![]() | Only 14 pages are availabe for public view |
Abstract In this work we discuss the history of lattice-based cryptography, study the recently developed lattice-based cryptosystems, and compare the performance of the HewHope, Kyber, Saber and Round5 CPA public key cryptosystems and CCA key encapsulation mechanisms. These cryptosystems are among the candidates of the second round of the NIST post-quantum cryptography standardization competition. We concentrate on the performance of these cryptosystems. And the main factors affecting the performace are: polynomial multiplication and random buffer generation. There are several methods to perform polynomial multiplication such as Karatsuba, Toom-Cook, index-based and NTT methods. The NTT method is the fastest, but it limits the choice of the cryptosystem parameters. Random buffer generation can be sped up by using AES128 in counter mode or any fast stream cipher instead of the SHA3 function shake128. High performance can be achieved on modern processors by using the new AES instructions AES-NI. We also profile the Kyber CPA cryptosystem to show the impact of random buffer generation using extendable output functions on the performance of such cryptosystems. We make all our code available at http://github.com/a1024/pqc. |