A Constant-time AVX2 Implementation of a Variant of ROLLO

This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorith...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Tung Chou, Jin-Han Liou
Formato: article
Lenguaje:EN
Publicado: Ruhr-Universität Bochum 2021
Materias:
Acceso en línea:https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d43
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:a068b0944322468d9d9b37fbfd6e3d43
record_format dspace
spelling oai:doaj.org-article:a068b0944322468d9d9b37fbfd6e3d432021-11-19T14:36:13ZA Constant-time AVX2 Implementation of a Variant of ROLLO10.46586/tches.v2022.i1.152-1742569-2925https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d432021-11-01T00:00:00Zhttps://tches.iacr.org/index.php/TCHES/article/view/9293https://doaj.org/toc/2569-2925 This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorithm of ROLLO-I. Our implementation of ROLLO+-I-128, one of the level-1 parameter sets of ROLLO+, takes 851823 Skylake cycles for key generation, 30361 Skylake cycles for encapsulation, and 673666 Skylake cycles for decapsulation. Compared to the state-of-the-art implementation of ROLLO-I-128 by Aguilar-Melchor et al., which is claimed to be constant-time but actually is not, our implementation achieves a 12.9x speedup for key generation, a 10.6x speedup for encapsulation, and a 14.5x speedup for decapsulation. Compared to the state-of-the-art implementation of the level-1 parameter set of BIKE by Chen, Chou, and Krausz, our key generation time is 1.4x as slow, but our encapsulation time is 3.8x as fast, and our decapsulation time is 2.4x as fast. Tung ChouJin-Han LiouRuhr-Universität BochumarticleNIST PQC standardizationconstant-time implementationscode-based cryptographyComputer engineering. Computer hardwareTK7885-7895Information technologyT58.5-58.64ENTransactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 1 (2021)
institution DOAJ
collection DOAJ
language EN
topic NIST PQC standardization
constant-time implementations
code-based cryptography
Computer engineering. Computer hardware
TK7885-7895
Information technology
T58.5-58.64
spellingShingle NIST PQC standardization
constant-time implementations
code-based cryptography
Computer engineering. Computer hardware
TK7885-7895
Information technology
T58.5-58.64
Tung Chou
Jin-Han Liou
A Constant-time AVX2 Implementation of a Variant of ROLLO
description This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorithm of ROLLO-I. Our implementation of ROLLO+-I-128, one of the level-1 parameter sets of ROLLO+, takes 851823 Skylake cycles for key generation, 30361 Skylake cycles for encapsulation, and 673666 Skylake cycles for decapsulation. Compared to the state-of-the-art implementation of ROLLO-I-128 by Aguilar-Melchor et al., which is claimed to be constant-time but actually is not, our implementation achieves a 12.9x speedup for key generation, a 10.6x speedup for encapsulation, and a 14.5x speedup for decapsulation. Compared to the state-of-the-art implementation of the level-1 parameter set of BIKE by Chen, Chou, and Krausz, our key generation time is 1.4x as slow, but our encapsulation time is 3.8x as fast, and our decapsulation time is 2.4x as fast.
format article
author Tung Chou
Jin-Han Liou
author_facet Tung Chou
Jin-Han Liou
author_sort Tung Chou
title A Constant-time AVX2 Implementation of a Variant of ROLLO
title_short A Constant-time AVX2 Implementation of a Variant of ROLLO
title_full A Constant-time AVX2 Implementation of a Variant of ROLLO
title_fullStr A Constant-time AVX2 Implementation of a Variant of ROLLO
title_full_unstemmed A Constant-time AVX2 Implementation of a Variant of ROLLO
title_sort constant-time avx2 implementation of a variant of rollo
publisher Ruhr-Universität Bochum
publishDate 2021
url https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d43
work_keys_str_mv AT tungchou aconstanttimeavx2implementationofavariantofrollo
AT jinhanliou aconstanttimeavx2implementationofavariantofrollo
AT tungchou constanttimeavx2implementationofavariantofrollo
AT jinhanliou constanttimeavx2implementationofavariantofrollo
_version_ 1718420087455612928