Post-quantum cryptography isn’t just math—it’s a hardware battleground. SIMD vectorisation draws a sharp line: some schemes scale, others stall. Here’s how, according to @PrivacyScaling, CPU architecture shapes PQC performance. 🧵

@PrivacyScaling Post-quantum cryptography (PQC) demands efficiency and resilience. Lattice-based schemes dominate this space due to their structural compatibility with modern CPU optimisations, particularly SIMD vectorisation.

@PrivacyScaling Vectorisation—SIMD (Single Instruction, Multiple Data)—enables CPUs to apply a single operation to multiple data points simultaneously. This is central to speeding up polynomial operations in lattice-based cryptography.

@PrivacyScaling Lattice schemes express cryptographic operations as matrix-vector multiplications over polynomial rings like ℤ[x]/(xⁿ + 1). These can be transformed using the Number Theoretic Transform (NTT), reducing complexity from O(n²) to O(n log n).

@PrivacyScaling Polynomial addition, multiplication, and NTT can all be vectorized. For instance, 64 coefficients can be processed in two AVX2 instructions using 256-bit registers with 16-bit lanes.

@PrivacyScaling Isogeny-based schemes, by contrast, resist vectorization. Their core primitive—computing isogenies between elliptic curves—doesn’t decompose into SIMD-parallelizable structures.

@PrivacyScaling Optimisations in isogeny-based cryptography draw inspiration from traditional elliptic curve cryptography, including Montgomery reduction and inversion, Edwards curves, and field arithmetic techniques such as radix-2²⁹ representation.

@PrivacyScaling However, SIMD gains are limited in elliptic curve operations—usually up to 9 lanes vs. 64+ in lattice operations. Thus, lattice cryptography yields greater parallelism and throughput.

@PrivacyScaling Performance favours lattices. Yet isogeny-based schemes still offer compact key/signature sizes. Schemes like SQIsign avoid known attacks (e.g., Castryck-Decru) by not revealing point images.

@PrivacyScaling Verdict: lattice-based cryptography is better suited for CPU-level optimisations today. But tradeoffs—performance vs. compactness—leave room for multiple PQC paradigms, adoption paths.

@PrivacyScaling As standardisation advances, hardware-aware cryptographic design will play a crucial role. Continued benchmarking and implementation analysis will determine real-world