Abstract
In this paper, we present an instruction set coprocessor architecture forlattice-based cryptography and implement the module lattice-based post-quantum keyencapsulation mechanism (KEM) Saber as a case study. To achieve fast computationtime, the architecture is fully implemented in hardware, including CCA transforma-tions. Since polynomial multiplication plays a performance-critical role in the moduleand ideal lattice-based public-key cryptography, a parallel polynomial multiplierarchitecture is proposed that overcomes memory access bottlenecks and results in ahighly parallel yet simple and easy-to-scale design. Such multipliers can compute afull multiplication in256cycles, but are designed to target any area/performancetrade-offs. Besides optimizing polynomial multiplication, we make important designdecisions and perform architectural optimizations to reduce the overall cycle countsas well as improve resource utilization.For the module dimension 3 (security comparable to AES-192), the coprocessorcomputes CCA key generation, encapsulation, and decapsulation in only 5,453, 6,618and 8,034 cycles respectively, making it the fastest hardware implementation of Saberto our knowledge. On a Xilinx UltraScale+ XCZU9EG-2FFVB1156 FPGA, theentire instruction set coprocessor architecture runs at 250 MHz clock frequency andconsumes 23,686 LUTs, 9,805 FFs, and 2 BRAM tiles (including 5,113 LUTs and3,068 FFs for the Keccak core).
Original language | English |
---|---|
Title of host publication | IACR Transactions on Cryptographic Hardware and Embedded Systems |
Editors | Amir Moradi, Mehdi Tibouchi |
Pages | 443–466 |
Number of pages | 24 |
Volume | 2020 |
Edition | 4 |
DOIs | |
Publication status | Published - 26 Aug 2020 |
Event | Conference on Cryptographic Hardware and Embedded Systems - Duration: 14 Sept 2020 → 18 Sept 2020 https://ches.iacr.org/2020/ |
Conference
Conference | Conference on Cryptographic Hardware and Embedded Systems |
---|---|
Period | 14/09/20 → 18/09/20 |
Internet address |
Keywords
- Lattice-based Cryptography
- Post-quantum Cryptography
- Hardware Implementation
- Saber KEM
- High-speed Instruction-set Architecture