Institute of Information Science, Academia Sinica

Asymmetric crypto deployed today is essentially completely based on RSA, and (elliptic-curve) discrete logarithms. It is long known that these cryptosystems are no longer secure in a world where attackers  are equipped with a large universal quantum computer. This is why not only academic researchers, but also government agencies, standardization bodies, and industry are putting effort into transitioning our cryptographic infrastructure to post-quantum primitives. Probably the most prominent effort in this field is the NIST post-quantum crypto (PQC) project, which started in 2016 and aims at selecting and eventually standardizing several suitable post-quantum signatures and key-encapsulation schemes. This effort by NIST is supported by the international research community. In my talk I will first present the pqm4 project, a library, testing, and benchmarking framework for post-quantum cryptography on the ARM Cortex  M4. The long-term goal of this framework is to collect optimized and also side-channel-protected implementations of all NIST PQC candidates. In the second part of my talk I will zoom into the optimization effort for some of these schemes, specifically lattice-based key-encapsulation mechanisms.