Modular Polynomial Multiplication Using RSA/ECC coprocessor.

Modular polynomial multiplication is a core and costly operation of ideal lattice-based schemes. In the context of embedded devices, previous works transform the polynomial multiplication to an integer one using Kronecker substitution. Thanks to this transformation, existing coprocessors which handle large-integer operations can be re-purposed to speed-up lattice-based cryptography. In a nutshell, the Kronecker substitution transforms by evaluation the polynomials to integers, multiplies it with an integer multiplication and gets back to a polynomial result using a radix conversion. The previous work focused on optimization of the integer multiplication using coprocessors. In this work, we pursue the seminal research by optimizing the evaluation, radix conversion and the modular reductions modulo q with today’s RSA/ECC coprocessor. In particular we show that with a coprocessor handling addition/subtraction, (modular) multiplication, shift and logical AND on large integers, the whole modular polynomial multiplication can be computed. The efficiency of our modular polynomial multiplication depends on the component specification and on the cryptosystem parameters set. Hence, we assess our algorithm on a chip for several lattice-based schemes, which are finalists of the NIST standardization. Moreover, we compare our modular polynomial multiplication with other polynomial multiplication techniques.