Fast Quantum-Safe Cryptography on IBM Z

Abstract

Performance of software implementations on today’s available hardware architectures plays a crucial role in the adoption of quantum-safe cryptography. An important target for quantum-safety are IBM Z® systems, which run and secure a majority of all worldwide transactions. With its current z15 architecture, the platform o˙ers a range of ISA extensions suitable for optimizing quantum-safe algorithms. In this work, we present optimizations of two promising candidates in the third round of the NIST PQC standardization process: SIKE and Dilithium. Our SIKE implementation covers NIST security levels 1-5. It uses vectorization techniques for its Fp and Fp2 arithmetic and achieves a signifcant speedup compared to generic implementations, running in 3.4 ms (encaps + decaps) for NIST level 1. Our Dilithium implementation benefts from vector optimizations applied to NTT and to sampling, and from SHA3 instructions on z15, running in 42.8 µs (sign) and 14.7 µs (verify) for NIST level 2. We present insights on the z15 ISA, on the implementations, evaluation results and provide an outlook of further optimization potential.