High-speed Instruction-set Coprocessor for Lattice-based Key Encapsulation Mechanism: Saber in Hardware

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

Abstract

In this paper, we present an instruction set coprocessor architecture forlattice-based cryptography and implement the module lattice-based post-quantum keyencapsulation mechanism (KEM) Saber as a case study. To achieve fast computationtime, the architecture is fully implemented in hardware, including CCA transforma-tions. Since polynomial multiplication plays a performance-critical role in the moduleand ideal lattice-based public-key cryptography, a parallel polynomial multiplierarchitecture is proposed that overcomes memory access bottlenecks and results in ahighly parallel yet simple and easy-to-scale design. Such multipliers can compute afull multiplication in256cycles, but are designed to target any area/performancetrade-offs. Besides optimizing polynomial multiplication, we make important designdecisions and perform architectural optimizations to reduce the overall cycle countsas well as improve resource utilization.For the module dimension 3 (security comparable to AES-192), the coprocessorcomputes CCA key generation, encapsulation, and decapsulation in only 5,453, 6,618and 8,034 cycles respectively, making it the fastest hardware implementation of Saberto our knowledge. On a Xilinx UltraScale+ XCZU9EG-2FFVB1156 FPGA, theentire instruction set coprocessor architecture runs at 250 MHz clock frequency andconsumes 23,686 LUTs, 9,805 FFs, and 2 BRAM tiles (including 5,113 LUTs and3,068 FFs for the Keccak core).

Details

Original languageEnglish
Title of host publicationIACR Transactions on Cryptographic Hardware and Embedded Systems
EditorsAmir Moradi, Mehdi Tibouchi
Publication statusPublished - 26 Aug 2020
EventConference on Cryptographic Hardware and Embedded Systems -
Duration: 14 Sep 202018 Sep 2020
https://ches.iacr.org/2020/

Conference

ConferenceConference on Cryptographic Hardware and Embedded Systems
Period14/09/2018/09/20
Internet address

Keywords

  • Lattice-based Cryptography, Post-quantum Cryptography, Hardware Implementation, Saber KEM, High-speed Instruction-set Architecture