CryptoDB
A New Trick for Polynomial Multiplication: A verified CRT polymul utilizing a monomial factor
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In this paper we present a novel transformation strategy for polynomial multiplications and apply it to NTRU Prime, specifically the parameter sets sntrup761 and ntrulpr761 working in the ring Z4591[x]/⟨x761−x−1⟩. To evaluate the practicality of our idea, we implemented the algorithm in C++ with ARM Neon intrinsics. By further exploiting the various optimization opportunities in the transformation process, we achieve state-of-the-art performance on Cortex-A72.Because of the aggressively lazy modular reduction strategy, overflows are of serious concern. Such errors in an optimized implementation are notoriously difficult to detect using traditional test vectors. To this end, the compiled binary file is formally verified using the tool CryptoLine. We use all the features in the current version of CryptoLine. This includes the Integer Set Library for range checking, plus the Logical Equivalence Checking to verify the correctness of the binary produced with the most optimized compiler setting by showing it as being equivalent to a binary from a less optimized compilation. |
BibTeX
@article{tches-2025-35993,
title={A New Trick for Polynomial Multiplication: A verified CRT polymul utilizing a monomial factor},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2025},
pages={795-816},
url={https://tches.iacr.org/index.php/TCHES/article/view/12429},
doi={10.46586/tches.v2025.i4.795-816},
author={Chun-Ming Chiu and Bo-Yin Yang and Bow-Yaw Wang},
year=2025
}