SSE Implementation of Multivariate PKCs on Modern x86 CPUs

Multivariate Public Key Cryptosystems (MPKCs) are often touted as future-proofing against Quantum Computers. It also has been known for efficiency compared to "traditional" alternatives. However, this advantage seems to erode with the increase of arithmetic resources in modern CPUs and improved algorithms, especially with respect to Elliptic Curve Cryptography (ECC). In this paper, we show that hardware advances do not just favor ECC. Modern commodity CPUs also have many small integer arithmetic/logic resources, embodied by SSE2 or other vector instruction sets, that are useful for MPKCs. In particular, Intel's SSSE3 instructions can speed up both public and private maps over prior software implementations of Rainbow-type systems up to 4×. Furthermore, MPKCs over fields of relatively small odd prime characteristics can exploit SSE2 instructions, supported by most modern 64-bit Intel and AMD CPUs. For example, Rainbow over ${\mathbb F}_{31}$ can be up to 2× faster than prior implementations of similarly-sized systems over ${\mathbb F}_{16}$. Here a key advance is in using Wiedemann (as opposed to Gauss) solvers to invert the small linear systems in the central maps. We explain the techniques and design choices in implementing our chosen MPKC instances over fields such as ${\mathbb F}_{31}$, ${\mathbb F}_{16}$ and ${\mathbb F}_{256}$. We believe that our results can easily carry over to modern FPGAs, which often contain a large number of small multipliers, usable by odd-field MPKCs.

[1]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[2]  Christopher Wolf,et al.  Multivariate quadratic polynomials in public key cryptography , 2005, IACR Cryptol. ePrint Arch..

[3]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[4]  Jintai Ding,et al.  Algebraic Attack on HFE Revisited , 2008, ISC.

[5]  Nicolas Courtois,et al.  Algebraic Attacks over GF(2k), Application to HFE Challenge 2 and Sflash-v2 , 2004, Public Key Cryptography.

[6]  D. B. Davis,et al.  Intel Corp. , 1993 .

[7]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[8]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[9]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[10]  Edward T. Grochowski,et al.  Larrabee: A many-Core x86 architecture for visual computing , 2008, 2008 IEEE Hot Chips 20 Symposium (HCS).

[11]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[12]  Chen-Mou Cheng,et al.  New Differential-Algebraic Attacks and Reparametrization of Rainbow , 2008, ACNS.

[13]  Tim Güneysu,et al.  Ultra High Performance ECC over NIST Primes on Commercial FPGAs , 2008, CHES.

[14]  Hideki Imai,et al.  Algebraic Methods for Constructing Asymmetric Cryptosystems , 1985, AAECC.

[15]  Jacques Stern,et al.  Total Break of the l-IC Signature Scheme , 2008, Public Key Cryptography.

[16]  D. Burger,et al.  Memory Bandwidth Limitations of Future Microprocessors , 1996, 23rd Annual International Symposium on Computer Architecture (ISCA'96).

[17]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[18]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[19]  Andrey Bogdanov,et al.  Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? , 2008, IACR Cryptol. ePrint Arch..

[20]  Olivier Billet,et al.  Efficient Implementations of Multivariate Quadratic Systems , 2006, Selected Areas in Cryptography.

[21]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[22]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[23]  Chen-Mou Cheng,et al.  Could SFLASH be Repaired? , 2008, ICALP.

[24]  Peter L. Montgomery,et al.  Division by invariant integers using multiplication , 1994, PLDI '94.

[25]  Bo-Yin Yang,et al.  l-Invertible Cycles for Multivariate Quadratic (MQ) Public Key Cryptography , 2007, Public Key Cryptography.

[26]  Louis Goubin,et al.  A Fast and Secure Implementation of Sflash , 2003, Public Key Cryptography.

[27]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[28]  Bo-Yin Yang,et al.  Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS , 2005, ACISP.

[29]  Jacques Stern,et al.  Practical Cryptanalysis of SFLASH , 2007, CRYPTO.

[30]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[31]  Chen-Mou Cheng,et al.  Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and lIC-Derivatives , 2008, PQCrypto.

[32]  Sally A. McKee,et al.  Hitting the memory wall: implications of the obvious , 1995, CARN.

[33]  T. T. Moh,et al.  A public key system with signature and master key functions , 1999 .

[34]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[35]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[36]  Jintai Ding,et al.  Secure Electronic Voting , 2006, Advances in Information Security.

[37]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[38]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[39]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[40]  Jintai Ding,et al.  Multivariate Public Key Cryptosystems (Advances in Information Security) , 2006 .

[41]  Niklaus Wirth,et al.  Advances in Cryptology — EUROCRYPT ’88 , 2000, Lecture Notes in Computer Science.

[42]  Yannick Seurin,et al.  Analysis of Intermediate Field Systems , 2009, IACR Cryptol. ePrint Arch..

[43]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[44]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[45]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[46]  Jintai Ding,et al.  Inoculating Multivariate Schemes Against Differential Attacks , 2006, Public Key Cryptography.

[47]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[48]  Jacques Calmet,et al.  Algebraic Algorithms and Error-Correcting Codes , 1985, Lecture Notes in Computer Science.

[49]  D. Bernstein,et al.  Draft. Aimed at Mathemati s of Computation. FASTER SQUARE ROOTS IN ANNOYING FINITE FIELDS , 2007 .

[50]  Bart Preneel,et al.  Taxonomy of Public Key Schemes based on the problem of Multivariate Quadratic equations , 2005, IACR Cryptol. ePrint Arch..

[51]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[52]  Antoine Joux,et al.  Inverting HFE Is Quasipolynomial , 2006, CRYPTO.

[53]  Louis Goubin,et al.  Cryptanalysis of the TTM Cryptosystem , 2000, ASIACRYPT.