Kyber on ARM64: Compact Implementations of Kyber on 64-Bit ARM Cortex-A Processors

Public-key cryptography based on the lattice problem is efficient and believed to be secure in a post-quantum era. In this paper, we introduce carefully-optimized implementations of Kyber encryption schemes for 64-bit ARM Cortex-A processors. Our research contribution includes optimizations for Number Theoretic Transform (NTT), noise sampling, and AES accelerator based symmetric function implementations. The proposed Kyber512 implementation on ARM64 improved previous works by 1.79 $$\times $$ , 1.96 $$\times $$ , and 2.44 $$\times $$ for key generation, encapsulation, and decapsulation, respectively. Moreover, by using AES accelerator in the proposed Kyber512-90s implementation, it is improved by 8.57 $$\times $$ , 6.94 $$\times $$ , and 8.26 $$\times $$ for key generation, encapsulation, and decapsulation, respectively.