Efficient Word Size Modular Multiplication over Signed Integers

As an efficient multiplication method for polynomial rings, Number Theoretic Transform (NTT) is a fundamental algorithm that is both practically useful and theoretically established. Chung et al. proposed a method to perform NTT-based polynomial multiplication for NTT-unfriendly rings that do not have suitable primitive roots. They applied their proposal to lattice-based cryptography using NTT-unfriendly rings and speeded up several schemes. At ARITH 2021, Plantard proposed a modular multiplication algorithm that improves the speed of NTT if moduli are not large (a few dozen of bits), which is the case for typical lattice-based cryptography. It is natural to expect that Plantard's method improves Chung et al.‘s NTT when applied to them, however, this is not possible as Chung et al. requires the use of signed integers while Plantard's method assumes unsigned integers. A simple fix would cause a slowdown and a non-constant-time operation. To overcome this problem, we propose an efficient method for calculating the modular multiplication for signed integers based on Plantard's method. Our proposal generally incurs no overhead from the original and works in a constant-time fashion. To show the effectiveness of our proposal, we provide experimental implementation results on a lattice-based cryptographic scheme Saber. Currently, NIST is selecting candidates for standardization of post-quantum cryp-tography in preparation for the compromise of current public key cryptography by quantum computers, and has completed the selection of the final candidates. Saber is one of the finalists for the NIST standardization project,