Practical Post-Quantum Cryptography
On November 20th 2019, I will be defending my PhD thesis on practical post-quantum cryptography. This thesis is a collection of the work I have done at Radboud University between 2015 and 2019, under the supervision of Peter Schwabe and in collaboration with a wide range of coauthors.
The work consists of three separate chapters, discussing (specific schemes and optimization targets within the realms of) hash-based signatures, MQ-based signatures and lattice-based KEMs. While 'post-quantum cryptography' is the obvious commonality, the real focus of this work is on cryptographic engineering, and most of my contributions involve software optimization.
A digital version of the thesis is available here. Please let me know if you want to receive a physical copy — they will also be available at my defense.
The list below mirrors the software availability and data management listing in Section 1.3.1. The links will be updated to point to the latest version of the respective software. Unless explicitly stated otherwise, all software has been placed in the public domain to the extent possible under law, and all copyright and related rights have been waived by applying the CC0 1.0 Public Domain Dedication waiver. Software accompanying a publication is implicitly coauthored by all authors.
- Getting started on STM32
- Examples that demonstrate how to get started with programming STM32 Discovery boards, as well as wrappers around basic firmware functionality. See Section 2.4.2.
- Merkle tree traversal algorithms
- Python reimplementations of the Merkle tree traversal algorithms described in [BDS09]. See Section 3.2.5.
- The XMSS reference code
- The implementation accompanying the informational RFC 8391, specifying WOTS+, XMSS, and XMSSMT . It includes an implementation of the BDS tree traversal algorithm. This implementation was coauthored with Andreas Hülsing. See Sections 3.3.5 and 3.2.5.
- The XMSS-T code
- The implementation of XMSS-T, leading to the XMSS reference code. It contains tweaks that allow for comparison to SPHINCS-256 and to XMSS at lowered security levels, and accompanied the paper “Mitigating Multi-Target Attacks in Hash-based Signatures” [HRS16b]. See Section 3.3.3.
- XMSSMT on the Java Card
- An implementation of the XMSSMT scheme for the Java Card platform. It accompanied the paper “Is Java Card ready for hash-based signatures?” [LPR+18]. See Section 3.4.
- The ARMed SPHINCS code
- A modified version of the SPHINCS reference implementation and the XMSSMT reference implementation, targeting the Cortex-M3. It accompanied the paper “ARMed SPHINCS – Computing a 41 KB signature in 16 KB of RAM” [HRS16a]. See Section 3.6.
- The ChaCha permutation for the Cortex-M
- An ARMv7E-M assembly implementation of the πChaCha permutation function. This implementation was initially used in ARMed SPHINCS [HRS16a]. See Section 3.6.
- A reimplementation of SPHINCS-256 in Python, aimed to provide a highly flexible framework for experimenting and comparison.
- The SPHINCS+ reference code
- The reference implementation of SPHINCS+, accompanying the SPHINCS+ submission to NIST’s Post-Quantum Cryptography Standardization project [BDE+17]. See Section 3.7.
- Python bindings for the SPHINCS+ reference code, originally written for integration into The Update Framework. Also available on PyPI as pyspx.
- The MQDSS code
- The reference and AVX2-optimized implementation of MQDSS, accompanying the paper “From 5-pass MQ-based identification to MQ-based signatures” [CHR+16], and the software as part of the MQDSS submission to NIST’s Post-Quantum Cryptography Standardization project. See Section 4.5.
- The SOFIA code
- The reference and optimized code accompanying the paper “SOFIA: MQ-based signatures in the QROM” [CHR+18]. See Section 4.8.
- The NTRU-HRSS code
- The AVX2-optimized implementation of NTRU-HRSS, accompanying the paper “High-speed key encapsulation from NTRU” [HRS+17a], and the updated software as part of the NTRU-HRSS submission to NIST’s Post-Quantum Cryptography Standardization project. See Sections 5.1 and 5.2.
- Bit permutations
- Simulator for a subset of x86-64 with AVX2 extensions, used to construct efficient permutations on bit sequences for NTRU-HRSS [HRS+17a].
- A library and benchmarking and testing framework for post-quantum cryptography on the Cortex-M4, coauthored with Matthias Kannwischer, Peter Schwabe, and Ko Stoffelen. See also [KRS+19b].
- The ℤ2m[x] code
- Code generation scripts for polynomial multiplication, accompanying the paper “Faster multiplication in ℤ2m[x] on Cortex-M4 to speed up NIST PQC candidates” [KRS19]. See Section 5.4.
- A testing framework and collection effort of clean implementations of post-quantum cryptography, coauthored with Matthias Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers. See also [KRS+19a].