Investigation of the expediency of using AVX512 for the implementation of modern algorithms for electronic signatures

Development and investigation of electronic signatures on algebraic lattices is one of the promising directions in post-quantum cryptography. Cryptosystems CRYSTALS-Dilithium and Falcon represent lattice cryptography in the category of electronic signatures in the NIST PQC open competition among the finalists. Most operations in these cryptosystems are reduced to addition and multiplication of polynomials in a finite field with a generating cyclotomic polynomial xN + 1. Using such a field allows the use of a number-theoretic transformation (NTT) to create fast and reliable software implementations. In practice, vectorized set (SIMD) instructions are used to achieve good performance. AVX2 instructions are most often used among existing implementations. At the same time, the possibility of using AVX512 instructions remains little explored. The purpose of this work is to investigate the feasibility of applying AVX512 instructions to optimization of the NTT, used in modern EPs on algebraic lattices. In particular, the paper presents a method for implementing a number-theoretic transformation using AVX512 for CRYSTALS-Dilithium and Falcon. An increase in performance is shown in comparison with the reference optimized author's implementations.

The Ring-LWE Problem in Lattice-Based Cryptography: The Case of Twisted Embeddings

Several works have characterized weak instances of the Ring-LWE problem by exploring vulnerabilities arising from the use of algebraic structures. Although these weak instances are not addressed by worst-case hardness theorems, enabling other ring instantiations enlarges the scope of possible applications and favors the diversification of security assumptions. In this work, we extend the Ring-LWE problem in lattice-based cryptography to include algebraic lattices, realized through twisted embeddings. We define the class of problems Twisted Ring-LWE, which replaces the canonical embedding by an extended form. By doing so, we allow the Ring-LWE problem to be used over maximal real subfields of cyclotomic number fields. We prove that Twisted Ring-LWE is secure by providing a security reduction from Ring-LWE to Twisted Ring-LWE in both search and decision forms. It is also shown that the twist factor does not affect the asymptotic approximation factors in the worst-case to average-case reductions. Thus, Twisted Ring-LWE maintains the consolidated hardness guarantee of Ring-LWE and increases the existing scope of algebraic lattices that can be considered for cryptographic applications. Additionally, we expand on the results of Ducas and Durmus (Public-Key Cryptography, 2012) on spherical Gaussian distributions to the proposed class of lattices under certain restrictions. As a result, sampling from a spherical Gaussian distribution can be done directly in the respective number field while maintaining its format and standard deviation when seen in Zn via twisted embeddings.

Research of expediency of application of AVX512 for modern digital signature schemes implementations

The third stage of the NIST PQC competition is currently underway, which aims to create new post-quantum standards in cryptography. The vast majority of finalists are representatives of lattice-based cryptography. Electronic signatures include the CRYSTALS-Dilithium schemes. This paper investigates the feasibility of using AVX512 to optimize software implementations of NIST PQC finalists among electronic signatures on algebraic lattices. Since the most expensive operation in such schemes is the multiplication of polynomials, the main attention is paid to the optimization of this operation. In particular, the method of realization of theoretical and numerical transformation using AVX512 for electronic signature schemes CRYSTALS-Dilithium is presented in the work. The increase in speed is shown in comparison with the reference optimized author 's implementations.

State of development, research and standardization of cryptographic transformations such as asymmetric encryption and post-quantum key encapsulation protocol

The paper presents the state of development of cryptocurrencies such as ACS and PIC at the international and national levels. The state of standardization of cryptocurrencies of ASS and PIK at the international competition NIST of the USA, the requirements put forward to candidates on 2 and 3 rounds of competition are considered. The state of standardization of crypto transformations of this type at the national level in Ukraine is considered, and a brief description of the national standard ASSH DSTU 8961: 2019, based on algebraic lattices, is given. The methodology and results of achieving the national standard DSTU 8961:2019 against attacks by third-party channels in terms of the dependence of the time of direct and reverse transformation (encapsulation and decapsulation of the key) on the number of units in the private key.

Basic principles and results of comparison of electronic signatures properties of the postquantum period based on algebraic lattices

The paper considers post-quantum projects of the Falcon and Dilithium electronic signature standards (ES), which are finalists of the NIST USA competition. The mathematical apparatus of algebraic lattices and appropriate methods are used in their construction. In further study and comparison of these post-quantum ES draft standards, both from a theoretical and practical standpoint, it is fundamental to substantiate the requirements for parameters and keys and in general to calculate the main indicators according to the accepted conditional and unconditional criteria. In such studies, it is important to determine the sufficiency of ensuring the guarantee of their security against classical, quantum, special and error-based attacks. This can be ensured, inter alia, through a reasonable choice of the sizes of common parameters and keys, and their practical construction in accordance with the adopted security model. However, when choosing the sizes of common parameters and keys, a significant contradiction arises between the properties of the draft of the Falcon and Dilithium ES standards, So increasing the size of the general parameters and keys leads to an increase in the complexity of transformations, and vice versa. The purpose of this article consists in analysis of problematic issues of choosing the size of parameter and keys for post-quantum ES projects based on mathematical methods of Falcon and Dilithium, and features of their implementation, including implementation according to the adopted security model. Comparative analysis of the stability and complexity of the Falcon and Dilithium ES draft standards depending on the size of the parameters and keys, including for 6 and 7 security levels. Development of proposals for decisions on the adoption of national post-quantum ES standards based on the mathematical methods Falcon and Dilithium. Determining the influence of unconditional, conditional and pragmatic criteria on the advantages when deciding on the ES standardization based on Falcon and Dilithium mathematical methods, including taking into account the availability of patents and the need to obtain licenses, etc.

Research and analysis of implementations of the NIST PQC competition second round candidates focused on the Xilinx FPGA family

Today, the question of the stability of modern existing cryptographic mechanisms to quantum algorithms of cryptanalysis in particular and quantum computers in general is quite acute. This issue is actively discussed at the international level. Therefore, to solve it, NIST USA has decided to organize and is currently holding a competition for candidates for post-quantum cryptographic algorithms NIST PQC. The result of the competition should be the adoption of various types of cryptographic algorithms for standardization, namely, asymmetric encryption, key encapsulation and electronic signature (at least one algorithm of each type). 82 algorithms were submitted by the start of the competition for the standardization process. Based on the minimum eligibility criteria defined by NIST, 69 algorithms were considered for the 1st round. Given several parameters, namely, security, cost, performance, implementation characteristics, etc., 43 and 11 algorithms were excluded at the end of the 1st and 2nd rounds, respectively, and the other 15 algorithms were left for participation in the 3rd round. The algorithms left in the 2nd round can be divided into 5 different categories depending on their mathematical basis: those based on the isogeny of elliptic curves, those based on algebraic lattices, those based on mathematical code, those based on multivariate transformations and those based on hash functions. Security is the main evaluation criterion that determines competition in the NIST competition, and it is clear that candidates' software implementations are focused mainly on it. However, it is extremely important that the algorithm has an effective hardware implementation. Timely identification of hardware inefficiencies will help focus the cryptographic community efforts on more promising candidates, potentially saving a large amount of time that can be spent on cryptanalysis. This paper discusses and compares the FPGAs of Xilinx family. Data on the implementation of the candidates of the 2nd round in the process of standardization of post-quantum cryptography NIST, which are focused on the FPGA of the Xilinx family, are presented and compared.

Generation of general system parameters for Rainbow electronic signature scheme for 384 and 512 security bits

Today, there is rapid progress in the creation of quantum computers to solve various computational problems and for different purposes. At the same time, special efforts are made to create such a quantum computer that can solve the problems of cryptanalysis of existing cryptosystems: asymmetric ciphers, key encapsulation protocols, electronic signatures, etc. Prevention of such threats can be achieved by developing cryptographic systems that will be protected against both quantum and classical attacks, and be able to interact with existing protocols and communication networks. There is also a significant need for protection against attacks by side channels. Currently, significant efforts of cryptologists are focused on the NIST PQC open competition. The main idea of the NIST PQC competition is to define mathematical methods based on which standards for asymmetric cryptotransformations, primarily electronic signatures, as well as asymmetric ciphers and key encapsulation protocols can be developed. Three electronic signature schemes – Crystals-Dilithium, Falcon and Rainbow become the finalists of the third stage of the NIST PQC competition according to the results of the second stage. The first two are based on the mathematics of algebraic lattices, and Rainbow is based on multivariate transformations. Currently, a comprehensive analysis of the finalists is an important task for the entire global crypto community. The vast majority of schemes that have become finalists or alternative algorithms are based on problems in the theory of algebraic lattices. Special attention was also paid to the Rainbow electronic signature scheme based on multivariate transformations. The purpose of this work consists in a preliminary analysis of existing attacks on promising electronic signature Rainbow, definition of requirements to the system-wide parameters to ensure cryptographic stability of at least 512 bits against classical and 256 bits against quantum cryptanalysis, as well as development and practical implementation of Rainbow algorithms for generating system-wide parameters for 512 bits against classical and 256 bits against quantum cryptanalysis.

Analysis and research of digital signature algorithm Picnic

An important feature of the post-quantum period in cryptography is the significant uncertainty regarding the source data for cryptanalysis and counteraction in terms of the capabilities of quantum computers, their mathematical and software, as well as the application of quantum cryptanalysis to existing cryptotransformations and cryptoprotocols. Mathematical methods of digital signature (DS) have been chosen as the main methods of NIST USA, which have undergone significant analysis and substantiation in the process of extensive research by cryptographers and mathematicians at the highest level. They are described in detail and studied at the first stage of the US NIST International Competition. In the second round, a number of decisions were made to merge some candidates for the post-quantum DS standard. 9 candidates were left for further research at the 2nd round: Crystals-Dilithium, Falcon, GeMSS, LUOV, MQDSS, Picnic, qTESLA, Rainbow and SPHINCS+. Three of them (Dilithium, Falcon, qTeSLA) are based on the stability of algebraic lattices (Lattice-based), four (GeMSS, LUOV, MQDSS, Rainbow) are based on multivariate transformations (MQ-transformations), one (SPHINCS+) is based on the stability of hash-function, one (Picnic) is based on the stability of the hash-function and block stream ciphers. During the 2nd round of the US NIST Competition the following finalist algorithms and alternative algorithms were selected as digital signatures according to the results of research on promising post-quantum cryptographic algorithms. As finalists algorithms such DS algorithms as Crystals-Dilithium, Falcon and Rainbow. Alternative algorithms are GeMSS, Picnic and SPHINCS+ were selected. This paper studies the peculiarities of construction of the digital signature algorithm considered as a candidate for the promising post-quantum standard of the NIST PQC competition – Picnic, also it analyzes the protection of the algorithm from known attacks. Data from the comparison of post-quantum algorithms such as digital signature are given. The description of the Picnic algorithm and its parameters are given.