A High efficiency AVX2-optimized engineering of the Post-quantum Digital Signature CROSS

Post-quantum cryptosystems are currently attracting a significant amount of research efforts due to the continuous improvements in quantum computing technologies, and the inherent high inertia characterizing the replacement of cryptographic standards. This situation has pushed large standardization bodies, such as the USA National Institute of Standards and Technology (NIST), to open standardization competitions to foster proposals and public scrutiny of new quantum-resistant cryptosystems and digital signatures. Whilst NIST has chosen, after four selection rounds (November 2017 - June -2023), three digital signature algorithms, in July 2023 it started a new selection process as the chosen candidates either rely exclusively on lattice-based computationally hard problems, or have unsatisfactory performance figures. In this work, we tackle the performance engineering of the Codes and Restricted Objects Signature Scheme (CROSS), which has been admitted to the second round of selection by NIST in October 2024. We propose a set of techniques to optimize software realizations of CROSS, targeting the AVX2 ISA extension by Intel, as requested by NIST; exploiting fully our choices on the signature scheme parameters, as part of the design team. We note that these techniques are general enough to be ported to other vector ISA extensions (e.g., ARM Neon). We provide a complete performance validation of our realization both with dedicated microbenchmarks as well as full end-to-end TLS benchmarks with realistic network delays. Our results show that CROSS is competitive with each of the already standardized post-quantum signature schemes as well as with the other schemes still under evaluation in the second selection round.