Fast Quantum-Safe Cryptography on IBM Z (Q32c)
Performance of software implementations on today’s available hardware architectures plays a crucial role in the adoption of quantum-safe cryptography. An important target for quantum-safety are IBM Z(R) systems, which run and secure a majority of all worldwide transactions. With its current z15 architecture, the platform offers a range of ISA extensions suitable for optimizing quantum-safe algorithms. In this talk, we present optimizations of two promising candidates in the third round of the NIST PQC standardization process: SIKE and Dilithium. Our SIKE implementation covers NIST security levels 1-5. It uses vectorization techniques for its Fp and Fp2 arithmetic and achieves a significant speedup, running in 3.4 ms (encaps + decaps) for NIST level 1. Our Dilithium implementation benefits from vector optimizations applied to NTT and sampling, and from SHA3 instructions on z15, running in 42.8 μs (sign) and 14.7 μs (verify) for NIST level 2. We present insights on the z15 ISA, on the implementations, evaluation results and provide an outlook of further optimization potential.