Efficient Implementations of Rainbow and UOV using AVX2

A signature scheme based on multivariate quadratic equations, Rainbow, was selected as one of digital signature finalists for NIST Post-Quantum Cryptography Standardization Round 3. In this paper, we provide efficient implementations of Rainbow and UOV using the AVX2 instruction set. These efficient implementations include several optimizations for signing to accelerate solving linear systems and the Vinegar value substitution. We propose a new block matrix inversion (BMI) method using the Lower-Diagonal-Upper decomposition of blocks matrices based on the Schur complement that accelerates solving linear systems. Compared to UOV implemented with Gaussian elimination, our implementations with the BMI result in speedups of 12.36%, 24.3%, and 34% for signing at security categories I, III, and V, respectively. Compared to Rainbow implemented with Gaussian elimination, our implementations with the BMI result in speedups of 16.13% and 20.73% at the security categories III and V, respectively. We show that precomputation for the Vinegar value substitution and solving linear systems dramatically improve their signing. UOV with precomputation is 16.9 times, 35.5 times, and 62.8 times faster than UOV without precomputation at the three security categories, respectively. Rainbow with precomputation is 2.1 times, 2.2 times, and 2.8 times faster than Rainbow without precomputation at the three security categories, respectively. We then investigate resilience against leakage or reuse of the precomputed values in UOV and Rainbow to use the precomputation securely: leakage or reuse of the precomputed values leads to their full secret key recoveries in polynomial-time.

[1]  R. Cuninghame-Green,et al.  Applied Linear Algebra , 1979 .

[2]  V. Strassen Gaussian elimination is not optimal , 1969 .

[3]  Ward Beullens,et al.  Improved Cryptanalysis of UOV and Rainbow , 2020, IACR Cryptol. ePrint Arch..

[4]  Chen-Mou Cheng,et al.  SSE Implementation of Multivariate PKCs on Modern x86 CPUs , 2009, CHES.

[5]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[6]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[7]  Kyung-Ah Shim,et al.  Algebraic Fault Analysis of UOV and Rainbow With the Leakage of Random Vinegar Values , 2020, IEEE Transactions on Information Forensics and Security.

[8]  Andrey Bogdanov,et al.  Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? , 2008, IACR Cryptol. ePrint Arch..

[9]  Enrico Thomae,et al.  About the security of multivariate quadratic public key schemes , 2013 .

[10]  Daniel Smith-Tone,et al.  Rainbow Band Separation is Better than we Thought , 2020, IACR Cryptol. ePrint Arch..

[11]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[12]  Anupam Chattopadhyay,et al.  Improving Speed of Dilithium's Signing Procedure , 2019, IACR Cryptol. ePrint Arch..

[13]  Stefan Heyse,et al.  Efficient Implementations of MQPKS on Constrained Devices , 2012, CHES.

[14]  John Baena,et al.  On the Complexity of "Superdetermined" Minrank Instances , 2019, PQCrypto.

[15]  Bo-Yin Yang,et al.  Design Principles for HFEv- Based Multivariate Signature Schemes , 2015, ASIACRYPT.

[16]  Bart Preneel,et al.  Large Superfluous Keys in Multivariate Quadratic Asymmetric Systems , 2005, Public Key Cryptography.

[17]  Ricardo Felipe Custódio,et al.  Handling Vinegar Variables to Shorten Rainbow Key Pairs , 2019, AFRICACRYPT.

[18]  Louis Goubin,et al.  QUARTZ, 128-Bit Long Digital Signatures , 2001, CT-RSA.

[19]  P. Gaborit,et al.  An Algebraic Attack on Rank Metric Code-Based Cryptosystems , 2019, EUROCRYPT.

[20]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[21]  Kristin L. Wood,et al.  DESIGN OF ENERGY HARVESTING TECHNOLOGY: FEASIBILITY FOR LOW- POWER WIRELESS SENSOR NETWORKS , 2010 .

[22]  Silvio Micali,et al.  On-Line/Off-Line Digital Schemes , 1989, CRYPTO.

[23]  Taizo Shirai,et al.  On Provable Security of UOV and HFE Signature Schemes against Chosen-Message Attack , 2011, PQCrypto.

[24]  Ray A. Perlner,et al.  Improvements of Algebraic Attacks for Solving the Rank Decoding and MinRank Problems , 2020, ASIACRYPT.