Speeding up R-LWE Post-quantum Key Exchange

  • Shay GueronEmail author
  • Fabian Schlieker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10014)


Post-quantum cryptography has attracted increased attention in the last couple of years, due to the threat of quantum computers breaking current cryptosystems. In particular, the key size and performance of post-quantum algorithms became a significant target for optimization. In this spirit, Alkim et al. have recently proposed a significant optimization for a key exchange scheme that is based on the R-LWE problem. In this paper, we build on the implementation of Alkim et al., and focus on improving the algorithm for generating a uniformly random polynomial. We optimize three independent directions: efficient pseudorandom bytes generation, decreasing the rejection rate during sampling, and vectorizing the sampling step. When measured on the latest Intel processor Architecture Codename Skylake, our new optimizations improve over Alkim et al. by up to \(1.59\times \) on the server side, and by up to \(1.54\times \) on the client side.


Post-quantum key exchange Ring-LWE Software optimization AVX2 AVX512 AES-NI 



This research was supported by the PQCRYPTO project, which was partially funded by the European Commission Horizon 2020 research Programme, grant #645622, and by the ISRAEL SCIENCE FOUNDATION (grant No. 1018/16).

Supplementary material


  1. 1.
    IBM’s stunning breakthrough: quantum computing finally ‘within reach’, February 2012.
  2. 2.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange-a new hope. IACR Cryptology ePrint Archive 2015/1092 (2015).
  3. 3.
    Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society, May 2015Google Scholar
  4. 4.
    Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology ePrint Archive 2012/688 (2012).
  5. 5.
    Galbraith, S.D.: Space-efficient variants of cryptosystems based on learning with errors (2013).
  6. 6.
    Gueron, S.: Intel \(\textregistered \) Advanced Encryption Standard (AES) new instructions set, September 2012.
  7. 7.
    Gueron, S.: Intel’s new AES instructions for enhanced performance and security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Gueron, S., Krasnov, V.: Simultaneous hashing of multiple messages. J. Inf. Secur. 3(4), 319–325 (2012)CrossRefGoogle Scholar
  9. 9.
    Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Cryptograph. Eng. 5(2), 141–151 (2015)CrossRefGoogle Scholar
  10. 10.
    Gueron, S., Krasnov, V.: Improved P256 ECC performance by means of a dedicated function for modular inversion modulo the P256 group order, April 2015.
  11. 11.
    Intel corporation: Intel \(\textregistered \) 64 and IA-32 architectures software developer’s manual, September 2015.
  12. 12.
    Intel corporation: intel \({\textregistered }\) architecture instruction set extensions programming reference, August 2015.
  13. 13.
    Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Heidelberg (2014)Google Scholar
  14. 14.
    National institute of standards, technology: FIPS PUB 202-SHA-3 standard: permutation-based hash and extendable-output functions (2015).

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of MathematicsUniversity of HaifaHaifaIsrael
  2. 2.Intel Corporation, Israel Deveopment CenterHaifaIsrael
  3. 3.Horst Görtz Institute for IT-SecurityRuhr University BochumBochumGermany

Personalised recommendations