SSE Implementation of Multivariate PKCs on Modern x86 CPUs

Authors:
Anna Inn-Tung Chen;Ming-Shing Chen;Tien-Ren Chen;Chen-Mou Cheng;Jintai Ding;Eric Li-Hsiang Kuo;Frost Yu-Shuang Lee;Bo-Yin Yang
Affiliations:
National Taiwan University, Taipei, Taiwan;Academia Sinica, Taipei, Taiwan;Academia Sinica, Taipei, Taiwan;National Taiwan University, Taipei, Taiwan;University of Cincinnati, Cincinnati, USA;Academia Sinica, Taipei, Taiwan;National Taiwan University, Taipei, Taiwan;Academia Sinica, Taipei, Taiwan
Venue:
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Year:
2009

Citing 25
Cited 11

Public quadratic polynomial-tuples for efficient signature-verification and message-encryption

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Division by invariant integers using multiplication

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Hitting the memory wall: implications of the obvious

ACM SIGARCH Computer Architecture News
Memory bandwidth limitations of future microprocessors

ISCA '96 Proceedings of the 23rd annual international symposium on Computer architecture
Algebraic Methods for Constructing Asymmetric Cryptosystems

AAECC-3 Proceedings of the 3rd International Conference on Algebraic Algorithms and Error-Correcting Codes
Cryptanalysis of the TTM Cryptosystem

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Fast and Secure Implementation of Sflash

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Multivariate Public Key Cryptosystems (Advances in Information Security)

Multivariate Public Key Cryptosystems (Advances in Information Security)
Larrabee: a many-core x86 architecture for visual computing

ACM SIGGRAPH 2008 papers
Could SFLASH be Repaired?

ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Time-Area Optimized Public-Key Engines: $\mathcal{MQ}$-Cryptosystems as Replacement for Elliptic Curves?

CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Ultra High Performance ECC over NIST Primes on Commercial FPGAs

CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Algebraic Attack on HFE Revisited

ISC '08 Proceedings of the 11th international conference on Information Security
Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and lIC-Derivatives

PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Unbalanced oil and vinegar signature schemes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient implementations of multivariate quadratic systems

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
l-invertible cycles for multivariate quadratic (MQ) public key cryptography

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Practical cryptanalysis of SFLASH

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
New differential-algebraic attacks and reparametrization of rainbow

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Total break of the l-IC signature scheme

PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Building secure tame-like multivariate public-key cryptosystems: the new TTS

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Rainbow, a new multivariable polynomial signature scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Inverting HFE is quasipolynomial

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Inoculating multivariate schemes against differential attacks

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Efficient software implementation of binary field arithmetic using vector instruction sets

LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Cryptanalysis of multivariate and odd-characteristic HFE variants

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Small public keys and fast verification for multivariate quadratic public key systems

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
General fault attacks on multivariate public key cryptosystems

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
On provable security of UOV and HFE signature schemes against chosen-message attack

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
On the differential security of multivariate public key cryptosystems

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
High-Speed hardware implementation of rainbow signature on FPGAs

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Reducing the key size of rainbow using non-commutative rings

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Public-Key cryptography from new multivariate quadratic assumptions

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Linear recurring sequences for the UOV key generation revisited

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
RAIDq: a software-friendly, multiple-parity RAID

HotStorage'13 Proceedings of the 5th USENIX conference on Hot Topics in Storage and File Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Multivariate Public Key Cryptosystems (MPKCs) are often touted as future-proofing against Quantum Computers. It also has been known for efficiency compared to "traditional" alternatives. However, this advantage seems to erode with the increase of arithmetic resources in modern CPUs and improved algorithms, especially with respect to Elliptic Curve Cryptography (ECC). In this paper, we show that hardware advances do not just favor ECC. Modern commodity CPUs also have many small integer arithmetic/logic resources, embodied by SSE2 or other vector instruction sets, that are useful for MPKCs. In particular, Intel's SSSE3 instructions can speed up both public and private maps over prior software implementations of Rainbow-type systems up to 4×. Furthermore, MPKCs over fields of relatively small odd prime characteristics can exploit SSE2 instructions, supported by most modern 64-bit Intel and AMD CPUs. For example, Rainbow over ${\mathbb F}_{31}$ can be up to 2× faster than prior implementations of similarly-sized systems over ${\mathbb F}_{16}$. Here a key advance is in using Wiedemann (as opposed to Gauss) solvers to invert the small linear systems in the central maps. We explain the techniques and design choices in implementing our chosen MPKC instances over fields such as ${\mathbb F}_{31}$, ${\mathbb F}_{16}$ and ${\mathbb F}_{256}$. We believe that our results can easily carry over to modern FPGAs, which often contain a large number of small multipliers, usable by odd-field MPKCs.