RNS Arithmetic Approach in Lattice-Based Cryptography: Accelerating the "Rounding-off" Core Procedure

Residue Number Systems (RNS) are naturally considered as an interesting candidate to provide efficient arithmetic for implementations of cryptosystems such as RSA, ECC (Elliptic Curve Cryptography), pairings, etc. More recently, RNS have been used to accelerate fully homomorphic encryption as lattice-based cryptogaphy. In this paper, we present an RNS algorithm resolving the Closest Vector Problem (CVP). This algorithm is particularly efficient for a certain class of lattice basis. It provides a full RNS Babai round-off procedure without any costly conversion into alternative positional number system such as Mixed Radix System (MRS). An optimized Cox-Rower architecture adapted to the proposed algorithm is also presented. The main modifications reside in the Rower unit whose feature is to use only one multiplier. This allows to free two out of three multipliers from the Rower unit by reusing the same one with an overhead of 3 more cycles per inner reduction. An analysis of feasibility of implementation within FPGA is also given.

[1]  Tanja Lange,et al.  Pairing-Based Cryptography – Pairing 2012 , 2012, Lecture Notes in Computer Science.

[2]  Ramdas Kumaresan,et al.  Fast Base Extension Using a Redundant Modulus in RNS , 1989, IEEE Trans. Computers.

[3]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[4]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[5]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[6]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[7]  Shay Gueron Enhanced Montgomery Multiplication , 2002, CHES.

[8]  Jean-Claude Bajard,et al.  Modular multiplication and base extensions in residue number systems , 2001, Proceedings 15th IEEE Symposium on Computer Arithmetic. ARITH-15 2001.

[9]  Thomas Plantard,et al.  RNS Arithmetic Approach in Lattice-based Cryptography , 2015 .

[10]  Jean-Claude Bajard,et al.  Double Level Montgomery Cox-Rower Architecture, New Bounds , 2014, CARDIS.

[11]  Nicolas Guillermin A coprocessor for secure and high speed modular arithmetic , 2011, IACR Cryptol. ePrint Arch..

[12]  Atsushi Shimbo,et al.  Implementation of RSA Algorithm Based on RNS Montgomery Multiplication , 2001, CHES.

[13]  Arnaud Tisserand,et al.  Improving Modular Inversion in RNS using the Plus-Minus Method , 2013, IACR Cryptol. ePrint Arch..

[14]  Richard I. Tanaka,et al.  Residue arithmetic and its applications to computer technology , 1967 .

[15]  Ingrid Verbauwhede,et al.  FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction , 2011, CHES.

[16]  Reinhard Posch,et al.  Modulo Reduction in Residue Number Systems , 1995, IEEE Trans. Parallel Distributed Syst..

[17]  Atsushi Shimbo,et al.  Cox-Rower Architecture for Fast Parallel Montgomery Multiplication , 2000, EUROCRYPT.

[18]  Thomas Plantard,et al.  Babaï round-off CVP method in RNS: Application to lattice based cryptographic protocols , 2014, 2014 International Symposium on Integrated Circuits (ISIC).

[19]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[20]  Nicolas Guillermin A high speed coprocessor for elliptic curve scalar multiplication over Fp , 2010 .

[21]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[22]  Ingrid Verbauwhede,et al.  Faster Pairing Coprocessor Architecture , 2012, Pairing.

[23]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.