The implementation of polynomial multiplication for lattice-based cryptography: A survey

The advent of quantum computing threatens the security of traditional public-key cryptography. Algorithms for quantum computing have the ability to solve the large prime factorization and the discrete logarithm problem in polynomial time. To deal with the threat, post-quantum cryptography (PQC) primitives and protocols were proposed. Lattice-based cryptography (LBC) is the promising post-quantum cryptography, both in traditional and emerging security scenarios such as public-key encryption, homomorphic encryption and oblivious transfer. Theoretically, the algebraic structure of the lattice provides a secure fundamental for LBC. In contrast, the implementation should consider the balance of time, space, and resources for realization on various programmable platforms. In the implementation of lattice-based cryptography, polynomial multiplication is the primary operation accounting for about 30% of the execution. To improve the performance of LBC schemes, various efficient algorithms have been proposed over decades. This work focuses on approaches to accelerate polynomial multiplication used in LBC schemes. First, we review and compare three polynomial multiplication algorithms, Number Theory Transform (NTT), Karatsuba algorithm and Toom–Cook algorithm. Then we present a comprehensive survey of implementation on programmable platforms such as Graphics Processing Unit (GPU) and Field-Programmable Gate Array (FPGA). At last, we summarize the future trend of implementing polynomial multiplication and provide recommendations.