Lattice-Based Cryptography

Prac­tical Lat­ti­ce-Ba­sed Cryp­to­gra­phy: A Si­gna­tu­re Sche­me for Em­bed­ded Sys­tems

Prac­tical Lat­ti­ce-Ba­sed Cryp­to­gra­phy: A Si­gna­tu­re Sche­me for Em­bed­ded Sys­tems, Tim Gü­ney­su, Vadim Lyu­bas­hevs­ky, Tho­mas Pöp­pel­mann, Work­shop on Cryp­to­gra­phic Hard­ware and Em­bed­ded Sys­tems, CHES 2012, Leu­ven, Bel­gi­um, Sep­tem­ber 9-12, 2012.

The paper introduces a practical lattice-based signature scheme and describes an implementation on Xilinx FPGAs. The paper can be found here.

Arithmetic for Ideal Lattice-Based Cryptography on FPGAs

Towards Ef­fi­ci­ent Arith­me­tic for Lat­ti­ce-Ba­sed Cryp­to­gra­phy on Re­con­fi­gura­ble Hard­ware by Tho­mas Pöp­pel­mann, Tim Gü­ney­su, La­tin­crypt 2012: Se­cond In­ter­na­tio­nal Con­fe­rence on Cryp­to­lo­gy and In­for­ma­ti­on Se­cu­ri­ty, La­tin­crypt 2012, San­tia­go, Chile, Oc­to­ber 7-10, 2012.

The paper describes an efficient FFT/NTT implementation of polynomial multiplication for lattice-based cryptography on Xilinx FPGAs. The paper can be found here. The VHDL source code of the implementation can be found here.

There is a follow-up paper by Aydin Aysu, Cameron Patterson, and Patrick Schaumont where they introduce ideas on how to improve the area-usage of an NTT multiplier and compare their implementation with our work. Have a look at their paper Low-Cost and Area-Efficient FPGA Implementations of Lattice-Based Cryptography which has been presented at HOST 2013.

Another follow-up paper describing ideas for an improved NTT is "Compact Hardware Implementation of Ring-LWE Cryptosystems" by Sujoy Sinha Roy and Frederik Vercauteren and Nele Mentens and Donald Donglong Chen and Ingrid Verbauwhede (Eprint:2013/866).

Software Speed Records for Lattice-Based Signatures

Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe: Software Speed Records for Lattice-Based Signatures. Post-Quantum Cryptography, PQCrypto'13, Limoges, France, June 4-7, 2013.

In this paper we describe a high-speed software implementation of the signature scheme presented at CHES'12 using the AVX vector registers built into of modern processors. The paper can be found here. The C source code of the implementation can be found here.

In their CRYPTO 2013 paper Lattice signatures and bimodal Gaussians (full version), the authors Leo Ducas, Alain Durmus, Tancrede Lepoint, and Vadim Lyubashevsky describe an improved signature scheme. However, their security analysis suggests that the implemented scheme offers only roughly 75-80 bits of security instead of the claimed 100 bits.

Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware

Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware by Tho­mas Pöp­pel­mann, Tim Gü­ney­su, Selected Areas in Cryptography 2013, Selected Areas in Cryptography - SAC 2013, Burnaby, Canada, August 14-16, 2013.

In this paper we present an efficient FPGA implementation of the 2-element Ring-LWE based public-key encryption scheme using a micro-code engine. The paper can be found here. The VHDL source code of the implementation can be found here.

In their paper "Compact Hardware Implementation of Ring-LWE Cryptosystems" by Sujoy Sinha Roy and Frederik Vercauteren and Nele Mentens and Donald Donglong Chen and Ingrid Verbauwhede (Eprint:2013/866) the authors describe a more efficient implementation and a better usage of the NTT in order to save one transformation for encryption/decryption.

Area Op­ti­miza­t­i­on of Light­weight Lat­ti­ce-Ba­sed En­cryp­ti­on on Re­con­fi­gura­ble Hard­ware

Area Op­ti­miza­t­i­on of Light­weight Lat­ti­ce-Ba­sed En­cryp­ti­on on Re­con­fi­gura­ble Hard­ware by Tho­mas Pöp­pel­mann, Tim Gü­ney­su, The 2014 IEEE In­ter­na­tio­nal Sym­po­si­um on Cir­cuits and Sys­tems, Spe­cial Ses­si­on: Towards Prac­tical Ho­mo­mor­phic and Post-Quan­tum Cryp­to­gra­phic Ar­chi­tec­tu­res, Mel­bour­ne, Aus­tra­lia, June 1-5, 2014.

FPGA implementation of the 2-element Ring-LWE based public-key encryption scheme with a focus on low area consumption. The paper can be found here.

Beyond ECDSA and RSA: Lattice-based Digital Signatures on Constrained Devices

Beyond ECDSA and RSA: Lattice-based Digital Signatures on Constrained Devices by Tobias Oder, Thomas Pöppelmann, Tim Güneysu, DAC 2014, San Francisco, CA, USA, June 1-5, 2014.

Implementation of BLISS on a Cortex-M4F with evaluation of Gaussian samplers. The paper can be found here.

Enhanced Lattice-Based Signatures on Reconfigurable Hardware

Enhanced Lattice-Based Signatures on Reconfigurable Hardware by Thomas Pöppelmann, Léo Ducas, Tim Güneysu, to appear in CHES 2014.

The paper describes an implementation of the Bimodal Lattice Signature Scheme (BLISS) with special focus on efficient CDT-based Gaussian sampling. See http://bliss.di.ens.fr/ for further details on BLISS and a software implementation. The extended version of the paper can be found here. The source code can be downloaded here.

High-Per­for­mance Ideal Lat­ti­ce-Ba­sed Cryp­to­gra­phy on ATx­me­ga 8-bit Micro­con­trol­lers

High-Per­for­mance Ideal Lat­ti­ce-Ba­sed Cryp­to­gra­phy on ATx­me­ga 8-bit Micro­con­trol­lers by Thomas Pöppelmann, Tobias Oder, Tim Güneysu, La­tin­crypt 2015, Bi­en­ve­n­i­do, Guad­a­la­ja­ra, Me­xi­co, Au­gust 23-26, 2015.

The paper describes an implementation of Ring-LWE Encrytion and the Bimodal Lattice Signature Scheme (BLISS) on an AVR ATxmega. The source code is available here.

Implementing Lattice-Based Cryptography on Embedded Devices

Implementing Lattice-Based Cryptography on Embedded Devices, Thomas Pöppelmann

A talk given at the summer school on real-world crypto and privacy in Sibenik, Croatia, 2015. Example code is available here.

High-Per­for­mance and Light­weight Lat­ti­ce-Ba­sed Pu­blic-Key En­cryp­ti­on

High-Per­for­mance and Light­weight Lat­ti­ce-Ba­sed Pu­blic-Key En­cryp­ti­on Jo­han­nes Buch­mann, Flo­ri­an Göp­fert, Tim Gü­ney­su, To­bi­as Oder, Tho­mas Pöp­pel­mann 2nd In­ter­na­tio­nal Work­shop on IoT Pri­va­cy, Trust, and Se­cu­ri­ty 2016, IoT­PTS 2016, Xi'an, China, May 30, 2016.

The paper describes an implementation of Ring-LWE Encrytion with binary secret an AVR ATxmega and an ARM Cortex-M0. The source code is available here.

Towards light­weight Iden­ti­ty-Ba­sed En­cryp­ti­on for the post-quan­tum-se­cu­re In­ter­net of Things

Towards light­weight Iden­ti­ty-Ba­sed En­cryp­ti­on for the post-quan­tum-se­cu­re In­ter­net of Things Tim Gü­ney­su, To­bi­as Oder 18th In­ter­na­tio­nal Sym­po­si­um on Qua­li­ty Elec­tro­nic De­sign, ISQED 2017, Santa Clara, CA, USA, 14-15 March 2017.

The paper describes an implementation of the post-quantum identity-based encryption scheme by Ducas et al. for ARM-Cortex-M0/M4 microcontrollers and Xilinx Spartan 6 FPGAs. The source code will be published in the future.

Im­ple­men­ting the New­Ho­pe-Sim­ple Key Ex­chan­ge on Low-Cost FPGAs

Im­ple­men­ting the New­Ho­pe-Sim­ple Key Ex­chan­ge on Low-Cost FPGAs To­bi­as Oder, Tim Gü­ney­su La­tin­crypt 2017, La Ha­ba­na, Cuba, Sep­tem­ber 20-22, 2017, to ap­pe­ar

The paper describes an implementation of the NewHope lattice-based key exchange for Xilinx Artix 7 FPAGs. The source code is available here.

A Lattice-based AKE on ARM Cortex-M4

A Lattice-based AKE on ARM Cortex-M4 Julian Speith, To­bi­as Oder, Marcel Kneib, Tim Gü­ney­su BalkanCryptSec 2018, Iași, Romania, Sep­tem­ber 20-21, 2018, to ap­pe­ar

The paper describes an implementation of a lattice-based AKE on ARM Cortex-M4. The source code is available here.