Paper 2019/893

New Efficient, Constant-Time Implementations of Falcon

Thomas Pornin

Abstract

A new implementation of Falcon is presented. It solves longstanding issues in the existing reference code: the new implementation is constant-time, it does not require floating-point hardware (though it can use such hardware for better performance), it uses less RAM, and achieves much better performance on both large systems (x86 with Skylake cores, POWER8,...) and small microcontrollers (ARM Cortex M4). In particular, signature generation with Falcon-512 takes less than 470k cycles on a Skylake (82k cycles only for verification), and about 21.2 million cycles on an ARM Cortex M4.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
falconpost-quantum signatures
Contact author(s)
pornin @ bolet org
thomas pornin @ nccgroup com
History
2019-09-18: revised
2019-08-05: received
See all versions
Short URL
https://ia.cr/2019/893
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/893,
      author = {Thomas Pornin},
      title = {New Efficient, Constant-Time Implementations of Falcon},
      howpublished = {Cryptology ePrint Archive, Paper 2019/893},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/893}},
      url = {https://eprint.iacr.org/2019/893}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.