A Constant-time AVX2 Implementation of a Variant of ROLLO
This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorith...
Guardado en:
Autores principales: | , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
Ruhr-Universität Bochum
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d43 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:a068b0944322468d9d9b37fbfd6e3d43 |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:a068b0944322468d9d9b37fbfd6e3d432021-11-19T14:36:13ZA Constant-time AVX2 Implementation of a Variant of ROLLO10.46586/tches.v2022.i1.152-1742569-2925https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d432021-11-01T00:00:00Zhttps://tches.iacr.org/index.php/TCHES/article/view/9293https://doaj.org/toc/2569-2925 This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorithm of ROLLO-I. Our implementation of ROLLO+-I-128, one of the level-1 parameter sets of ROLLO+, takes 851823 Skylake cycles for key generation, 30361 Skylake cycles for encapsulation, and 673666 Skylake cycles for decapsulation. Compared to the state-of-the-art implementation of ROLLO-I-128 by Aguilar-Melchor et al., which is claimed to be constant-time but actually is not, our implementation achieves a 12.9x speedup for key generation, a 10.6x speedup for encapsulation, and a 14.5x speedup for decapsulation. Compared to the state-of-the-art implementation of the level-1 parameter set of BIKE by Chen, Chou, and Krausz, our key generation time is 1.4x as slow, but our encapsulation time is 3.8x as fast, and our decapsulation time is 2.4x as fast. Tung ChouJin-Han LiouRuhr-Universität BochumarticleNIST PQC standardizationconstant-time implementationscode-based cryptographyComputer engineering. Computer hardwareTK7885-7895Information technologyT58.5-58.64ENTransactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 1 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
NIST PQC standardization constant-time implementations code-based cryptography Computer engineering. Computer hardware TK7885-7895 Information technology T58.5-58.64 |
spellingShingle |
NIST PQC standardization constant-time implementations code-based cryptography Computer engineering. Computer hardware TK7885-7895 Information technology T58.5-58.64 Tung Chou Jin-Han Liou A Constant-time AVX2 Implementation of a Variant of ROLLO |
description |
This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorithm of ROLLO-I. Our implementation of ROLLO+-I-128, one of the level-1 parameter sets of ROLLO+, takes 851823 Skylake cycles for key generation, 30361 Skylake cycles for encapsulation, and 673666 Skylake cycles for decapsulation. Compared to the state-of-the-art implementation of ROLLO-I-128 by Aguilar-Melchor et al., which is claimed to be constant-time but actually is not, our implementation achieves a 12.9x speedup for key generation, a 10.6x speedup for encapsulation, and a 14.5x speedup for decapsulation. Compared to the state-of-the-art implementation of the level-1 parameter set of BIKE by Chen, Chou, and Krausz, our key generation time is 1.4x as slow, but our encapsulation time is 3.8x as fast, and our decapsulation time is 2.4x as fast.
|
format |
article |
author |
Tung Chou Jin-Han Liou |
author_facet |
Tung Chou Jin-Han Liou |
author_sort |
Tung Chou |
title |
A Constant-time AVX2 Implementation of a Variant of ROLLO |
title_short |
A Constant-time AVX2 Implementation of a Variant of ROLLO |
title_full |
A Constant-time AVX2 Implementation of a Variant of ROLLO |
title_fullStr |
A Constant-time AVX2 Implementation of a Variant of ROLLO |
title_full_unstemmed |
A Constant-time AVX2 Implementation of a Variant of ROLLO |
title_sort |
constant-time avx2 implementation of a variant of rollo |
publisher |
Ruhr-Universität Bochum |
publishDate |
2021 |
url |
https://doaj.org/article/a068b0944322468d9d9b37fbfd6e3d43 |
work_keys_str_mv |
AT tungchou aconstanttimeavx2implementationofavariantofrollo AT jinhanliou aconstanttimeavx2implementationofavariantofrollo AT tungchou constanttimeavx2implementationofavariantofrollo AT jinhanliou constanttimeavx2implementationofavariantofrollo |
_version_ |
1718420087455612928 |