A Lattice-based AKE on ARM Cortex-M4

Julian Speith, Tobias Oder, Tim Güneysu

BalkanCryptSec 2018, Iasi, Romania, Sep­tem­ber 20-21, 2018.


Lattice-based cryptography is one of the most promising alternatives to currently deployed public key algorithms. Plenty of novel key exchange schemes based on lattices have been proposed. The majority of these proposals however focuses on unauthenticated key exchange schemes which need to be combined with a digital signature scheme for authentication. In this work we analyze the cost of the authentication overhead. We instantiate the generic construction by del Pino et al. with the digital signature scheme BLISS-B and the key exchange scheme JarJar-Simple and implement the authenticated key exchange on a ARM Cortex-M4F to show its practical performance on a constrained device. Our implementation takes a total of 62ms on average for one execution of the protocol. Those speeds are achieved by improving previous work on BLISS by a factor of 100 in terms of cycle counts for an entire run of the signature scheme and the use of optimized arithmetic functions for integer reductions, polynomial multiplications and polynomial inversions. Our lightweight implementation only needs 32 KB of Flash memory and 17 KB of RAM.

[Source Code] [pdf]