Memory‐constrained implementation of lattice‐based encryption scheme on standard Java Card platform

Abstract The lattice‐based encryption scheme has high efficiency and reliability, and it can be run on small devices with limited memory capacity and computational resources such as sensor nodes or smart cards. The first implementation is presented of the original ring–learning‐with‐errors‐based encryption scheme on a standard Java Card platform by combining the number theoretic transform with improved Montgomery modular multiplication. Without any cryptographic coprocessor support, the decryption running time is around 7 s, corresponding to the AES‐128 security level. Two efficient discrete Gaussian sampling approaches, known at the discrete Ziggurat sampling algorithm and Knuth–Yao algorithm, were implemented on the Java Card and resulted in a reduction in running times. More important, polynomial modular multiplication is shown to perform efficiently on a standard Java Card platform even when the big integers and floating‐point number operations are not supported. The results show the feasibility of implementing more lattice‐based cryptosystems on existing memory‐constrained Java Cards. A preliminary version of this paper appeared with the title ‘Memory‐constrained implementation of lattice‐based encryption scheme on standard Java Card’ in Proceedings of the 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)