Shorter Messages and Faster Post-Quantum Encryption with Round5 on Cortex M

  • Markku-Juhani O. SaarinenEmail author
  • Sauvik Bhattacharya
  • Oscar Garcia-Morchon
  • Ronald Rietman
  • Ludo Tolhuizen
  • Zhenfei Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11389)


Round5 is a Public Key Encryption and Key Encapsulation Mechanism (KEM) based on General Learning with Rounding (GLWR), a lattice problem. We argue that the ring variant of GLWR is better suited for embedded targets than the more common RLWE (Ring Learning With Errors) due to significantly shorter keys and messages. Round5 incorporates GLWR with error correction, building on design features from NIST Post-Quantum Standardization candidates Round2 and Hila5. The proposal avoids Number Theoretic Transforms (NTT), allowing more flexibility in parameter selection and making it simpler to implement. We discuss implementation techniques of Round5 ring variants and compare them to other NIST PQC candidates on lightweight Cortex M4 platform. We show that the current development version of Round5 offers not only the shortest key and ciphertext sizes among Lattice-based candidates, but also has leading performance and implementation size characteristics.


Post-Quantum Cryptography Lattice cryptography GLWR Embedded implementation Cortex M4 


  1. 1.
    Alkim, E., et al.: NewHope: algorithm specifcations and supporting documentation. First Round NIST PQC Project Submission Document, November 2017.
  2. 2.
    Avanzi, R., et al.: CRYSTALS-Kyber: algorithm specifications and supporting documentation. Fist Round NIST PQC Project Submission Document, November 2017.
  3. 3.
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). Scholar
  4. 4.
    Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: Ntru prime 20171130. Fist Round NIST PQC Project Submission Document, November 2017.
  5. 5.
    Bhattacharya, S., et al.: Round5: Compact and fast post-quantum public-key encryption. Submitted for publication, August 2018.
  6. 6.
    CNSS. Use of public standards for the secure sharing of information among national security systems. Committee on National Security Systems: CNSS Advisory Memorandum, Information Assurance 02–15 July 2015Google Scholar
  7. 7.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003). Scholar
  8. 8.
    D’Anvers, J.-P., Karmakar, A., Roy, S.S., Vercauteren, F.: SABER: Mod-LWR based KEM. Fist Round NIST PQC Project Submission Document, November 2017.
  9. 9.
    Dworkin, M.: Recommendation for block cipher modes of operation: Methods and techniques. NIST Special Publication 800–38A, December 2001Google Scholar
  10. 10.
    FIPS. Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, November 2001.
  11. 11.
    FIPS. SHA-3 standard: Permutation-based hash and extendable-output functions. Federal Information Processing Standards Publication 202, August 2015Google Scholar
  12. 12.
    Fujii, H., Aranha, D.F.: Curve25519 for the Cortex-M4 and beyond. In: LATINCRYPT 2017 (2017).
  13. 13.
    Fujisaki, E., Okamoto, T.: Secure Integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). Scholar
  14. 14.
    Garcia-Morchon, A.: Round2: KEM and PKE based on GLWE. First Round NIST PQC Project Submission Document, November 2017.
  15. 15.
    Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017). Scholar
  16. 16.
    Hülsing, A., Rijneveld, J., Schanck, J.M., Schwabe, P.: NTRU-HRSS-KEM: Algorithm specifications and supporting documentation. Fist Round NIST PQC Project Submission Document, November 2017.
  17. 17.
    Jao, D., et al.: Supersingular isogeny key encapsulation. First Round NIST PQC Project Submission Document, November 2017.
  18. 18.
    Karmakar, A., Mera, J.M.B., Roy, S.S., Verbauwhede, I.: Saber on ARM: CCA-secure module lattice-based key encapsulation on ARM. In: CHES 2018 (2018).
  19. 19.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). Scholar
  20. 20.
    Moody, D.: Post-quantum cryptography: NIST’s plan for the future. Talk given at PQCrypto 2016 Conference, 23–26 February 2016, Fukuoka, Japan, February 2016.
  21. 21.
    NIST. Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. Official Call for Proposals, National Institute for Standards and Technology, December 2016.
  22. 22.
    NIST. Post-quantum cryptography - round 1 submissions. National Institute for Standards and Technology, December 2017.
  23. 23.
    NSA/CSS. Information assurance directorate: Commercial national security algorithm suite and quantum computing FAQ, January 2016.
  24. 24.
    Nussbaumer, H.J.: Fast polynomial transform algorithms for digital convolution. IEEE Trans. Acoust. Speech Signal Process. 28, 205–215 (1980)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3(4), 317–344 (2003). arXiv.
  26. 26.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93. ACM, May 2005Google Scholar
  27. 27.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–34 (2009)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Saarinen, M.-J.O.: Ring-LWE ciphertext compression and error correction: tools for lightweight post-quantum cryptography. In: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS 2017, pp. 15–22. ACM, April 2017.
  29. 29.
    Saarinen, M.-J.O.: HILA5: on reliability, reconciliation, and error correction for Ring-LWE encryption. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 192–212. Springer, Cham (2018). Scholar
  30. 30.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings of the FOCS 1994, pp. 124–134. IEEE (1994). arXiv

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Markku-Juhani O. Saarinen
    • 1
    Email author
  • Sauvik Bhattacharya
    • 2
  • Oscar Garcia-Morchon
    • 2
  • Ronald Rietman
    • 2
  • Ludo Tolhuizen
    • 2
  • Zhenfei Zhang
    • 3
  1. 1.PQShield Ltd.OxfordUK
  2. 2.PhilipsEindhovenThe Netherlands
  3. 3.OnBoard SecurityWilmingtonUSA

Personalised recommendations