A Survey of Polynomial Multiplications for Lattice-Based Cryptosystems
Authors
Vincent Hwang
Vincent Hwang
Max Planck Institute for Security and Privacy, Bochum, Germany
vincentvbh7 at gmail dot com
vincentvbh7 at gmail dot com
Keywords:
Lattice-based cryptography
Polynomial multiplication
Modular arithmetic
Homomorphism
Vectorization
Abstract
We survey various mathematical tools used in software works multiplying polynomials in \[ \frac{\mathbb{Z}_q[x]}{\left\langle {x^n - \alpha x - \beta} \right\rangle}. \] In particular, we survey implementation works targeting polynomial multiplications in lattice-based cryptosystems Dilithium, Kyber, NTRU, NTRU Prime, and Saber with instruction set architectures/extensions Armv7-M, Armv7E-M, Armv8-A, and AVX2.
There are three emphases in this paper: (i) modular arithmetic, (ii) homomorphisms, and (iii) vectorization. For modular arithmetic, we survey Montgomery, Barrett, and Plantard multiplications. For homomorphisms, we survey (a) various homomorphisms such as Cooley–Tukey FFT, Good–Thomas FFT, Bruun's FFT, Rader's FFT, Karatsuba, and Toom–Cook; (b) various algebraic techniques for adjoining nice properties to the coefficient rings, including localization, Schönhage's FFT, Nussbaumer's FFT, and coefficient ring switching; and (c) various algebraic techniques related to the polynomial moduli, including twisting, composed multiplication, evaluation at $\infty$, truncation, incomplete transformation, striding, and Toeplitz matrix-vector product. For vectorization, we survey the relations between homomorphisms and vector arithmetic.
We then go through several case studies: We compare the implementations of modular multiplications used in Dilithium and Kyber, explain how the matrix-to-vector structure was exploited in Saber, and review the design choices of transformations for NTRU and NTRU Prime with vectorization. Finally, we outline several interesting implementation projects.
References
[AB74]
Ramesh C. Agarwal and Charles S. Burrus. Fast convolution using Fermat number transforms with applications to digital filtering. IEEE Transactions on Acoustics, Speech, and Signal Processing, 22(2):87–97, 1974.
[ABCG20]
Erdem Alkim, Yusuf Alper Bilgin, Murat Cenk, and François Gérard. Cortex-M4 optimizations for {R, M} LWE schemes. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(3):336–357, 2020.
[ABD+20a]
Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. CRYSTALS–Dilithium. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[ABD+20b]
Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. CRYSTALS–Kyber. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[ACC+21]
Erdem Alkim, Dean Yun-Li Cheng, Chi-Ming Marvin Chung, Hülya Evkan, Leo Wei-Lun Huang, Vincent Hwang, Ching-Lin Trista Li, Ruben Niederhagen, Cheng-Jhih Shih, Julian Wälde, and Bo-Yin Yang. Polynomial Multiplication in NTRU Prime Comparison of Optimization Strategies on Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1):217–238, 2021.
[ACC+22]
Amin Abdulrahman, Jiun-Peng Chen, Yu-Jia Chen, Vincent Hwang, Matthias J. Kannwischer, and Bo-Yin Yang. Multi-moduli NTTs for Saber on Cortex-M3 and Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(1):127-151, 2022.
[AHKS22]
Amin Abdulrahman, Vincent Hwang, Matthias J. Kannwischer, and Dann Sprenkels. Faster Kyber and Dilithium on the Cortex-M4. In Applied Cryptography and Network Security: 20th International Conference, ACNS 2022, Rome, Italy, June 20–23, 2022, Proceedings, pages 853–871. 2022.
[AHY22]
Erdem Alkim, Vincent Hwang, and Bo-Yin Yang. Multi-Parameter Support with NTTs for NTRU and NTRU Prime on Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4):349–371, 2022.
[AMOT22]
Daichi Aoki, Kazuhiko Minematsu, Toshihiko Okamura, and Tsuyoshi Takagi. Efficient Word Size Modular Multiplication over Signed Integers. In 2022 IEEE 29th Symposium on Computer Arithmetic (ARITH), pages 94–101. 2022. IEEE.
[ARM10]
ARM. Cortex-M3 Technical Reference Manual. , 2010.
[ARM12]
ARM. ARM Architecture Reference Manual. , 2012.
[ARM21a]
[ARM21b]
ARM. Armv7-M Architecture Refernce Manual. , 2021.
[ARM23]
ARM. Armv8-M Architecture Reference Manual. , 2023.
[Bar86]
Paul Barrett. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In CRYPTO 1986, pages 311–323. 1986. SV.
[BBC+20]
Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, and Bo-Yin Yang. NTRU Prime. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[BBC+23]
Joppe W. Bos, Olivier Bronchain, Frank Custers, Joost Renes, Denise Verbakel, and Christine van Vredendaal. Enabling FrodoKEM on Embedded Devices. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(3):74–96, 2023.
[BBCT22]
Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, and Nicola Tuveri. OpenSSLNTRU: Faster post-quantum TLS key exchange. In 31st USENIX Security Symposium (USENIX Security 22), pages 845–862. 2022.
[BC87]
J. V. Brawley and L. Carlitz. Irreducibles and the composed product for polynomials over a finite field. Discrete Mathematics, 65(2):115–139, 1987.
[BCS13]
Daniel J. Bernstein, Tung Chou, and Peter Schwabe. McBits: Fast Constant-Time Code-Based Cryptography. In Cryptographic Hardware and Embedded Systems-CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings 15, pages 250–272. 2013. Springer.
[Ber01]
Daniel J. Bernstein. Multidigit multiplication for mathematicians. 2001.
[Ber05]
Daniel J. Bernstein. Cache-timing attacks on AES. 2005.
[Ber07]
Daniel J. Bernstein. The tangent FFT. In Applied Algebra, Algebraic Algorithms and Error-Correcting Codes: 17th International Symposium, AAECC-17, pages 291–300. 2007.
[Ber08]
Daniel J. Bernstein. Fast multiplication and its applications. Algorithmic number theory, 44:325–384, 2008.
[Ber23]
Daniel J. Bernstein. Fast norm computation in smooth-degree Abelian number fields. Research in Number Theory, 9(4):82, 2023.
[BGM93]
Ian F. Blake, Shuhong Gao, and Ronald C. Mullin. Explicit Factorization of $x^{2^k} + 1$ over $\mathbb{F}_p$ with Prime $p \equiv 3 \bmod 4$. Applicable Algebra in Engineering, Communication and Computing, 4(2):89–94, 1993.
[BHK+22a]
Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Lorenz Panny, and Bo-Yin Yang. Efficient Multiplication of Somewhat Small Integers using Number–Theoretic Transforms. In International Workshop on Security, pages 3–23. 2022. Springer.
[BHK+22b]
Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang, and Shang-Yi Yang. Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(1):221–244, 2022.
[BKS19]
Leon Botros, Matthias J. Kannwischer, and Peter Schwabe. Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4. In Progress in Cryptology - AFRICACRYPT 2019, volume 11627 of Lecture Notes in Computer Science, pages 209–228. 2019. Springer.
[BMGVdO15]
F.E. Brochero Martínez, C. R. Giraldo Vergaraand, and L. Batista de Oliveira. Explicit factorization of $x^n-1 \in \mathbb{F}_q[x]$. Designs, Codes and Cryptography, 77:277–286, 2015.
[BMK+22]
Hanno Becker, Jose Maria Bermudo Mera, Angshuman Karmakar, Joseph Yiu, and Ingrid Verbauwhedeg. Polynomial multiplication on embedded vector architectures. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(1):482-505, 2022.
[Bou89]
Nicolas Bourbaki. Algebra I. Springer 1989.
[Bra84]
Ronald N. Bracewell. The Fast Hartley Transform. Proceedings of the IEEE, 72(8):1010–1018, 1984.
[Bru78]
Georg Bruun. z-transform DFT Filters and FFT's. IEEE Transactions on Acoustics, Speech, and Signal Processing, 26(1):56–63, 1978.
[CCHY24]
Han-Ting Chen, Yi-Hua Chung, Vincent Hwang, and Bo-Yin Yang. Algorithmic Views of Vectorized Polynomial Multipliers – NTRU. In Anupam Chattopadhyay, Shivam Bhasin, Stjepan Picek, and Chester Rebeiro, editors, Progress in Cryptology – INDOCRYPT 2023, pages 177–196. 2024. Springer Nature Switzerland.
[CDH+20]
Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hulsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, Zhenfei Zhang, Tsunekazu Saito, Takashi Yamakawa, and Keita Xagawa. NTRU. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[CF94]
Richard Crandall and Barry Fagin. Discrete Weighted Transforms and Large-integer Arithmetic. Mathematics of computation, 62(205):305–324, 1994.
[CHK+21]
Chi-Ming Marvin Chung, Vincent Hwang, Matthias J. Kannwischer, Gregor Seiler, Cheng-Jhih Shih, and Bo-Yin Yang. NTT Multiplication for NTT-unfriendly Rings New Speed Records for Saber and NTRU on Cortex-M4 and AVX2. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(2):159–188, 2021.
[CK91]
David G. Cantor and Erich Kaltofen. On Fast Multiplication of Polynomials over Arbitrary Algebras. Acta Informatica, 28(7):693–701, 1991.
[CT65]
James W. Cooley and John W. Tukey. An Algorithm for the Machine Calculation of Complex Fourier Series. Mathematics of Computation, 19(90):297–301, 1965.
[DH84]
Pierre Duhamel and Henk Hollmann. `Split Radix’ FFT Algorithm. Electronics letters, 20(1):14–16, 1984.
[Dhe03]
Jean-François Dhem. Efficient Modular Reduction Algorithm in $\mathbb{F}_q[x]$ and Its Application to “Left to Right” Modular Multiplication in $\mathbb{F}_2[x]$. In Cryptographic Hardware and Embedded Systems-CHES 2003: 5th International Workshop, Cologne, Germany, September 8–10, 2003. Proceedings 5, pages 203–213. 2003. Springer.
[DKRV20]
Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, and Frederik Vercauteren. SABER. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[DP16]
Léo Ducas and Thomas Prest. Fast Fourier Orthogonalization. In Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation, pages 191–198. 2016.
[DV78a]
Eric Dubois and Anastasios N. Venetsanopoulos. A New Algorithm for the Radix-3 FFT. IEEE Transactions on Acoustics, Speech, and Signal Processing, 26(3):222–225, 1978.
[DV78b]
Eric Dubois and Anastasios N. Venetsanopoulos. The discrete Fourier transform over finite rings with application to fast convolution. IEEE Computer Architecture Letters, 27(07):586–593, 1978.
[DV90]
Pierre Duhamel and Martin Vetterli. Fast Fourier transforms: a tutorial review and a state of the art. Signal processing, 19(4):259–299, 1990.
[FD05]
Haining Fan and Yiqi Dai. Fast Bit-Parallel $GF(2^n)$ Multiplier for All Trinomials. IEEE Transactions on Computers, 54(4):485-490, 2005.
[FH07]
Haining Fan and M. Anwar Hasan. A New Approach to Subquadratic Space Complexity Parallel Multipliers for Extended Binary Fields. IEEE Transactions on Computers, 56(2):224-233, 2007.
[Fid73]
Charles M. Fiduccia. On the Algebraic Complexity of Matrix Multiplication. PhD thesis, Brown University, 1973.
[Flo72]
Robert W Floyd. Permuting Information in Idealized Two-Level Storage. In Complexity of Computer Computations: Proceedings of a symposium on the Complexity of Computer Computations, held March 20–22, 1972, at the IBM Thomas J. Watson Research Center, Yorktown Heights, New York, and sponsored by the Office of Naval Research, Mathematics Program, IBM World Trade Corporation, and the IBM Research Mathematical Sciences Department, pages 105–109. 1972. Springer.
[FSS20]
Tim Fritzmann, Georg Sigl, and Johanna Sepúlveda. RISQ-V: Tightly Coupled RISC-V Accelerators for Post-Quantum Cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(4):239–280, 2020.
[F{\"u}r09]
Martin Fürer. Faster Integer Multiplication. SIAM Journal on Computing, 39(3):979–1005, 2009.
[GKP94]
Ronald L. Graham, Donald E. Knuth, and Oren Patashnik. Concrete Mathematics: a Foundation for Computer Science. Addison-Wesley, second edition. 1994.
[GKS21]
Denisa O. C. Greconici, Matthias J. Kannwischer, and Daan Sprenkels. Compact Dilithium Implementations on Cortex-M3 and Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1):1–24, 2021.
[Goo58]
I. J. Good. The Interaction Algorithm and Practical Fourier Analysis. Journal of the Royal Statistical Society: Series B (Methodological), 20(2):361–372, 1958.
[Goo71]
I. J. Good. The relationship between two fast Fourier transforms. IEEE Transactions on Computers, 100(3):310–317, 1971.
[GOPT10]
Johann Großschädl, Elisabeth Oswald, Dan Page, and Michael Tunstall. Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications. In Information, Security and Cryptology–ICISC 2009: 12th International Conference, Seoul, Korea, December 2-4, 2009, Revised Selected Papers 12, pages 176–192. 2010. Springer.
[GS66]
W. M. Gentleman and G. Sande. Fast Fourier Transforms: For Fun and Profit. In Proceedings of the November 7-10, 1966, Fall Joint Computer Conference, pages 563-578. 1966. Association for Computing Machinery.
[Har42]
Ralph VL Hartley. A More Symmetrical Fourier Analysis Applied to Transmission Problems. Proceedings of the IRE, 30(3):144–150, 1942.
[Has22]
Chenar Abdulla Hassan. Radix-3 NTT-Based Polynomial Multiplication for Lattice-Based Cryptography. Master's thesis, Middle East Technical University, 2022.
[HB95]
M.A. Hasan and V.K. Bhargava. Architecture for a low complexity rate-adaptive Reed-Solomon encoder. IEEE Transactions on Computers, 44(7):938-942, 1995.
[HKS23]
Vincent Hwang, YoungBeom Kim, and Seog Chung Seo. Barrett Multiplication for Dilithium on Embedded Devices. Cryptology ePrint Archive, Paper 2023/1955. 2023.
[HLY24]
Vincent Hwang, Chi-Ting Liu, and Bo-Yin Yang. Algorithmic Views of Vectorized Polynomial Multipliers – NTRU Prime. In International Conference on Applied Cryptography and Network Security, pages 24–46. 2024. Springer.
[HMCS77]
David B. Harris, James H. McClellan, David S. K. Chan, and Hans W. Schuessler. Vector Radix Fast Fourier Transform. In ICASSP'77. IEEE International Conference on Acoustics, Speech, and Signal Processing, volume 2, pages 548–551. 1977.
[HQZ04]
Guillaume Hanrot, Michel Quercia, and Paul Zimmermann. The Middle Product Algorithm I. Applicable Algebra in Engineering, Communication and Computing, 14(6):415–438, 2004.
[HVDH22]
David Harvey and Joris Van Der Hoeven. Polynomial Multiplication over Finite Fields in time $O (n log n)$. Journal of the ACM, 69(2):1–40, 2022.
[Hwa22]
Vincent Hwang. Case Studies on Implementing Number–Theoretic Transforms with Armv7-M, Armv7E-M, and Armv8-A. Master's thesis, National Taiwan University, 2022.
[Hwa24]
Vincent Hwang. Pushing the Limit of Vectorized Polynomial Multiplication for NTRU Prime. To appear at ACISP 2024, currently available at https://eprint.iacr.org/2023/604. 2024.
[HZZ+22]
Junhao Huang, Jipeng Zhang, Haosong Zhao, Zhe Liu, Ray CC Cheung, Çetin Kaya Koç, and Donglong Chen. Improved Plantard Arithmetic for Lattice-based Cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4):614–636, 2022.
[HZZ+24]
Junhao Huang, Haosong Zhao, Jipeng Zhang, Wangchen Dai, Lu Zhou, Ray CC Cheung, Cetin Kaya Koc, and Donglong Chen. Yet another Improvement of Plantard Arithmetic for Faster Kyber on Low-end 32-bit IoT Devices. IEEE Transactions on Information Forensics and Security, 2024.
[IKPC20]
Írem Keskinkurt Paksoy and Murat Cenk. TMVP-based Multiplication for Polynomial Quotient Rings and Application to Saber on ARM Cortex-M4. Cryptology ePrint Archive, Paper 2020/1302. 2020.
[IKPC22]
Írem Keskinkurt Paksoy and Murat Cenk. Faster NTRU on ARM Cortex-M4 with TMVP-based multiplication. IEEE Transactions on Circuits and Systems I: Regular Papers, 69(10):4083–4092, 2022.
[Int23]
[Jac12a]
Nathan Jacobson. Basic Algebra I. Courier Corporation 2012.
[Jac12b]
Nathan Jacobson. Basic Algebra II. Courier Corporation 2012.
[JF07]
Steven G. Johnson and Matteo Frigo. A Modified Split-Radix FFT With Fewer Arithmetic Operations. IEEE Transactions on Signal Processing, 55(1):111–119, 2007.
[KA98]
Cetin Kaya Koc and Tolga Acar. Montgomery Multiplication in $\text{GF} (2^k)$. Designs, Codes and Cryptography, 14:57–69, 1998.
[KAK96]
Cetin Kaya Koc, Tolga Acar, and Burton S. Kaliski. Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro, 16(3):26–33, 1996.
[KO62]
A. Karatsuba and Yu. Ofman. Multiplication of many-digital numbers by automatic computers. In Doklady Akademii Nauk, volume 145(2), pages 293–294. 1962.
[KRS19]
Matthias J. Kannwischer, Joost Rijneveld, and Peter Schwabe. Faster Multiplication in $\mathbb{Z}_{2^m}[x]$ on Cortex-M4 to Speed up NIST PQC Candidates. In International Conference on Applied Cryptography and Network Security, pages 281–301. 2019. Springer.
[LS19]
Vadim Lyubashevsky and Gregor Seiler. NTTRU: Truly Fast NTRU Using NTT. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3):180-201, 2019.
[LVB07]
T. Lundy and James Van Buskirk. A new matrix approach to real FFTs and convolutions of length $2^k$. Computing, 80:23–45, 2007.
[LZ22]
Zhichuang Liang and Yunlei Zhao. Number Theoretic Transform and Its Applications in Lattice-based Cryptosystems: A Survey. arXiv preprint arXiv:2211.13546, 2022.
[Mey96]
Helmut Meyn. Factorization of the Cyclotomic Polynomial $x^{2^n} + 1$ over Finite Fields. Finite Fields and Their Applications, 2(4):439–442, 1996.
[MKV20]
Jose Maria Bermudo Mera, Angshuman Karmakar, and Ingrid Verbauwhede. Time-memory trade-off in Toom-Cook multiplication: an application to module-lattice based cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2):222–244, 2020.
[Mon85]
Peter L. Montgomery. Modular Multiplication Without Trial Division. Mathematics of computation, 44(170):519–521, 1985.
[Mur96]
Hideo Murakami. Real-valued fast discrete Fourier transform and cyclic convolution algorithms of highly composite even length. In 1996 IEEE International Conference on Acoustics, Speech, and Signal Processing Conference Proceedings, volume 3, pages 1311–1314. 1996.
[MV83a]
Jean-Bernard Martens and Marc C. Vanwormhoudt. Convolution Using a Conjugate Symmetry Property for Number Theoretic Transforms Over Rings of Regular Integers. IEEE Transactions on Acoustics, Speech, and Signal Processing, 31(5):1121–1125, 1983.
[MV83b]
Jean-Bernard Martens and Marc C. Vanwormhoudt. Convolutions of Long Integer Sequences by Means of Number Theoretic Transforms Over Residue Class Polynomial Rings. IEEE Transactions on Acoustics, Speech, and Signal Processing, 31(5):1125–1134, 1983.
[NAB+20]
Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, and Douglas Stebil. FrodoKEM. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[NG21]
Duc Tri Nguyen and Kris Gaj. Fast NEON-Based Multiplication for Lattice-Based NIST Post-quantum Cryptography Finalists. In Post-Quantum Cryptography: 12th International Workshop, PQCrypto 2021, Daejeon, South Korea, July 20–22, 2021, Proceedings, pages 234–254. 2021.
[Nic71]
Peter J. Nicholson. Algebraic Theory of Finite Fourier Transforms. Journal of Computer and System Sciences, 5(5):524–547, 1971.
[NIS]
the US National Institute of Standards NIST and Technology. Post-Quantum Cryptography Standardization Project.
[Nus80]
Henri J. Nussbaumer. Fast Polynomial Transform Algorithms for Digital Convolution. IEEE Transactions on Acoustics, Speech, and Signal Processing, 28(2):205–215, 1980.
[Nus82]
Henri J. Nussbaumer. Fast Fourier Transform and Convolution Algorithms. Springer Berlin, Heidelberg, 2nd edition. 1982.
[Ora14]
Oracle. x86 Assembly Language Reference Manual. , 2014.
[PAA+20]
Thomas Pöppelmann, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Peter Schwabe, Douglas Stebila, Martin R. Albrecht, Emmanuela Orsini, Valery Osheter, Kenneth G. Paterson, Guy Peer, and Nigel P. Smart. NewHope. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[PFH+20]
Thomas Prest, Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Ricosset, Gregor Seiler, William Whyte, and Zhenfei Zhang. Falcon. Submission to the NIST Post-Quantum Cryptography Standardization Project. 2020.
[Pla21]
Thomas Plantard. Efficient word size modular arithmetic. IEEE Transactions on Emerging Topics in Computing, 9(3):1506–1518, 2021.
[Pol71]
John M. Pollard. The Fast Fourier Transform in a Finite Field. Mathematics of computation, 25(114):365–374, 1971.
[Por19]
Thomas Pornin. New Efficient, Constant-Time Implementations of Falcon. 2019.
[Por23]
Thomas Pornin. Improved Key Pair Generation for Falcon, BAT and Hawk. 2023.
[PP19]
Thomas Pornin and Thomas Prest. More Efficient Algorithms for the NTRU Key Generation Using the Field Norm. In IACR International Workshop on Public Key Cryptography, pages 504–533. 2019. Springer.
[Rad68]
Charles M. Rader. Discrete Fourier Transforms When the Number of Data Samples Is Prime. Proceedings of the IEEE, 56(6):1107–1108, 1968.
[Sch77]
Arnold Schönhage. Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica, 7(4):395–398, 1977.
[Sei18]
Gregor Seiler. Faster AVX2 optimized NTT multiplication for Ring-LWE lattice cryptography. Cryptology ePrint Archive, Report 2018/039. 2018.
[Sho]
Victor Shoup. NTL: a Library for Doing Number Theory.
[Sho99]
Victor Shoup. Efficient Computation of Minimal Polynomials in Algebraic Extensions of Finite Fields. In Proceedings of the 1999 international symposium on Symbolic and algebraic computation, pages 53–58. 1999.
[SKS+21]
Pakize Sanal, Emrah Karagoz, Hwajeong Seo, Reza Azarderakhsh, and Mehran Mozaffari-Kermani. Kyber on ARM64: Compact Implementations of Kyber on 64-bit ARM Cortex-A Processors. In Security and Privacy in Communication Networks: 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part II, pages 424–440. 2021. Springer.
[SS71]
Arnold Schönhage and Volker Strassen. Schnelle Multiplikation großer Zahlen. Computing, 7:281–292, 1971.
[Sto66]
Thomas G. Stockham Jr.. High-Speed Convolution and Correlation. In Proceedings of the April 26-28, 1966, Spring joint computer conference, pages 229–233. 1966.
[Tho63]
Llewellyn Hilleth Thomas. Using a computer to solve problems in physics. Applications of digital computers, 1963.
[Too63]
Andrei L. Toom. The Complexity of a Scheme of Functional Elements Realizing the Multiplication of Integers. Soviet Mathematics Doklady, 3:714–716, 1963.
[TW13]
Aleksandr Tuxanidy and Qiang Wang. Composed products and factors of cyclotomic polynomials over finite fields. Designs, codes and cryptography, 69(2):203–231, 2013.
[vdH04]
Joris van der Hoeven. The truncated Fourier transform and applications. In Proceedings of the 2004 international symposium on Symbolic and algebraic computation, pages 290–296. 2004.
[Wan23]
William Wang. Personal communication. 2023.
[War12]
Henry S. Warren. Hacker's Delight. Addison-Wesley 2012.
[Win78]
Shmuel Winograd. On Computing the Discrete Fourier Transform. Mathematics of computation, 32(141):175–199, 1978.
[Win80]
Shmuel Winograd. Arithmetic Complexity of Computations, volume 33. Society for Industrial and Applied Mathematics 1980.
[WP06]
André Weimerskirch and Christof Paar. Generalizations of the Karatsuba Algorithm for Efficient Implementations. Cryptology ePrint Archive, Paper 2006/224. 2006.
[WY21]
Yansheng Wu and Qin Yue. Further factorization of $x^n - 1$ over a finite field (II). Discrete Mathematics, Algorithms and Applications, 13(06):2150070, 2021.
[WYF18]
Yansheng Wu, Qin Yue, and Shuqin Fan. Further factorization of $x^n - 1$ over a finite field. Finite Fields and Their Applications, 54:197–215, 2018.
[Yan22]
Bo-Yin Yang. Personal communication. 2022.
[Yan23]
Bo-Yin Yang. Personal communication. 2023.
[YJX24]
Yanze Yang, Yiran Jia, and Guangwu Xu. On Modular Algorithms and Butterfly Operations in Number Theoretic Transform. arXiv preprint arXiv:2402.00675, 2024.
PDF
History
Submitted: 2023-12-27
Accepted: 2024-06-04
Published: 2024-07-08
Accepted: 2024-06-04
Published: 2024-07-08
How to cite
Vincent Hwang, "A Survey of Polynomial Multiplications for Lattice-Based Cryptosystems," IACR Communications in Cryptology, vol. 1, no. 2, Jul 08, 2024, doi: 10.62056/a0ivr-10k.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.