Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Fast Number Theoretic Transform for Ring-LWE on 8-bit AVR Embedded Processor.
Sensors ( IF 3.4 ) Pub Date : 2020-04-05 , DOI: 10.3390/s20072039 Hwajeong Seo 1 , Hyeokdong Kwon 1 , Yongbeen Kwon 1 , Kyungho Kim 1 , Seungju Choi 1 , Hyunjun Kim 1 , Kyoungbae Jang 1
Sensors ( IF 3.4 ) Pub Date : 2020-04-05 , DOI: 10.3390/s20072039 Hwajeong Seo 1 , Hyeokdong Kwon 1 , Yongbeen Kwon 1 , Kyungho Kim 1 , Seungju Choi 1 , Hyunjun Kim 1 , Kyoungbae Jang 1
Affiliation
In this paper, we optimized Number Theoretic Transform (NTT) and random sampling operations on low-end 8-bit AVR microcontrollers. We focused on the optimized modular multiplication with secure countermeasure (i.e., constant timing), which ensures high performance and prevents timing attack and simple power analysis. In particular, we presented combined Look-Up Table (LUT)-based fast reduction techniques in a regular fashion. This novel approach only requires two times of LUT access to perform the whole modular reduction routine. The implementation is carefully written in assembly language, which reduces the number of memory access and function call routines. With LUT-based optimization techniques, proposed NTT implementations outperform the previous best results by 9.0% and 14.6% for 128-bit security level and 256-bit security level, respectively. Furthermore, we adopted the most optimized AES software implementation to improve the performance of pseudo random number generation for random sampling operation. The encryption of AES-256 counter (CTR) mode used for random number generator requires only 3184 clock cycles for 128-bit data input, which is 9.5% faster than previous state-of-art results. Finally, proposed methods are applied to the whole process of Ring-LWE key scheduling and encryption operations, which require only 524,211 and 659,603 clock cycles for 128-bit security level, respectively. For the key generation of 256-bit security level, 1,325,171 and 1,775,475 clock cycles are required for H/W and S/W AES-based implementations, respectively. For the encryption of 256-bit security level, 1,430,601 and 2,042,474 clock cycles are required for H/W and S/W AES-based implementations, respectively.
中文翻译:
在8位AVR嵌入式处理器上进行Ring-LWE的快速数论转换。
在本文中,我们优化了低端8位AVR微控制器上的数字理论转换(NTT)和随机采样操作。我们专注于具有安全对策(即恒定定时)的优化模块化乘法,以确保高性能并防止定时攻击和简单的功耗分析。特别是,我们以常规方式介绍了基于组合查找表(LUT)的快速归约技术。这种新颖的方法只需要两次LUT访问即可执行整个模块化简化程序。该实现是用汇编语言精心编写的,从而减少了内存访问和函数调用例程的数量。使用基于LUT的优化技术,建议的NTT实现在128位安全级别和256位安全级别上分别比以前的最佳结果高9.0%和14.6%。此外,我们采用了最优化的AES软件实现来提高用于随机采样操作的伪随机数生成的性能。用于128位数据输入的AES-256计数器(CTR)模式的加密仅需要3184个时钟周期,比以前的最新结果快9.5%。最后,将所提出的方法应用于Ring-LWE密钥调度和加密操作的整个过程,对于128位安全级别而言,分别仅需要524,211和659,603个时钟周期。对于256位安全级别的密钥生成,基于H / W和S / W AES的实现分别需要1,325,171和1,775,475个时钟周期。对于256位安全级别的加密,基于H / W和S / W AES的实现需要1,430,601和2,042,474个时钟周期,
更新日期:2020-04-06
中文翻译:
在8位AVR嵌入式处理器上进行Ring-LWE的快速数论转换。
在本文中,我们优化了低端8位AVR微控制器上的数字理论转换(NTT)和随机采样操作。我们专注于具有安全对策(即恒定定时)的优化模块化乘法,以确保高性能并防止定时攻击和简单的功耗分析。特别是,我们以常规方式介绍了基于组合查找表(LUT)的快速归约技术。这种新颖的方法只需要两次LUT访问即可执行整个模块化简化程序。该实现是用汇编语言精心编写的,从而减少了内存访问和函数调用例程的数量。使用基于LUT的优化技术,建议的NTT实现在128位安全级别和256位安全级别上分别比以前的最佳结果高9.0%和14.6%。此外,我们采用了最优化的AES软件实现来提高用于随机采样操作的伪随机数生成的性能。用于128位数据输入的AES-256计数器(CTR)模式的加密仅需要3184个时钟周期,比以前的最新结果快9.5%。最后,将所提出的方法应用于Ring-LWE密钥调度和加密操作的整个过程,对于128位安全级别而言,分别仅需要524,211和659,603个时钟周期。对于256位安全级别的密钥生成,基于H / W和S / W AES的实现分别需要1,325,171和1,775,475个时钟周期。对于256位安全级别的加密,基于H / W和S / W AES的实现需要1,430,601和2,042,474个时钟周期,
京公网安备 11010802027423号