Next Article in Journal
Optimal Implementation of Tapped Delay Line Time-to-Digital Converters in 20 nm Xilinx UltraScale FPGAs
Next Article in Special Issue
Enhancing Automotive Intrusion Detection Systems with Capability Hardware Enhanced RISC Instructions-Based Memory Protection
Previous Article in Journal
An Attention-Guided Spatio-Temporal Convolutional Network (AG-STCN) for Spatio-Temporal Characterization Analysis
Previous Article in Special Issue
An Applied Analysis of Securing 5G/6G Core Networks with Post-Quantum Key Encapsulation Methods
 
 
Article
Peer-Review Record

Lazy Modular Reduction for NTT

Electronics 2024, 13(24), 4887; https://doi.org/10.3390/electronics13244887
by Geumtae Kim 1, Eunyoung Seo 2,*, Yongwoo Lee 3,*, Young-Sik Kim 2 and Jong-Seon No 1
Reviewer 1: Anonymous
Reviewer 2:
Reviewer 3: Anonymous
Reviewer 4: Anonymous
Reviewer 5: Anonymous
Electronics 2024, 13(24), 4887; https://doi.org/10.3390/electronics13244887
Submission received: 25 October 2024 / Revised: 3 December 2024 / Accepted: 9 December 2024 / Published: 11 December 2024

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The article presents an innovative method, LazyNTT, designed to optimize the Number Theoretic Transform (NTT), a critical component in lattice-based cryptography, particularly for post-quantum cryptographic schemes. The proposed LazyNTT aims to reduce computational complexity by substituting certain Montgomery multiplications with standard multiplications without modular reduction at intermediate stages. This method achieves significant cycle count reductions, as evidenced by experimental results showing performance improvements of up to 28% for the SSM-LazyNTT variant and approximately 9% for SM-LazyNTT. While this work contributes to the efficient implementation of NTT, particularly in reducing the computational load of modular reduction, several aspects could benefit from further exploration and comparative analysis.

The authors provide a well-organized, thorough presentation of LazyNTT and its variants, SM-LazyNTT and SSM-LazyNTT. The paper meticulously describes the underlying principles of modular arithmetic and the NTT, effectively setting the stage for the proposed optimizations. The experimental results demonstrate clear improvements over traditional NTT implementations, and the article presents these results comprehensively. By reducing the frequency of modular reductions, the authors address a significant computational bottleneck in NTT-based cryptographic algorithms, enhancing performance in a critical area of post-quantum cryptography.

Weaknesses and Areas for Improvement:

1. Lack of Comparative Analysis: The paper’s primary limitation is its lack of comparison with other contemporary NTT optimization techniques and cryptographic libraries, such as SEAL, NFLlib, or Palisade, which are commonly employed in cryptographic applications. Given the increasing diversity of cryptographic libraries and the variety of optimization methods available for NTT, it would have been beneficial if the authors had compared LazyNTT’s performance with these established alternatives. Such comparisons would provide readers with a clearer understanding of LazyNTT’s relative efficiency in various environments.

2. Memory Usage Considerations: While the paper is focused on optimizing computational complexity, the memory trade-offs introduced by LazyNTT are not fully addressed. Replacing Montgomery multiplications with standard multiplications at intermediate stages increases the size of intermediate values, which may result in higher memory usage. In practical implementations, particularly on constrained devices, memory requirements are as critical as computational efficiency. A quantitative analysis of memory usage would help clarify the feasibility of deploying LazyNTT in memory-limited environments.

3. Broader Implementation Context: The authors measured cycle counts using a single CPU configuration, which limits the generalizability of the results. Exploring LazyNTT’s performance on alternative architectures, such as GPUs or FPGAs, could provide valuable insights into its potential for broader application. Many cryptographic libraries are optimized for specific hardware, and LazyNTT’s performance might vary substantially across different platforms.

4. Lack of Implementation Complexity Analysis: The paper does not discuss the complexity of implementing LazyNTT compared to traditional NTT. The introduction of alternating Montgomery and standard multiplications complicates the algorithm, potentially impacting its maintainability and ease of integration into existing libraries. Addressing these factors would provide developers and researchers with a more practical perspective on the cost and benefits of adopting LazyNTT in their implementations.

5. Limited Context on Practical Cryptographic Use Cases: Although the authors highlight the importance of NTT in lattice-based cryptography, the paper would benefit from a more extensive discussion of specific cryptographic protocols or use cases where LazyNTT might be particularly advantageous. Highlighting scenarios, such as homomorphic encryption or digital signatures, where the reduced cycle counts would yield tangible benefits, would strengthen the paper’s relevance to the cryptographic community.

 

Author Response

Thank you for dedicating your valuable time and effort to providing insightful feedback on this manuscript. Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The advent of quantum computers breaks classical public-key cryptography systems such as RSA using Shor's algorithm. Consequently, while waiting for the first quantum computers to be commercialized, the development of post-quantum cryptography (PQC) has become crucial. The National Institute of Standards and Technology (NIST) has started a standardization process for PQC, with many candidates based on lattice cryptography. Lattice cryptography relies on modular arithmetic, especially modular polynomial multiplication, which is a significant computational bottleneck. The number-theoretic transform (NTT) is a fundamental operation in cryptography, especially for lattice-based cryptographic schemes. This paper introduces LazyNTT, a new method that reduces the number of Montgomery multiplications required in NTT computation by replacing some of them with standard multiplications without modular reduction. This interesting approach improves the performance of NTT computation and modular polynomial multiplication in lattice-based cryptographic schemes

The work is very interesting, well written, correct and in good English. For this reason I strongly support its publication

Author Response

We sincerely appreciate your thoughtful review and encouraging feedback on our manuscript. Your positive evaluation motivates us greatly, and we are grateful for your valuable time and insights. Thank you for your support.

Reviewer 3 Report

Comments and Suggestions for Authors

The manuscript proposes the use of LazyNTT to reduce the number of Montgomery multiplications, which has significant and promising results. However:

  • The related section requires more details about the difference between your work and cited researches. A comparative table will help in depicting the difference and how your proposed method outperforms similar researches.
  • It is essential to add, before the conclusion section, a security analysis about the resistance of the proposed method against multiple types of cryptographic attacks.

Author Response

Thank you for dedicating your valuable time and effort to providing insightful feedback on this manuscript. Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 4 Report

Comments and Suggestions for Authors

This paper presents "Lazy Modular Reduction for NTT," a novel approach aimed at improving the efficiency of the Number Theoretic Transform (NTT), which is central to lattice-based cryptography. The proposed LazyNTT reduces the reliance on Montgomery multiplications, offering up to 28% performance improvements in certain configurations. The manuscript is well-structured, grounded in the relevant literature, and provides clear experimental validation. While the work is technically sound, minor issues in presentation and additional clarification on implementation trade-offs need addressing. I recommend only minor revisions before publication.

Comments for author File: Comments.pdf

Author Response

Thank you for dedicating your valuable time and effort to providing insightful feedback on this manuscript. Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 5 Report

Comments and Suggestions for Authors

Below are my comments:

1. The description of LazyNTT lacks sufficient mathematical rigor. For example, the precise mechanism of replacing Montgomery multiplications with standard multiplications needs to be formulated with detailed mathematical equations.

2. The manuscript does not explain how intermediate stages of NTT computation are handled when modular reductions are delayed. For example, how does this affect numerical stability, overflow risks, or precision in practical implementations?

3. While the authors mentioned that LazyNTT can be generalized to replace more Montgomery multiplications, no detailed analysis or guidelines are provided on how this generalization would be achieved or how it impacts performance.

4. The paper does not provide sufficient details about the experimental setup, such as hardware specifications, software environment, and the exact cryptographic schemes used for testing. This information is critical for reproducibility.

5. While improvements are demonstrated over the original NTT, the manuscript does not include comparisons with other state-of-the-art optimizations for NTT. 

6. There is no discussion on how the proposed method scales with varying input sizes (e.g., larger polynomials or different cryptographic parameters). 

7. Since lattice-based cryptography often deals with noise inherent in its structure, it would be beneficial to analyze the impact of LazyNTT on noise levels and numerical accuracy in the computations.

Author Response

Thank you for dedicating your valuable time and effort to providing insightful feedback on this manuscript. Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The authors have thoroughly addressed all the concerns raised during the initial review process and have made substantial improvements to the manuscript.

The manuscript is well-structured, technically sound, and makes a valuable contribution to the field of lattice-based cryptography. The authors have maintained a good balance between theoretical foundations and practical implementations.

Recommendation: I recommend accepting this manuscript for publication in its current form. 

Reviewer 3 Report

Comments and Suggestions for Authors

The authors responded to all my comments.

Reviewer 5 Report

Comments and Suggestions for Authors

The revision looks good to me, I don't have further concerns.

Back to TopTop