Archive. (2017).

[114]

Yunlei Zhao, Zhengzhong jin, Boru Gong, and Guangye Sui. 2017. A Modular and Systematic Approach to Key Establishment and Public-Key Encryption Based on LWE and Its Variants. Technical Report. National Institute of Standards and Technology.

[115]

Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Christine van Vredendaal. 2016. NTRU Prime: Reducing attack surface at low cost. Cryptology ePrint Archive. (2016).

[116]

Markku-Juhani Olavi Saarinen. 2017. Ring-LWE ciphertext compression and error correction: Tools for lightweight post-quantum cryptography. In IoTPTS.

Digital Library

[117]

Markku-Juhani O. Saarinen. 2017. HILA5: On reliability, reconciliation, and error correction for Ring-LWE encryption. Cryptology ePrint Archive. (2017).

[118]

Vadim Lyubashevsky. 2012. Lattice signatures without trapdoors. In EUROCRYPT.

Digital Library

[119]

Rachid El Bansarkhani and Johannes Buchmann. 2013. Improvement and efficient implementation of a lattice-based signature scheme. In SAC.

[120]

Léo Ducas. 2014. Accelerating Bliss: The geometry of ternary polynomials. Cryptology ePrint Archive. (2014).

[121]

Arjun Chopra. 2016. Improved parameters for the Ring-TESLA digital signature scheme. Cryptology ePrint Archive. (2016).

[122]

Arjun Chopra. 2017. GLYPH: A new instantiation of the GLP digital signature scheme. Cryptology ePrint Archive. (2017).

[123]

Pierre-Alain Fouque et al. 2017. FALCON: Fast-Fourier Lattice-based Compact Signatures over NTRU. Technical Report. National Institute of Standards and Technology.

[124]

Nina Bindel, Sedat Akleylek, Erdem Alkim, Paulo S. L. M. Barreto, Johannes Buchmann, Edward Eaton, Gus Gutoski, Juliane Kramer, Patrick Longa, Harun Polat, Jefferson E. Ricardini, and Gustavo Zanon. 2017. qTESLA. Technical Report. National Institute of Standards and Technology.

[125]

Andreas Hülsing, Joost Rijneveld, John Schanck, and Peter Schwabe. 2017. High-speed key encapsulation from NTRU. In CHES.

[126]

Jintai Ding, Tsuyoshi Takagi, Xinwei Gao, and Yuntao Wang. 2017. Ding Key Exchange. Technical Report. National Institute of Standards and Technology.

[127]

Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe. 2017. NTRU-HRSS-KEM. Technical Report. National Institute of Standards and Technology.

[128]

Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Christine van Vredendaal. 2017. NTRU Prime. Technical Report. National Institute of Standards and Technology.

[129]

Rachid El Bansarkhani. 2017. KINDI. Technical Report. National Institute of Standards and Technology.

[130]

Jan-Pieter D’Anvers, Angshuman Karmakar, Sujoy Sinha Roy, and Frederik Vercauteren. 2017. SABER: Mod-LWR Based KEM. Technical Report. National Institute of Standards and Technology.

[131]

Léo Ducas, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2017. CRYSTALS -- Dilithium: Digital signatures from module lattices. Cryptology ePrint Archive. (2017).

[132]

Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2017. CRYSTALS-Dilithium. Technical Report. National Institute of Standards and Technology.

[133]

Özgür Dagdelen, Rachid El Bansarkhani, Florian Göpfert, Tim Güneysu, Tobias Oder, Thomas Pöppelmann, Ana Helena Sánchez, and Peter Schwabe. 2014. High-speed signatures from standard lattices. In LATINCRYPT.

[134]

Zhe Liu, Hwajeong Seo, Sujoy Sinha Roy, Johann Großschädl, Howon Kim, and Ingrid Verbauwhede. 2015. Efficient Ring-LWE encryption on 8-bit AVR processors. (2015).

[135]

Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, and Ingrid Verbauwhede. 2016. Masking ring-LWE. Journal of Cryptographic Engineering (2016).

[136]

Johannes Buchmann, Florian Göpfert, Tim Güneysu, Tobias Oder, and Thomas Pöppelmann. 2016. High-performance and lightweight lattice-based public-key encryption. In IoTPTS.

Digital Library

[137]

Ye Yuan, Chen-Mou Cheng, Shinsaku Kiyomoto, Yutaka Miyake, and Tsuyoshi Takagi. 2016. Portable implementation of lattice-based cryptography using JavaScript. In CANDAR.

Digital Library

[138]

Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe. 2013. Software speed records for lattice-based signatures. In PQCrypto.

[139]

Tobias Oder, Thomas Pöppelmann, and Tim Güneysu. 2014. Beyond ECDSA and RSA: Lattice-based digital signatures on constrained devices. In DAC.

Digital Library

[140]

Ahmad Boorghany, Siavash Bayat Sarmadi, and Rasool Jalili. 2015. On constrained implementation of lattice-based cryptographic primitives and schemes on smart cards. (2015).

[141]

Thomas Poppelmann, Tobias Oder, and Tim Gijneysu. 2015. High-performance ideal lattice-based cryptography on 8-bit ATxmega microcontrollers. Cryptology ePrint Archive. (2015).

[142]

Sedat Akleylek, Nina Bindel, Johannes Buchmann, Juliane Krämer, and Giorgia Azzurra Marson. 2016. An efficient lattice-based signature scheme with provably secure instantiation. In AFRICACRYPT.

Digital Library

[143]

Shay Gueron and Fabian Schlieker. 2016. Speeding up R-LWE post-quantum key exchange. Cryptology ePrint Archive. (2016).

[144]

Tim Güneysu, Vadim Lyubashevsky, and Thomas Pöppelmann. 2015. Lattice-based signatures: Optimization and implementation on reconfigurable hardware. (2015).

[145]

J. Howe, C. Rafferty, A. Khalid, and M. O’Neill. 2017. Compact and provably secure lattice-based signatures in hardware. (2017).

[146]

Hamid Nejatollahi, Nikil Dutt, Indranil Banerjee, and Rosario Cammarota. 2018. Domain-specific accelerators for ideal lattice-based public key protocols. Cryptology ePrint Archive, Report 2018/608. (2018).

[147]

Po-Chun Kuo, Wen-Ding Li, Yu-Wei Chen, Yuan-Che Hsu, Bo-Yuan Peng, Chen-Mou Cheng, and Bo-Yin Yang. 2017. High performance post-quantum key exchange on FPGAs. (2017).

[148]

Aydin Aysu, Bilgiday Yuce, and Patrick Schaumont. 2015. The future of real-time security: Latency-optimized lattice-based digital signatures. (2015).

[149]

A. Aysu and P. Schaumont. 2016. Precomputation methods for hash-based signatures on energy-harvesting platforms. TC (2016).

Digital Library

[150]

Jeffrey Hoffstein, Jill Pipher, William Whyte, and Zhenfei Zhang. 2017. A signature scheme from learning with truncation. Cryptology ePrint Archive. (2017).

[151]

Nagarjun C. Dwarakanath and Steven D. Galbraith. 2014. Sampling from discrete Gaussians for lattice-based cryptography on a constrained device. Applicable Algebra in Engineering, Communication and Computing (2014).

Digital Library

[152]

Shruti More and Raj Katti. 2015. Discrete Gaussian sampling for low-power devices. In PACRIM.

[153]

Pavel Emeliyanenko. 2009. Efficient multiplication of polynomials on graphics hardware. In APPT.

Digital Library

[154]

Victor Shoup. 2016. NTL: A library for doing number theory. (2016).

[155]

Sedat Akleylek, Özgur Dağdelen, and Zaliha Yüce Tok. 2015. On the efficiency of polynomial multiplication for lattice-based cryptography on GPUs using CUDA. In ICCISB.

[156]

Sedat Akleylek, Erdem Alkım, and Zaliha Yüce Tok. 2016. Sparse polynomial multiplication for lattice-based cryptography with small complexity. The Journal of Supercomputing (2016).

Digital Library

[157]

Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, and Tancrède Lepoint. 2016. NFLlib: NTT-based fast lattice library. In CT-RSA.

Digital Library

[158]

Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. In CANS.

[159]

Aydin Aysu, Cameron Patterson, and Patrick Schaumont. 2013. Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In HOST.

[160]

Donald Donglong Chen, Nele Mentens, Frederik Vercauteren, Sujoy Sinha Roy, Ray C. C. Cheung, Derek Pao, and Ingrid Verbauwhede. 2015. High-speed polynomial multiplication architecture for ring-LWE and SHE cryptosystems. TCS (2015).

[161]

Chaohui Du and Guoqiang Bai. 2016. A family of scalable polynomial multiplier architectures for Ring-LWE based cryptosystems. (2016).

[162]

Tamás Györfi, Octavian Cret, and Zalán Borsos. 2013. Implementing modular FFTs in FPGAs -- A basic block for lattice-based cryptography. In DSD.

Digital Library

[163]

Chaohui Du and Guoqiang Bai. 2016. Towards efficient polynomial multiplication for lattice-based cryptography. In ISCAS.

[164]

Chaohui Du and Guoqiang Bai. 2016. Efficient polynomial multiplier architecture for Ring-LWE based public key cryptosystems. In ISCAS.

[165]

Chaohui Du, Guoqiang Bai, and Xingjun Wu. 2016. High-speed polynomial multiplier architecture for ring-LWE based public key cryptosystems. In GLSVLSI.

Digital Library

[166]

Nick Howgrave-Graham et al. 2003. NAEP: Provable security in the presence of decryption failures. Cryptology ePrint Archive. (2003).

[167]

Daniel J. Bernstein. 2008. New stream cipher designs. Chapter The Salsa20 Family of Stream Ciphers.

Digital Library

[168]

2009. IEEE standard specification for public key cryptographic techniques based on hard problems over lattices. IEEE Std 1363.1-2008 (2009).

[169]

El Bansarkhani Rachid. 2017. LARA: A design concept for lattice-based encryption. Cryptology ePrint Archive. (2017).

[170]

Chris Peikert. 2014. Lattice cryptography for the Internet. In PQCrypto.

[171]

Scott Fluhrer. 2016. Cryptanalysis of Ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive. (2016).

[172]

Matt Braithwaite. 2016. Experimenting with post-quantum cryptography. (2016).

[173]

Daniel J. Bernstein. 2008. ChaCha, a variant of Salsa20. In SASC.

[174]

Morris J. Dworkin. 2015. SHA-3 Standard: Permutation-based Hash and Extendable-output Functions. Technical Report.

[175]

Douglas Stebila and Michele Mosca. 2016. Post-quantum key exchange for the Internet and the Open Quantum Safe Project. Cryptology ePrint Archive. (2016).

[176]

Alexander W. Dent. 2003. A designer’s guide to KEMs. In Cryptography and Coding, Kenneth G. Paterson (Ed.).

[177]

Vadim Lyubashevsky and Daniele Micciancio. 2009. On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In CRYPTO.

Digital Library

[178]

Gu Chunsheng. 2017. Integer version of Ring-LWE and its applications. Cryptology ePrint Archive. (2017).

[179]

Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche. 2013. Keccak. In EUROCRYPT.

[180]

Ahmad Boorghany and Rasool Jalili. 2014. Implementation and comparison of lattice-based identification protocols on smart cards and microcontrollers. Cryptology ePrint Archive. (2014).

[181]

Daniele Micciancio and Chris Peikert. 2012. Trapdoors for lattices: Simpler, tighter, faster, smaller. In EUROCRYPT.

Digital Library

[182]

John Kelsey. 2016. SHA-3 derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash. NIST Special Publication (2016).

[183]

Nina Bindel, Johannes Buchmann, Juliane Kramer, Heiko Mantel, Johannes Schickel, and Alexandra Weber. 2017. Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. Cryptology ePrint Archive. (2017).

[184]

Nina Bindel, Johannes Buchmann, and Juliane Kramer. 2016. Lattice-based signature schemes and their sensitivity to fault attacks. (2016).

[185]

Eike Kiltz, Vadim Lyubashevsky, and Christian Schaffner. 2017. A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. Cryptology ePrint Archive. (2017).

[186]

Léo Ducas, Vadim Lyubashevsky, and Thomas Prest. 2014. Efficient identity-based encryption over NTRU lattices. In ASIACRYPT.

[187]

Léo Ducas and Thomas Prest. 2016. Fast Fourier orthogonalization. In ISSAC.

Digital Library

[188]

Damien Stehlé and Ron Steinfeld. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT.

Digital Library

[189]

Jeff Hoffstein, Jill Pipher, John M. Schanck, Joseph H. Silverman, and William Whyte. 2014. Transcript secure signatures based on modular lattices. In PQCrypto.

Cited By

Zhu JYuan YNie LTang WLi MWu HZhao XXing GZhang F(2025)A 28 nm 75.6 KOPS 13 nJ Computing-in-Memory Pipeline Number Theoretic Transform Accelerator for PQCIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2024.348199672:1(273-277)Online publication date: Jan-2025
https://doi.org/10.1109/TCSII.2024.3481996
Mansoor KAfzal MIqbal WAbbas Y(2025)Securing the future: exploring post-quantum cryptography for authentication and user privacy in IoT devicesCluster Computing10.1007/s10586-024-04799-428:2Online publication date: 1-Apr-2025
https://dl.acm.org/doi/10.1007/s10586-024-04799-4
Degala S(2024)Perspective Chapter: Postquantum SecurityCoding Theory - Advances in Communications Engineering and Information Security [Working Title]10.5772/intechopen.1007829Online publication date: 19-Nov-2024
https://doi.org/10.5772/intechopen.1007829
Show More Cited By

Index Terms

Post-Quantum Lattice-Based Cryptography Implementations: A Survey
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
  2. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols

Recommendations

Trends, challenges and needs for lattice-based cryptography implementations: special session
CODES '17: Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion

Advances in computing steadily erode computer security at its foundation, calling for fundamental innovations to strengthen the weakening cryptographic primitives and security protocols. At the same time, the emergence of new computing paradigms, such ...
Efficient implementation of post quantum MLWR-based PKE scheme using NTT
Abstract
Conventional Public-Key Encryption (PKE) techniques are susceptible to possible attacks by quantum computers. Lattice-based cryptography presents promising solutions with quantum-safe hard problems like learning with rounding, short integer ...
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

This paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK⁺ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 6

November 2019

786 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3303862

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 January 2019

Accepted: 01 November 2018

Revised: 01 October 2018

Received: 01 November 2017

Published in CSUR Volume 51, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Qualcomm Technology Inc.

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

158
Total Citations
View Citations
5,097
Total Downloads

Downloads (Last 12 months)855
Downloads (Last 6 weeks)91

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhu JYuan YNie LTang WLi MWu HZhao XXing GZhang F(2025)A 28 nm 75.6 KOPS 13 nJ Computing-in-Memory Pipeline Number Theoretic Transform Accelerator for PQCIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2024.348199672:1(273-277)Online publication date: Jan-2025
https://doi.org/10.1109/TCSII.2024.3481996
Mansoor KAfzal MIqbal WAbbas Y(2025)Securing the future: exploring post-quantum cryptography for authentication and user privacy in IoT devicesCluster Computing10.1007/s10586-024-04799-428:2Online publication date: 1-Apr-2025
https://dl.acm.org/doi/10.1007/s10586-024-04799-4
Degala S(2024)Perspective Chapter: Postquantum SecurityCoding Theory - Advances in Communications Engineering and Information Security [Working Title]10.5772/intechopen.1007829Online publication date: 19-Nov-2024
https://doi.org/10.5772/intechopen.1007829
Jiang JGao YGong YJiang Z(2024)A Blockchain Copyright Protection Scheme Based on CP-ABE Scheme with Policy UpdateSensors10.3390/s2414449324:14(4493)Online publication date: 11-Jul-2024
https://doi.org/10.3390/s24144493
Sabrina FSohail STariq U(2024)A Review of Post-Quantum Privacy Preservation for IoMT Using BlockchainElectronics10.3390/electronics1315296213:15(2962)Online publication date: 26-Jul-2024
https://doi.org/10.3390/electronics13152962
Chen JDeng HSu HYuan MRen Y(2024)Lattice-Based Threshold Secret Sharing Scheme and Its Applications: A SurveyElectronics10.3390/electronics1302028713:2(287)Online publication date: 8-Jan-2024
https://doi.org/10.3390/electronics13020287
Fitzgibbon GOttaviani C(2024)Constrained Device Performance Benchmarking with the Implementation of Post-Quantum CryptographyCryptography10.3390/cryptography80200218:2(21)Online publication date: 23-May-2024
https://doi.org/10.3390/cryptography8020021
Ghashghaei FAhmed YElmrabit NYousefi M(2024)Enhancing the Security of Classical Communication with Post-Quantum Authenticated-Encryption Schemes for the Quantum Key DistributionComputers10.3390/computers1307016313:7(163)Online publication date: 1-Jul-2024
https://doi.org/10.3390/computers13070163
Wang XChen YZhu XLi CFang K(2024)A Redactable Blockchain Scheme Supporting Quantum-Resistance and Trapdoor UpdatesApplied Sciences10.3390/app1402083214:2(832)Online publication date: 18-Jan-2024
https://doi.org/10.3390/app14020832
Hoque SAydeger AZeydan Edi Sanzo PMarotta R(2024)Exploring Post Quantum Cryptography with Quantum Key Distribution for Sustainable Mobile Network Architecture DesignProceedings of the 4th Workshop on Performance and Energy Efficiency in Concurrent and Distributed Systems10.1145/3659997.3660033(9-16)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3659997.3660033
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents