High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers

Conference paper

DOI: 10.1007/978-3-319-22174-8_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)
Cite this paper as:
Pöppelmann T., Oder T., Güneysu T. (2015) High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers. In: Lauter K., Rodríguez-Henríquez F. (eds) Progress in Cryptology -- LATINCRYPT 2015. LATINCRYPT 2015. Lecture Notes in Computer Science, vol 9230. Springer, Cham


Over the last years lattice-based cryptography has received much attention due to versatile average-case problems like Ring-LWE or Ring-SIS that appear to be intractable by quantum computers. But despite of promising constructions, only few results have been published on implementation issues on very constrained platforms. In this work we therefore study and compare implementations of Ring-LWE encryption and the Bimodal Lattice Signature Scheme (BLISS) on an 8-bit Atmel ATxmega128 microcontroller. Since the number theoretic transform (NTT) is one of the core components in implementations of lattice-based cryptosystems, we review the application of the NTT in previous implementations and present an improved approach that significantly lowers the runtime for polynomial multiplication. Our implementation of Ring-LWE encryption takes 27 ms for encryption and 6.7 ms for decryption. To compute a BLISS signature, our software takes 329 ms and 88 ms for verification. These results outperform implementations on similar platforms and underline the feasibility of lattice-based cryptography on constrained devices.


Ideal lattices NTT RLWE BLISS ATxmega 

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumBochumGermany

Personalised recommendations