Conference paper Open Access

A Lightweight Implementation of NTRUEncrypt for 8-bit AVR Microcontrollers

Cheng, H.; Großschädl, J.; Rønne, P.; Ryan, P.

Introduced in 1996, NTRUEncrypt is not only one of the earliest but also one of the most scrutinized lattice-based cryptosystems and expected to remain secure in the upcoming era of quantum computing. Furthermore, NTRUEncrypt offers some efficiency benefits over “pre-quantum” cryptosystems like RSA or ECC since the low-level arithmetic operations are less computation-intensive and, thus, more suitable for constrained devices. In this paper, we present AVRNTRU, a highly-optimized implementation of NTRUEncrypt for 8-bit AVR microcontrollers that we developed from scratch to reach high performance and resistance to timing attacks. AVR NTRU complies with the EESS #1 v3.1 specification and supports product-form parameter sets such as ees443ep1, ees587ep1, and ees743ep1. Entire encryption (including mask generation and blinding-polynomial generation) using the ees443ep1 parameters requires 847973 clock cycles on an ATmega1281 microcontroller; the decryption is more costly and has an execution time of 1051871 cycles. We achieved these results with the help of a novel hybrid technique for multiplication in a truncated polynomial ring, whereby one of the operands is a sparse ternary polynomial in product form and the other an arbitrary element of the ring. A constant-time multiplication in the ring given by the ees443ep1 parameters takes only 192577 cycles, which sets a new speed record for the arithmetic part of a lattice-based cryptosystem on AVR.

Files (290.3 kB)
Name Size
18-A-Lightweight-Implementation-of-NTRUEncrypt-for-8-bit-AVR-Microcontrollers.pdf
md5:8c7c5535d8d0705f4396823412f72621
290.3 kB Download
46
49
views
downloads
All versions This version
Views 4618
Downloads 4916
Data volume 22.7 MB4.6 MB
Unique views 4317
Unique downloads 4613

Share

Cite as