Fast Falcon Signature Generation and Verification Using ARMv8 NEON Instructions

Abstract

We present our speed records for Falcon signature generation and verification on ARMv8-A architecture. Our implementations are benchmarked on Apple M1 ‘Firestorm’, Raspberry Pi 4 Cortex-A72, and Jetson AGX Xavier. Our optimized signature generation is 2 × slower, but signature verification is 3–3.9 × faster than the state-of-the-art CRYSTALS-Dilithium implementation on the same platforms. Faster signature verification may be particularly useful for the client side on constrained devices. Our Falcon implementation outperforms the previous work targeting Jetson AGX Xavier by the factors 1.48 × for signing in falcon512 and falcon1024, 1.52 × for verifying in falcon512, and 1.70 × for verifying in falcon1024. We achieve improvement in Falcon signature generation by supporting a larger subset of possible parameter values for FFT-related functions and applying our compressed twiddle-factor table to reduce memory usage. We also demonstrate that the recently proposed signature scheme Hawk, sharing optimized functionality with Falcon, has 3.3 × faster signature generation and 1.6–1.9 × slower signature verification when implemented on the same ARMv8 processors as Falcon.