Article Contents
Article Contents

# On Polynomial Modular Number Systems over $\mathbb{Z}/{p}\mathbb{Z}$

• Since their introduction in 2004, Polynomial Modular Number Systems (PMNS) have become a very interesting tool for implementing cryptosystems relying on modular arithmetic in a secure and efficient way. However, while their implementation is simple, their parameterization is not trivial and relies on a suitable choice of the polynomial on which the PMNS operates. The initial proposals were based on particular binomials and trinomials. But these polynomials do not always provide systems with interesting characteristics such as small digits, fast reduction, etc.

In this work, we study a larger family of polynomials that can be exploited to design a safe and efficient PMNS. To do so, we first state a complete existence theorem for PMNS which provides bounds on the size of the digits for a generic polynomial, significantly improving previous bounds. Then, we present classes of suitable polynomials which provide numerous PMNS for safe and efficient arithmetic.

Mathematics Subject Classification: Primary: 11T06, 11T71; Secondary: 11H06, 94A60, 68W99.

 Citation:

• Table 1.  Elements of $\mathbb{Z}/31\mathbb{Z}$ are represented as polynomials in $\gamma$, noted as vectors with lowest degree first. The reduction polynomial is $E(X) = X^4-2$ and ${\gamma = 15}$ is a root of $E(X)$. The digit set is $\{ -1, 0, 1\}$ (i.e., $\rho = 2$)

 0 1 2 3 4 5 (0, 0, 0, 0) (1, 0, 0, 0) (-1, 1, -1, 1) \begin{array}{*{20}{c}} (-1, -1, -1, 1)\\ (-1, 0, 0, -1)\\ (-1, 0, 1, 1)\\ (0, 1, -1, 1) \end{array} \begin{array}{*{20}{c}} (0, -1, -1, 1)\\ (0, 0, 0, -1)\\ (0, 0, 1, 1)\\ (1, 1, -1, 1) \end{array} \begin{array}{*{20}{c}} (1, -1, -1, 1)\\ (1, 0, 0, -1)\\ (1, 0, 1, 1) \end{array} 6 7 8 9 10 11 (-1, 1, -1, 0) \begin{array}{*{20}{c}} (-1, -1, -1, 0)\\ (-1, 0, 1, 0)\\ (0, 1, -1, 0) \end{array} \begin{array}{*{20}{c}} (0, -1, -1, 0)\\ (0, 0, 1, 0)\\ (1, 1, -1, 0) \end{array} \begin{array}{*{20}{c}} (1, -1, -1, 0)\\ (1, 0, 1, 0) \end{array} \begin{array}{*{20}{c}} (-1, 1, -1, -1)\\ (-1, 1, 0, 1) \end{array} \begin{array}{*{20}{c}} (-1, -1, -1, -1)\\ (-1, -1, 0, 1)\\ (-1, 0, 1, -1)\\ (0, 1, -1, -1)\\ (0, 1, 0, 1) \end{array} 12 13 14 15 16 17 \begin{array}{*{20}{c}} (0, -1, -1, -1)\\ (0, -1, 0, 1)\\ (0, 0, 1, -1)\\ (1, 1, -1, -1)\\ (1, 1, 0, 1) \end{array} \begin{array}{*{20}{c}} (1, -1, -1, -1)\\ (1, -1, 0, 1)\\ (1, 0, 1, -1) \end{array} (-1, 1, 0, 0) \begin{array}{*{20}{c}} (-1, -1, 0, 0)\\ (0, 1, 0, 0) \end{array} \begin{array}{*{20}{c}} (0, -1, 0, 0)\\ (1, 1, 0, 0) \end{array} (1, -1, 0, 0) 18 19 20 21 22 23 \begin{array}{*{20}{c}} (-1, 0, -1, 1)\\ (-1, 1, 0, -1)\\ (-1, 1, 1, 1) \end{array} \begin{array}{*{20}{c}} (-1, -1, 0, -1)\\ (-1, -1, 1, 1)\\ (0, 0, -1, 1)\\ (0, 1, 0, -1)\\ (0, 1, 1, 1) \end{array} \begin{array}{*{20}{c}} (0, -1, 0, -1)\\ (0, -1, 1, 1)\\ (1, 0, -1, 1)\\ (1, 1, 0, -1)\\ (1, 1, 1, 1) \end{array} \begin{array}{*{20}{c}} (1, -1, 0, -1)\\ (1, -1, 1, 1) \end{array} \begin{array}{*{20}{c}} (-1, 0, -1, 0)\\ (-1, 1, 1, 0) \end{array} \begin{array}{*{20}{c}} (-1, -1, 1, 0)\\ (0, 0, -1, 0)\\ (0, 1, 1, 0) \end{array} 24 25 26 27 28 29 \begin{array}{*{20}{c}} (0, -1, 1, 0)\\ (1, 0, -1, 0)\\ (1, 1, 1, 0) \end{array} (1, -1, 1, 0) \begin{array}{*{20}{c}} (-1, 0, -1, -1)\\ (-1, 0, 0, 1)\\ (-1, 1, 1, -1) \end{array} \begin{array}{*{20}{c}} (-1, -1, 1, -1)\\ (0, 0, -1, -1)\\ (0, 0, 0, 1)\\ (0, 1, 1, -1) \end{array} \begin{array}{*{20}{c}} (0, -1, 1, -1)\\ (1, 0, -1, -1)\\ (1, 0, 0, 1)\\ (1, 1, 1, -1) \end{array} (1, -1, 1, -1) 30 (-1, 0, 0, 0)
•  [1] M. Ajtai, The shortest vector problem in l2 is NP-hard for randomized reductions (extended abstract), Thirtieth Annual ACM Symposium on the Theory of Computing (STOC 1998), (1998), 10–19. [2] G. Alagic, J. Alperin-Sheriff, D. Apon, D. Cooper, Q. Dang, J. Kelsey, Y.-K. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson and D. Smith-Tone, Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process, Tech. Report NIST IR 8309, National Institute of Standards and Technology, July 2020. [3] L. Babai, On Lovász' lattice reduction and the nearest lattice point problem, Combinatorica, 6 (1986), 1-13.  doi: 10.1007/BF02579403. [4] J. C. Bajard and S. Duquesne, Montgomery-friendly primes and applications to cryptography, Journal of Cryptographic Engineering, 11 (2021), 399-415.  doi: 10.1007/s13389-021-00260-z. [5] J.-C. Bajard, L. Imbert and T. Plantard, Arithmetic operations in the polynomial modular number system, 17th IEEE Symposium on Computer Arithmetic (ARITH'05), IEEE, (2005), 206–213. doi: 10.1109/ARITH.2005.11. [6] ——, Modular number systems: Beyond the Mersenne family, Selected Areas in Cryptography, Springer, (2005), 159–169. [7] J.-C. Bajard, L. Imbert, P.-Y. Liardet and Y. Teglia, Leak resistant arithmetic, Cryptographic Hardware and Embedded Systems - CHES 2004 (Berlin, Heidelberg) (Marc Joye and Jean-Jacques Quisquater, eds.), Springer Berlin Heidelberg, (2004), 62–75. doi: 10.1007/978-3-540-28632-5_5. [8] P. Van Emde Boas, Another NP-Complete Problem and the Complexity of Computing Short Vectors in Lattices, Tech. Report 81-04, Mathematics Department, University of Amsterdam, 1981. [9] N. C. Bonciocat, On an irreducibility criterion of Perron for multivariate polynomials, Bull. Math. Soc. Sci. Math. Roumanie, 53 (2010), 213-217. [10] ——, Schönemann–Eisenstein–Dumas-type irreducibility conditions that use arbitrarily many prime numbers, Journal Communications in Algebra, 43 (2015). [11] D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Advances in Cryptology—CRYPTO 2001 (Santa Barbara, CA), Lecture Notes in Comput. Sci., Springer, Berlin, 2139 (2001), 213-229.  doi: 10.1007/3-540-44647-8_13. [12] J. W. Bos, C. Costello, H. Hisil and K. E. Lauter, Fast cryptography in genus 2, Advances in cryptology—EUROCRYPT 2013, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7881 (2013), 194-210.  doi: 10.1007/978-3-642-38348-9_12. [13] J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J. M. Schanck, P. Schwabe, G. Seiler and D. Stehle, Crystals–kyber: A CCA-secure module-lattice-based KEM, 3rd IEEE European Symposium on Security and Privacy, (2018), 353–367. doi: 10.1109/EuroSP.2018.00032. [14] C. Bouvier and L. Imbert, An alternative approach for SIDH arithmetic, Public-key cryptography—PKC 2021, Part I, Lecture Notes in Comput. Sci., Springer, Cham, 12710 (2021), 27-44.  doi: 10.1007/978-3-030-75245-3_2. [15] D. G. Cantor and H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Mathematics of Computation, 36 (1981), 587-592.  doi: 10.1090/S0025-5718-1981-0606517-5. [16] J. W. S. Cassels, An Introduction to the Geometry of Numbers, Classics in Mathematics, Springer-Verlag, Berlin, 1997. [17] A. Chaouch, L.-S. Didier, F. Y. Dosso, N. El Mrabet, B. Bouallegue and B. Ouni, Two hardware implementations for modular multiplication in the AMNS: Sequential and semi-parallel, J. Inf. Secur. Appl., 58 (2021), 102770.  doi: 10.1016/j.jisa.2021.102770. [18] T. Coladon, P. Elbaz-Vincent and C. Hugounenq, Mphell: A fast and robust library with unified and versatile arithmetics for elliptic curves cryptography, 2021 IEEE 28th Symposium on Computer Arithmetic (ARITH), (2021), 78–85. doi: 10.1109/ARITH51176.2021.00026. [19] J. H. Conway and N. J. A. Sloane, Sphere Packings, Lattices and Groups, Grundlehren der mathematischen Wissenschaften, 290. Springer-Verlag, New York, 1988. doi: 10.1007/978-1-4757-2016-7. [20] R. Crandall, Method and Apparatus for Public Key Exchange in a Cryptographic System, U.S. Patent number 5159632, 1992. [21] J.-P. D'Anvers, A. Karmakar, S. Sinha Roy and F. Vercauteren, Saber: Module-lwr based key exchange, CPA-secure encryption and CCA-secure KEM, Progress in cryptology—AFRICACRYPT 2018, Lecture Notes in Comput. Sci., Springer, Cham, 10831 (2018), 282-305.  doi: 10.1007/978-3-319-89339-6_16. [22] L.-S. Didier, F.-Y. Dosso, N. El Mrabet, J. Marrez and P. Véron, Randomization of arithmetic over polynomial modular number system, 26th IEEE International Symposium on Computer Arithmetic, IEEE Computer Society, 1 (2019), 199-206.  doi: 10.1109/ARITH.2019.00048. [23] L.-S. Didier, F.-Y. Dosso and P. Véron, Efficient modular operations using the adapted modular number system, Journal of Cryptographic Engineering, 10 (2020), 111-133.  doi: 10.1007/s13389-019-00221-7. [24] G. Dumas, Sur quelques cas d'irreductibilité des polynômes à coefficients rationnels, Journal de Mathématique Pure et Appliquée, 2 (1906). [25] N. El Mrabet and N. Gama, Efficient multiplication over extension fields, Arithmetic of Finite Fields, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7369 (2012), 136-151.  doi: 10.1007/978-3-642-31662-3_10. [26] N. El Mrabet and C. Nègre, Finite field multiplication combining AMNS and DFT approach for pairing cryptography, ACISP, Lecture Notes in Computer Science, Springer, 5594 (2009), 422-436. [27] C. Finch and L. Jones, On the irreducibility of $\{-1, 0, 1\}$-quadrinomials, INTEGERS: Electronic Journal of Combinatorial Number Theory, 6 (2006), A16, 4 pp. [28] S. D. Galbraith,  Mathematics of Public Key Cryptography, Cambridge University Press, Cambridge, 2012.  doi: 10.1017/CBO9781139012843. [29] V. Guruswami, D. Micciancio and O. Regev, The complexity of the covering radius problem on lattices and codes, IEEE Conference on Computational Complexity, (2004), 161–173. [30] M. Hamburg, Fast and compact elliptic-curve cryptography, IACR Cryptol. ePrint Arch., 2012 (2012), 309. [31] G. Hanrot, X. Pujol and D. Stehlé, Algorithms for the shortest and closest lattice vector problems, Coding and Cryptology, Lecture Notes in Comput. Sci., Springer, Heidelberg, 6639 (2011), 159-190.  doi: 10.1007/978-3-642-20901-7_10. [32] G. Hanrot and D. Stehle, Improved analysis of Kannan's shortest lattice vector algorithm, Advances in Cryptology—CRYPTO 2007, Lecture Notes in Comput. Sci., Springer, Berlin, 4622 (2007), 170-186.  doi: 10.1007/978-3-540-74143-5_10. [33] D. Harvey and J. van der Hoeven, Faster integer multiplication using short lattice vectors, Proceedings of the Thirteenth Algorithmic Number Theory Symposium, Open Book Ser., Math. Sci. Publ., Berkeley, CA, 2 2019,293–310. [34] J. Hoffstein, J. Pipher and J. H. Silverman, NTRU: A ring-based public key cryptosystem, Algorithmic Number Theory (ANTS 1998), LNCS, Springer, 1423 (1998), 267-288.  doi: 10.1007/BFb0054868. [35] D. Jao, R. Azarderakhsh, M. Campagna, C. Costello, L. De Feo, B. Hess, A. Jalali, B. Koziel, B. LaMacchia, P. Longa, M. Naehrig, G. Pereira, J. Renes, V. Soukharev and D. Urbanik, SIKE: Supersingular Isogeny Key Encapsulation, Submission to the NIST's Post-Quantum Cryptography Standardization Process, 2019. [36] N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48 (1987), 203-209.  doi: 10.1090/S0025-5718-1987-0866109-5. [37] A. Korkine and G. Zolotareff, Sur les formes quadratiques, Mathematische Annalen, 6 (1873), 366-389.  doi: 10.1007/BF01442795. [38] J. C. Lagarias, H. W. Lenstra and C.-P. Schnorr, Korkin-zolotarev bases and successive minima of a lattice and its reciprocal lattice, Combinatorica, 10 (1990), 333-348.  doi: 10.1007/BF02128669. [39] A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, 261 (1982), 513-534.  doi: 10.1007/BF01457454. [40] W. Ljunggren, On the irreducibility of certain trinomials and quadrinomials, Mathematica Scandinavica, 8 (1960), 65-70.  doi: 10.7146/math.scand.a-10593. [41] L. Lovász, An Algorithmic Theory of Numbers, Graphs and Convexity, CBMS-NSF Regional Conference Series in Applied Mathematics, 50, SIAM Publications, 1986. doi: 10.1137/1.9781611970203. [42] V. S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology—CRYPTO '85 (Santa Barbara, Calif., 1985), Lecture Notes in Comput. Sci., Springer, Berlin, 218 (1986), 417–426. doi: 10.1007/3-540-39799-X_31. [43] W. H. Mills, The factorization of certain quadrinomials, Mathematica Scandinavica, 57 (1985), 44-50.  doi: 10.7146/math.scand.a-12105. [44] H. Minkowski, Geometrie der Zahlen, B. G. Teubner, Leipzig, 1896. [45] P. L. Montgomery, Modular multiplication without trial division, Mathematics of Computation, 44 (1985), 519-521.  doi: 10.1090/S0025-5718-1985-0777282-X. [46] D. Moody, G. Alagic, D. Apon, D. Cooper, Q. Dang, J. Kelsey, Y.-K. Liu, C. Miller, R. Peralta, Ra. Perlner, A. Robinson, D. Smith-Tone and J. Alperin-Sheriff, Status Report on the Second Round of the Nist Post-Quantum Cryptography Standardization Process, 2020-07-22 2020. doi: 10.6028/NIST.IR.8309. [47] National Institute for Standards and Technology, Digital Signature Standard (DSS), Jun 2009. [48] C. Negre and T. Plantard, Efficient modular arithmetic in adapted modular number system using lagrange representation, ACISP 2008: Information Security and Privacy, 463–477. doi: 10.1007/978-3-540-70500-0_34. [49] C. Negre, Side Channel Counter-Measures Based on Randomized AMNS Modular Multiplication, Proceedings of the 18th International Conference on Security and Cryptography, SCITEPRESS - Science and Technology Publications, 2021. [50] T. Plantard, Arithmétique Modulaire Pour la Cryptographie, Theses, Université Montpellier II - Sciences et Techniques du Languedoc, 2005. [51] T. Plantard, W. Susilo and Z. Zhang, LLL for ideal lattices: Re-evaluation of the security of gentry–halevi's fhe scheme, Designs, Codes and Cryptography, 76 (2015), 325-344.  doi: 10.1007/s10623-014-9957-1. [52] T. Prest, P.-A. Fouque, J. Hoffstein, P. Kirchner, V. Lyubashevsky, T. Pornin, T. Ricosset, G. Seiler, W. Whyte and Z. Zhang, Falcon: Fast-Fourier Lattice-Based Compact Signatures Over NTRU, Submission to the NIST's post-quantum cryptography standardization process, 2017. [53] R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, 21 (1978), 120–126. doi: 10.1145/359340.359342. [54] C.-P. Schnorr, Block reduced lattice bases and successive minima, Combin. Probab. Comput., 3 (1994), 507-522.  doi: 10.1017/S0963548300001371. [55] J. A. Solinas, Generalized Mersenne Numbers, Research Report CORR-99-39, Center for Applied Cryptographic Research, University of Waterloo, Waterloo, ON, Canada, 1999. [56] D. R. Stinson and M. Paterson, Cryptography Theory and Practice, Fourth edition ed., Chapman and Hall/CRC, 2018.

Tables(1)