Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors

  • Hwajeong Seo
  • Zhe Liu
  • Taehwan Park
  • Hyeokchan Kwon
  • Sokjoon Lee
  • Howon Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10779)


Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats. Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability. For this reason, they failed to provide secure implementations against general side channel attacks, such as timing attack. In this paper, we present secure and fastest Ring-LWE encryption implementation on low-end 8-bit AVR processors. We targeted the most expensive operation, i.e. Number Theoretic Transform (NTT) based polynomial multiplication, to provide countermeasures against timing attacks and best performance among similar implementations till now. Our contributions for optimizations are concluded as follows: (1) we propose the Look-Up Table (LUT) based fast reduction techniques for speeding up the modular coefficient multiplication in regular fashion, (2) we use the modular addition and subtraction operations, which are performed in constant timing. With these optimization techniques, the proposed NTT implementation enhances the performance by 18.3–22% than previous works. Finally, our Ring-LWE encryption implementations require only 680,796 and 1,754,064 clock cycles for 128-bit and 256-bit security levels, respectively.


Ring learning with errors Software implementation Public key encryption 8-bit AVR Number theoretic transform Discrete gaussian sampling Timing attack 


  1. 1.
    Sarmadi, S.B., Boorghany, A., Jalili, R.: On constrained implementation of lattice-based cryptographic primitives and schemes on smart cards. Cryptology ePrint Archive, Report 2014/514 (2014).
  2. 2.
    Boorghany, A., Jalili, R.: Implementation and comparison of lattice-based identification protocols on smart cards and microcontrollers. Cryptology ePrint Archive, Report 2014/078 (2014)Google Scholar
  3. 3.
    De Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of Ring-LWE encryption. In: 18th Design, Automation & Test in Europe Conference & Exhibition, DATE 2015 (2015)Google Scholar
  4. 4.
    Liu, Z., Azarderakhsh, R., Kim, H., Seo, H.: Efficient software implementation of Ring-LWE encryption on IoT processors. IEEE Trans. Comput. (2017)Google Scholar
  5. 5.
    Liu, Z., Huang, X., Hu, Z., Khan, M.K., Seo, H., Zhou, L.: On emerging family of elliptic curves to secure internet of things: ECC comes of age. IEEE Trans. Dependable Secure Comput. 14(3), 237–248 (2017)Google Scholar
  6. 6.
    Liu, Z., Longa, P., Pereira, G., Reparaz, O., Seo, H.: FourQ on embedded devices with strong countermeasures against side-channel attacks. Technical report, Cryptology ePrint Archive, Report 2017/434 (2017). 28, 29Google Scholar
  7. 7.
    Liu, Z., Pöppelmann, T., Oder, T., Seo, H., Roy, S.S., Güneysu, T., Großschädl, J., Kim, H., Verbauwhede, I.: High-performance ideal lattice-based cryptography on 8-bit AVR microcontrollers. ACM Trans. Embed. Comput. Syst. (TECS) 16(4), 117 (2017)Google Scholar
  8. 8.
    Liu, Z., Seo, H., Großschädl, J., Kim, H.: Efficient implementation of NIST-compliant elliptic curve cryptography for sensor nodes. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 302–317. Springer, Cham (2013). CrossRefGoogle Scholar
  9. 9.
    Liu, Z., Seo, H., Großschädl, J., Kim, H.: Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes. IEEE Trans. Inf. Forensics Secur. 11(7), 1385–1397 (2016)CrossRefGoogle Scholar
  10. 10.
    Liu, Z., Seo, H., Hu, Z., Hunag, X., Großschädl, J.: Efficient implementation of ECDH key exchange for MSP430-based wireless sensor networks. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 145–153. ACM (2015)Google Scholar
  11. 11.
    Liu, Z., Seo, H., Roy, S.S., Großschädl, J., Kim, H., Verbauwhede, I.: Efficient Ring-LWE encryption on 8-Bit AVR processors. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 663–682. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  12. 12.
    Liu, Z., Seo, H., Xu, Q.: Performance evaluation of twisted edwards-form elliptic curve cryptography for wireless sensor nodes. Secur. Commun. Netw. 8(18), 3301–3310 (2015)CrossRefGoogle Scholar
  13. 13.
    Liu, Z., Weng, J., Hu, Z., Seo, H.: Efficient elliptic curve cryptography for embedded devices. ACM Trans. Embed. Comput. Syst. (TECS) 16(2), 53 (2016)Google Scholar
  14. 14.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. Cryptology ePrint Archive, Report 2012/230 (2012)Google Scholar
  15. 15.
    Oder, T., Pöppelmann, T., Güneysu, T.: Beyond ECDSA and RSA: lattice-based digital signatures on constrained devices. In: 51st Annual Design Automation Conference, DAC 2014 (2014)Google Scholar
  16. 16.
    Pöppelmann, T., Oder, T., Güneysu, T.: High-performance ideal lattice-based cryptography on 8-Bit ATxmega microcontrollers. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 346–365. Springer, Cham (2015). CrossRefGoogle Scholar
  17. 17.
    Qiu, L., Liu, Z., Pereira, G.C., Seo, H.: Implementing RSA for sensor nodes in smart cities. Pers. Ubiquit. Comput. 21(5), 807–813 (2017)CrossRefGoogle Scholar
  18. 18.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th Annual ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar
  19. 19.
    Roy, S.S., Reparaz, O., Vercauteren, F., Verbauwhede, I.: Compact and side channel secure discrete Gaussian sampling (2014)Google Scholar
  20. 20.
    Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact Ring-LWE cryptoprocessor. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 371–391. Springer, Heidelberg (2014). Google Scholar
  21. 21.
    Seo, H.: Faster (feat. ECC PMULL) over F2571. In: A Systems Approach to Cyber Security: Proceedings of the 2nd Singapore Cyber-Security R&D Conference (SG-CRC 2017), vol. 15, p. 97. IOS Press (2017)Google Scholar
  22. 22.
    Seo, H., Kim, H.: MoTE-ECC based encryption on MSP430. J. Inf. Commun. Converg. Eng. 15(3), 160–164 (2017)MathSciNetGoogle Scholar
  23. 23.
    Seo, H., Liu, Z., Großschädl, J., Kim, H.: Efficient arithmetic on ARM-NEON and its application for high-speed RSA implementation. Secur. Commun. Netw. 9(18), 5401–5411 (2016)CrossRefGoogle Scholar
  24. 24.
    Seo, H., Liu, Z., Nogami, Y., Park, T., Choi, J., Zhou, L., Kim, H.: Faster ECC over \(\mathbb{F}_{2^{521}-1}\) (feat. NEON). In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 169–181. Springer, Cham (2016). CrossRefGoogle Scholar
  25. 25.
    Shor, P.: Algorithms for quantum computation: discrete logarithms and factoring. In: 1994 Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pp. 124–134, November 1994Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Hwajeong Seo
    • 1
  • Zhe Liu
    • 2
  • Taehwan Park
    • 3
  • Hyeokchan Kwon
    • 4
  • Sokjoon Lee
    • 4
  • Howon Kim
    • 3
  1. 1.Department of ITHansung UniversitySeoulRepublic of Korea
  2. 2.APSIA, Interdisciplinary Centre for Security, Reliability and Trust (SnT)University of LuxembourgLuxembourg CityLuxembourg
  3. 3.School of Computer Science and EngineeringPusan National UniversityBusanRepublic of Korea
  4. 4.System Security Research GroupElectronics and Telecommunciations Research InstituteDaejeonKorea

Personalised recommendations