Efficient Sparse Polynomial Multiplication for Dilithium on ARM Cortex-M4 and Apple M2

The authors present efficient sparse polynomial multiplication implementations of the Dilithium lattice-based digital signature scheme for the ARM Cortex-M4 and Apple M2 platforms, achieving significant performance improvements over the state-of-the-art.

The paper focuses on developing efficient sparse polynomial multiplication implementations of the Dilithium post-quantum cryptography scheme for the ARM Cortex-M4 and Apple M2 platforms. For the ARM Cortex-M4, the authors: Optimize the sparse polynomial multiplication algorithm by encoding the challenge polynomial and implementing a branchless approach. Leverage the ARM Cortex-M4's DSP instructions to achieve 4-way parallelism for the secret polynomial vectors. Integrate the optimized sparse polynomial multiplication with the infinity norm checks in the Dilithium signing process, further enhancing signing efficiency. Optimize other Dilithium modules like polynomial sampling, rounding, and packing/unpacking using DSP instructions. For the Apple M2, the authors: Utilize ARM NEON Intrinsics to vectorize the sparse polynomial multiplication, achieving 16-way parallelism. Combine the sparse polynomial multiplication with parallel comparison functions to perform early rejection checks on the infinity norm. The authors' optimized implementations achieve significant speedups of up to 30% on ARM Cortex-M4 and 55% on Apple M2 for sparse polynomial multiplication compared to the state-of-the-art Number-Theoretic Transform (NTT) implementation. They also demonstrate improvements in the overall Dilithium signing performance, reducing stack usage by 10.8%, 1.2%, and 7.7% for Dilithium2, Dilithium3, and Dilithium5, respectively, and enhancing signing performance by 0.4% to 0.8% compared to the previous ARM Cortex-M4 implementation. On the MacBook Air 2022, the authors' Dilithium implementation achieves 10% to 11% speedups in the signing procedure.

Dilithium2 sparse polynomial multiplication on Cortex-M4 achieves a 30% speedup over the state-of-the-art small-modulus NTT implementation. Dilithium3 sparse polynomial multiplication on Cortex-M4 achieves an 11% speedup over the state-of-the-art small-modulus NTT implementation. Dilithium5 sparse polynomial multiplication on Cortex-M4 is slightly slower than the state-of-the-art small-modulus NTT implementation. Dilithium sparse polynomial multiplication on Apple M2 achieves 33% to 55% speedups over the NTT-based implementation for computing cs1 and cs2. The optimized Dilithium implementation on Cortex-M4 reduces stack usage by 10.8%, 1.2%, and 7.7% in the signing procedure for Dilithium2, Dilithium3, and Dilithium5, respectively. The optimized Dilithium implementation on Cortex-M4 enhances signing performance by 0.4% to 0.8% compared to the previous state-of-the-art implementation. The optimized Dilithium implementation on Apple M2 achieves 10% to 11% speedups in the signing procedure compared to the previous state-of-the-art implementation.

"Our optimized sparse polynomial multiplication achieves significant speedups of up to 30% on ARM Cortex-M4 and 55% on Apple M2 compared to the state-of-the-art Number-Theoretic Transform (NTT) implementation." "Our optimized implementation not only reduces stack usage by 10.8%, 1.2%, and 7.7% in the signing procedure of Dilithium2, Dilithium3, and Dilithium5, respectively, but also enhances signing performance by 0.4% to 0.8% compared to the state-of-the-art ARM Cortex-M4 implementation." "On the MacBook Air 2022, our Dilithium implementation achieves 10% to 11% speedups in the signing procedure."