International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024

Revisiting Keccak and Dilithium Implementations on ARMv7-M


README

Revisiting Keccak and Dilithium Implementations on ARMv7-M

This repository provides codes for our implementations of Keccak and Dilithium using the multi-moduli NTTs on two ARMv7-M microprocessors: ARM Cortex-M3 and Cortex-M4.

Authors:
- Junhao Huang <huangjunhao@uic.edu.cn>
- Alexandre Adomnicăi <alexandre@adomnicai.me>
- Jipeng Zhang <jp-zhang@outlook.com>
- Wangchen Dai <w.dai@my.cityu.edu.hk>
- Yao Liu <liuyao25@mail.sysu.edu.cn>
- Ray C. C. Cheung <r.cheung@cityu.edu.hk>
- Çetin Kaya Koç <cetinkoc@ucsb.edu>
- Donglong Chen <donglongchen@uic.edu.cn> (Corresponding Author)

Clone the repository

git clone --recurse-submodules https://github.com/UIC-ESLAS/Dilithium-Multi-Moduli.git

Setups

The setups for testing and evaluating of our code are based on the framework provided in the pqm3 and pqm4 projects.

Prerequisites

Files in this archive

ARM Cortex-M3

Detailed instructions on interacting with the hardware and on installing required software can be found in pqm3's readme.

The scripts benchmarks.py and poly_benchmarks.py cover most of the frequent use cases. To use the XKCP Keccak implementation in these scripts, the KECCAK=0 configuration is used in these scripts. To reproduce results for our implementations, the KECCAK=1 configuration is used in these scripts.

# 1. Benchmark the schemes with the proposed/XKCP Keccak implementation (Table 5):
python3 benchmarks.py
# output in benchmarks.txt

# 2. Benchmark the arithmetic with the proposed/XKCP Keccak implementation (Table 2,3,4):
python3 poly_benchmarks.py
# output in poly_benchmarks.txt

In case separate, manual testing is required, the binaries for a scheme can be build using

make PLATFORM=sam3x8e KECCAK={0,1} IMPLEMENTATION_PATH=crypto_{kem,sign}/{scheme}/{variant} bin/crypto_{kem,sign}_{scheme}_{variant}_{firmware}.bin

, where firmware is one of {test, testvectors, speed, f_speed, stack} and variant is the specific implementation.

It can then be flashed using:

bossac -a --erase --write --verify --boot=1 --port=/dev/ttyACM0 bin/crypto_{kem,sign}_{scheme}_{variant}_{firmware}.bin

Example on M3

For building the test firmware for our m3plant version of dilithium2 the following command can be used:

# build
make PLATFORM=sam3x8e KECCAK={0,1} IMPLEMENTATION_PATH=crypto_sign/dilithium2/m3plant bin/crypto_sign_dilithium2_m3plant_test.bin

# It can then be flashed using:

bossac -a --erase --write --verify --boot=1 --port=/dev/ttyACM0 bin/crypto_sign_dilithium2_m3plant_test.bin

# Get output:
pyserial-miniterm /dev/ttyACM0

# Output like this:
--- Miniterm on /dev/ttyACM0  9600,8,N,1 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---

ARM Cortex-M4

Detailed instructions on interacting with the hardware and on installing required software can be found in pqm4's readme.

The scripts hashing_benchmarks.py and poly_benchmarks.py cover most of the frequent use cases. To use the XKCP Keccak implementation in these scripts, the KECCAK=0 configuration is used in these scripts. To reproduce results for our implementations, the KECCAK=1 configuration is used in these scripts.

# 1. Benchmark the schemes and hash profiling with the proposed/XKCP Keccak implementation (Table 6):
python3 hashing_benchmarks.py
# output in hashing_benchmarks.txt

# 2. Benchmark the arithmetic with the proposed Keccak/XKCP implementation (Table 2,3,4):
python3 poly_benchmarks.py
# output in poly_benchmarks.txt

In case separate, manual testing is required, the binaries for a scheme can be build using

make KECCAK={0,1} IMPLEMENTATION_PATH=crypto_{kem,sign}/{scheme}/{variant} bin/crypto_{kem,sign}_{scheme}_{variant}_{firmware}.bin

, where firmware is one of {test, testvectors, speed, f_speed, stack} and variant is the specific implementation.

It can then be flashed using:

st-flash --reset write bin/crypto_{kem,sign}_{scheme}_{variant}_{firmware}.bin 0x8000000

Example on M4

For building the test firmware for our m4plant version of dilithium3 the following command can be used:

make KECCAK={0,1} IMPLEMENTATION_PATH=crypto_sign/dilithium3/m4plant bin/crypto_sign_dilithium3_m4plant_test.bin

# It can the be flashed using:
st-flash --reset write bin/crypto_sign_dilithium3_m4plant_test.bin 0x8000000

# Get output:
python3 read_guest.py

References

[AHKS22] Amin Abdulrahman, Vincent Hwang, Matthias J. Kannwischer, and Amber Sprenkels. Faster Kyber and Dilithium on the Cortex-M4. In Giuseppe Ateniese and Daniele Venturi, editors, Applied Cryptography and Network Security - 20th International Conference, ACNS 2022: 853-871.
[GKS20] Denisa O. C. Greconici, Matthias J. Kannwischer, and Amber Sprenkels. Compact Dilithium Implementations on Cortex-M3 and Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1):1–24, Dec. 2020.

License

Each subdirectory containing implementations contains a LICENSE or COPYING file stating under what license that specific implementation is released. The files in M3/commen or M4/common contain licensing information at the top of the file (and are currently either public domain or MIT). The implementations in m3plant and m4plant in this repository are licensed under the Apache License Version 2.0.

Citation

Please cite our paper if you want to use this repository.

@article{Huang2023Revisit,
author = {Junhao Huang, Alexandre Adomnic\u{a}i, Jipeng Zhang, Wangchen Dai, Yao Liu, Ray C. C. Cheung, \c{C}etin Kaya Ko\c{c}, and Donglong Chen},
title = {Revisiting Keccak and Dilithium Implementations on ARMv7-M},
journal = {IACR Trans. Cryptogr. Hardw. Embed. Syst.},
volume = {2024},
number = {2},
year = {2024}
}