Efficient and Secure Implementation of NTRUEncrypt Using Signed Sliding Window Method

NTRUEncrypt is a public key cryptosystem based on hard problems over lattices. The dominant operation in NTRUEncrypt is convolution, i.e., multiplication over a quotient ring of polynomials. Based on the fact that a convolution has a highly regular structure, Lee et al. proposed the sliding window method for fast convolution of binary polynomials in 2013, which was then extended to ternary polynomials for ideal lattices by Akleylek, Alkim, and Tok in 2016. These sliding window methods reduce the cost of a convolution operation using look-up tables that store partial computation results related to repeated coefficient patterns. In this paper, we propose a signed sliding window method with side-channel resistance for NTRUEncrypt. The proposed method considers both positive and negative nonzero coefficients when constructing look-up tables. The new method not only accelerates convolution but also enables the application of power analysis countermeasures effectively. According to the experimental results, the constant-time implementation of the proposed method with timing and power analysis countermeasures accelerates the previously developed secure convolution method by up to 20%.