Memory-constrained implementation of lattice-based encryption scheme on standard Java Card

摘要

Since NSA announced the plans for transitioning to the algorithms which are resistant to attacks by the potential quantum computers, the interest of implementation of post-quantum cryptography (PQC) on various devices has emerged. Including widely used Java Card, memory-constrained smart cards need the efficient implementation of encryption schemes to resist quantum-computing attacks. Meanwhile, lattice-based cryptography, as one of the strongest candidates for PQC, has attracted wide attention due to their applicability and operating efficiency in recent years. However, due to the limited memory resources and computing power, long integer multiplication is a challenge on Java Card, and it had been considered that only a few lattice-based cryptosystems are fitting into such devices. In this paper, we show the first implementation of a lattice-based encryption scheme on standard Java Card whose running time is nearly optimal (about 100 seconds in decryption for 128-bit security) by combining the use of iterative fast Fourier transform and improved Montgomery modular multiplication. More importantly, we indicate that polynomial multiplication and over signed 15-bit integer arithmetic can be performed on Java Card even if the long integers are not supported, which makes running more lattice-based protocols on Java Card achievable.