Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Benchmarking and Analysing NIST PQC Lattice-Based Signature Scheme Standards on the ARM Cortex M7

November 30, 2022


James Howe - SandboxAQ


This paper presents a thorough analysis of the two lattice-based digital signature schemes, Dilithium and Falcon, which have been chosen by NIST for standardization, on the ARM Cortex M7 using the STM32F767ZI NUCLEO-144 development board. This research is motivated by the Cortex M7 device being the only processor in the Cortex-M family to offer a double precision (i.e., 64-bit) floating-point unit, making Falcon’s implementations, requiring 53 bits of double precision, able tofully run native floating-point operations without any emulation. When benchmarking natively, Falcon shows significant speed-ups between 6.2-8.3x in clock cycles, 6.2-11.8x in runtime, however Dilithium does not show much improvement other than those gained by the slightly faster processor. We then present profiling results of the two schemes on the Cortex M7 to show their respective bottlenecks and operations where the improvements are and can be made, which show some operations in Falcon’sprocedures observe speed-ups by an order of magnitude. Finally, since Falcon’s use of floating points is so rare in cryptography, we test the native FPU instructions on 4 different STM32 development boards with Cortex M7 and also a Raspberry Pi 3 which is used in some of Falcon’s benchmarking results. We find constant-time irregularities in all of these devices, which should cause concern when using Falcon is certain use cases and on certain devices.

Event Details



Related Topics

Security and Privacy: post-quantum cryptography

Created November 23, 2022, Updated December 06, 2022