Efficient Polynomial Multiplication via Modified Discrete Galois Transform and Negacyclic Convolution
Date:
In this talk, I presented a generalization of the DGT transform over non-Gaussian primes and applied it to accelerate polynomial multiplication in power-of-two cyclotomic rings for lattice-based cryptography.
Abstract
Univariate polynomial multiplication in $\mathbb{Z}_q[X]/\langle X^n + 1\rangle$ has brought great attention recently. Thanks to new construction of cryptographic solutions based on lattice and ring-learning with errors problems. A number of software libraries, such as NTL and FLINT, implements fast multiplication algorithms to perform this operation efficiently. The basic notion behind fast polynomial multiplication algorithms is based on the relation between multiplication and convolution which can be computed efficiently via fast Fourier transform (FFT) algorithms. Hence, efficient FFT is crucial to improve fast multiplication performance. An interesting algorithm that cuts FFT length in half is based on the discrete Gaussian transform (DGT). DGT was first proposed to work only with primes that support Gaussian integers arithmetic known as Gaussian primes. We modify this algorithm to work with not necessarily Gaussian primes and show how its parameters can be found efficiently. We introduce an array of optimization techniques to enhance the performance on commodity 64-bit machines. The proposed algorithm is implemented in C++ and compared with mature and highly optimized number theory libraries, namely, NTL and FLINT. The experiments show that our algorithm performs faster than both libraries and achieves speedup factors ranging from 1.01x–1.2x and 1.18x–1.55x compared to NTL and FLINT, respectively.