Accelerating Number Theoretic Transform in GPU Platform for qTESLA Scheme


Lee W., Akleylek S., Yap W., Goi B.

15th International Conference on Information Security Practice and Experience (ISPEC), Kuala-Lumpur, Malaysia, 26 - 28 November 2019, vol.11879, pp.41-55 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 11879
  • Doi Number: 10.1007/978-3-030-34339-2_3
  • City: Kuala-Lumpur
  • Country: Malaysia
  • Page Numbers: pp.41-55
  • Keywords: Number Theoretic Transform, Lattice-based cryptography, Graphics Processing Units, Post-quantum cryptography
  • Ondokuz Mayıs University Affiliated: Yes

Abstract

Post-quantum cryptography had attracted a lot of attentions in recent years, due to the potential threat emerged from quantum computer against traditional public key cryptography. Among all post-quantum candidates, lattice-based cryptography is considered the most promising and well studied one. The most time consuming operation in lattice-based cryptography schemes is polynomial multiplication. Through careful selection of the lattice parameters, the polynomial multiplication can be accelerated by Number Theoretic Transform (NTT) and massively parallel architecture like Graphics Processing Units (GPU). However, existing NTT implementation in GPU only focuses on parallelizing one of the three for loop, which eventually causes slow performance and warp divergence. In this paper, we proposed a strategy to mitigate this problem and avoid the warp divergence. To verify the effectiveness of the proposed strategy, the NTT was implemented following the lattice parameters in qTESLA, which is one of the round 2 candidates in NIST Post-Quantum Standardization competition. To the best of our knowledge, this is the first implementation of NTT in GPU with parameters from qTESLA. The proposed implementation can be used to accelerate qTESLA signature generation and verification in batch, which is very useful under server environment. On top of that, the proposed GPU implementation can also be generalized to other lattice-based schemes.