基于AVX512的格密码高速并行实现

doi:10.19678/j.issn.1000-3428.0067167

摘要/Abstract

摘要：

量子计算的迅速发展可能对当前广泛使用的公钥密码算法造成严重威胁。格密码因优秀的抗量子安全性和高效的计算效率在后量子密码中占据重要地位。美国国家标准技术研究院于2022年5月公布4个后量子密码标准，其中3个是格密码算法，Kyber算法便是其中之一。随着后量子密码标准的确定，Kyber算法高效实现的需求日益增加。基于512位高级向量扩展（AVX512），对Kyber算法进行优化与高速并行实现。使用惰性模约减、优化的蒙哥马利模约减及优化的快速数论变化等技术，充分利用计算机的存储空间，减少大量不必要的模约减操作，提高多项式计算的效率与并行性。采用冗余比特技术，增强多项式抽样过程中比特的并行处理能力。通过AVX512的512 bit位宽和8路并行实现哈希运算，并对其产生的伪随机比特串进行合理调度，充分发挥并行性能。基于AVX512指令集高速并行实现Kyber上的多项式计算和抽样，并进一步实现整个Kyber公钥加密方案。性能测试结果表明，与C语言实现相比，基于AVX512实现的密钥生成和加密算法获得了10~16倍的加速，解密算法获得了约56倍的加速。

关键词: 后量子密码, 格密码, 公钥加密, 512位高级向量扩展指令集, 并行计算

Abstract:

The rapid development of quantum computing seriously threatens the security of widely used public-key cryptography. Lattice-based cryptography occupies an essential position in Post-Quantum Cryptography(PQC) owing to its excellent anti-quantum security and efficient computational efficiency. In May 2022, the National Institute of Standards and Technology(NIST) published four PQC standards, three of which are lattice-based cryptography algorithms, along with Kyber. With the identification of post-quantum standards, the importance and need for their efficient implementation is increasing. This study presents an optimized and high-speed parallel implementation of the Kyber algorithm based on the Advanced Vector eXtensions 512(AVX512). It utilizes techniques such as lazy reduction, optimized Montgomery modular reduction, and optimized Number-Theoretic Transformation(NTT) to reduce unnecessary modular reduction operations and improve the efficiency and parallelism of polynomial computations by fully utilizing computer storage space. It also employs redundant bit technology to improve the parallel processing capability of bits during polynomial sampling. The 512 bit width of AVX512 is utilized to perform 8-way parallel Hash operations, and the resulting pseudo-random bit strings are properly scheduled to fully leverage parallel performance. Finally, this study implements polynomial computations and sampling on Kyber in high-speed parallel using the AVX512 instruction set and further implements the entire Kyber public-key encryption scheme. Performance test results indicate that the key generation and encryption algorithms in this study achieve 10 to 16 times acceleration compared to the C language implementation provided in the standard documentation, while the decryption algorithm achieves approximately 56 times acceleration.

Key words: Post-Quantum Cryptography(PQC), lattice-based cryptography, public-key encryption, Advanced Vector eXtensions 512(AVX512) instruction set, parallel computation

雷斗威, 何德彪, 罗敏, 彭聪. 基于AVX512的格密码高速并行实现[J]. 计算机工程, 2024, 50(2): 15-24.

Douwei LEI, Debiao HE, Min LUO, Cong PENG. High-speed Parallel Implementation of Lattice-based Cryptography Based on AVX512[J]. Computer Engineering, 2024, 50(2): 15-24.

http://www.ecice06.com/CN/Y2024/V50/I2/15

图/表 6

图1 8路并行SHAKE函数

Fig.1 8-way parallel SHAKE functions

图2 数据排列与处理

Fig.2 Arrangement and processing of data

图3 CBD抽样的比特处理

Fig.3 Bit processing of CBD sampling

参考文献 25

1	SHOR P W. Algorithms for quantum computation: discrete logarithms and factoring[C]//Proceedings the 35th Annual Symposium on Foundations of Computer Science. Washington D. C., USA: IEEE Press, 1994: 124-134.
2	REGEV O. On lattices, learning with errors, random linear codes, and cryptography[C]//Proceedings of STOC'05. New York, USA: ACM Press, 2005: 84-93.
3	LANGLOIS A, STEHLÉ D. Worst-case to average-case reductions for module lattices. Designs, Codes and Cryptography, 2015, 75(3): 565- 599. doi: 10.1007/s10623-014-9938-4
4	BOS J, DUCAS L, KILTZ E, et al. CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM[C]//Proceedings of 2018 IEEE European Symposium on Security and Privacy. Washington D. C., USA: IEEE Press, 2018: 353-367.
5	FUJISAKI E, OKAMOTO T. Secure integration of asymmetric and symmetric encryption schemes[C]//Proceedings of the 19th Annual International Cryptology Conference. Berlin, Germany: Springer, 1999: 537-554.
6	SEILER G. Faster AVX2 optimized NTT multiplication for ring-LWE lattice cryptography. ACM Transactions on Embedded Computing Systems, 2023, 22(5): 83.
7	LONGA P, NAEHRIG M. Speeding up the number theoretic transform for faster ideal lattice-based cryptography[C]//Proceedings of the 15th International Conference on Cryptology and Network Security. Berlin, Germany: Springer, 2016: 124-139.
8	GUERON S, SCHLIEKER F. Speeding up R-LWE post-quantum key exchange[C]// Proceedings of the 21st Nordic Conference on Secure IT Systems. Berlin, Germany: Springer, 2016: 187-198.
9	ROY S S. SaberX4: high-throughput software implementation of Saber key encapsulation mechanism[C]//Proceedings of the 37th International Conference on Computer Design. Washington D. C., USA: IEEE Press, 2019: 321-324.
10	CABRAL R, LÓPEZ J. Implementation of the SHA-3 family using AVX512 instructions[EB/OL]. [2023-02-11]. https://docslib.org/doc/11679069/implementation-of-the-sha-3-family-using-avx512-instructions.
11	ALKIM E, BILGIN Y A, CENK M, et al. Cortex-M4 optimizations for {R, M} LWE schemes. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020,(3): 336- 357.
12	ALKIM E, EVKAN H, LAHR N, et al. ISA extensions for finite field arithmetic[EB/OL]. [2023-02-11]. https://eprint.iacr.org/2020/049.
13	WONG M M, HAJ-YAHYA J, SAU S, et al. A new high throughput and area efficient SHA-3 implementation[C]//Proceedings of 2018 IEEE International Symposium on Circuits and Systems. Washington D. C., USA: IEEE Press, 2018: 1-5.
14	顾丽红, 魏海蕊. 基于龙芯SIMD技术的AES加解密优化. 计算机工程, 2009, 35(3): 189-191, 221. doi: 10.3969/j.issn.1000-3428.2009.03.064
	GU L H, WEI H R. Optimization of AES encryption and decryption based on SIMD technology for Loongson. Computer Engineering, 2009, 35(3): 189-191, 221. doi: 10.3969/j.issn.1000-3428.2009.03.064
15	KARMAKAR A, MERA J M B, ROY S S, et al. Saber on ARM CCA-secure module lattice-based key encapsulation on ARM. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018,(3): 243- 266.
16	FRITZMANN T, SIGL G, SEPÚLVEDA J. RISQ-V: tightly coupled RISC-V accelerators for post-quantum cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020,(4): 239- 280.
17	ZHOU Z, HE D B, LIU Z, et al. A software/hardware co-design of Crystals-Dilithium signature scheme. ACM Transactions on Reconfigurable Technology and Systems, 2021, 14(2): 11.
18	郭渝洛, 边浩东, 董润婷, 等. 基于SIMD的并行傅里叶空间图像相似度计算. 计算机工程, 2021, 47(11): 247- 253. URL
	GUO Y L, BIAN H D, DONG R T, et al. Parallel Fourier space image similarity calculation based on SIMD. Computer Engineering, 2021, 47(11): 247- 253. URL
19	BERNSTEIN D J. Multidigit multiplication for mathematicians[EB/OL]. [2023-02-11]. https://www.researchgate.net/publication/2370542_Multidigit_Multiplication_For_Mathematicians.
20	CHUNG C M M, HWANG V, KANNWISCHER M J, et al. NTT multiplication for NTT-unfriendly rings. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021,(2): 159- 188.
21	National Institute of Standards and Technology. Module-lattice-based key-encapsulation mechanism standard(FIPS Draft 203, Version 1)[EB/OL]. [2023-02-11]. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf.
22	MONTGOMERY P L. Modular multiplication without trial division. Mathematics of Computation, 1985, 44(170): 519- 521.
23	BERTONI G, DAEMEN J, PEETERS M, et al. Keccak[C]//Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2013: 313-314.
24	PRITZKER P, GALLAGHER P D. SHA-3 standard: permutation-based hash and extendable-output functions[EB/OL]. [2023-02-11]. https://www.semanticscholar.org/paper/SHA-3-Standard%3A-Permutation-Based-Hash-and-Dworkin/4e1b5b26e6ca38b8c7602a73b7087288edbf85c9.
25	OZOLS M, ROETTELER M, ROLAND J. Quantum rejection sampling. ACM Transactions on Computation Theory, 2013, 5(3): 11.

[1]	王其涵, 庞建民, 岳峰, 祝迪, 沈莉, 肖谦. 面向申威架构的KNN并行算法实现与优化[J]. 计算机工程, 2023, 49(5): 286-294.
[2]	夏立斌, 刘晓宇, 姜晓巍, 孙功星. 基于分布式数据集的并行计算框架内存优化方法[J]. 计算机工程, 2023, 49(4): 43-51.
[3]	房俊, 薛晓东, 周云亮. 基于深度生成模型的聚合查询区间估计方法[J]. 计算机工程, 2023, 49(11): 284-292, 301.
[4]	张晓东, 陈韬伟, 余益民. 一种基于LWE‐CPABE的区块链数据共享方案[J]. 计算机工程, 2022, 48(10): 158-168,175.
[5]	黄瑞, 金光浩, 李磊, 姜文超, 宋庆增. 轻量化神经网络加速器的设计与实现[J]. 计算机工程, 2021, 47(9): 185-190,196.
[6]	易培淮, 李卫东, 林韬, 邹佳恒, 邓子艳, 刘言. GPU在缪子快速模拟中的应用[J]. 计算机工程, 2021, 47(8): 100-108.
[7]	佘鑫, 何震瀛. 复杂属性条件下基于Spark的clique社区搜索算法[J]. 计算机工程, 2021, 47(12): 54-61,70.
[8]	郭渝洛, 边浩东, 董润婷, 唐嘉豪, 王晓英, 黄建强. 基于SIMD的并行傅里叶空间图像相似度计算[J]. 计算机工程, 2021, 47(11): 247-253.
[9]	卢嘉嘉, 杜育松. 整数上离散高斯取样的常数时间实现方法[J]. 计算机工程, 2020, 46(8): 119-123.
[10]	赵宗渠, 黄鹂娟, 范涛, 马少提. 格上基于KEM的认证密钥交换协议[J]. 计算机工程, 2020, 46(7): 122-128.
[11]	王众, 韩益亮. 基于Niederreiter密码体制的抗量子签密方案[J]. 计算机工程, 2020, 46(5): 193-199.
[12]	肖成龙, 聂紫阳, 王宁, 张重鹏, 王珊珊. 基于并行约束规划的最大团识别研究[J]. 计算机工程, 2020, 46(4): 53-59,69.
[13]	徐国伟, 陈建, 成怡. 基于GPU并行计算的雷达杂波模拟研究[J]. 计算机工程, 2020, 46(11): 306-314.
[14]	李洁, 朱洪亮, 陈玉玲, 辛阳. 基于哈希存储与事务加权的并行Apriori改进算法[J]. 计算机工程, 2020, 46(11): 109-116.
[15]	宋匡时, 李翀, 张士波. 一个轻量级分布式机器学习系统的设计与实现[J]. 计算机工程, 2020, 46(1): 201-207.

选择文件类型/文献管理软件名称

选择包含的内容