Chuliang Guo,Li Zhang,Xian Zhou,Grace Li Zhang,Bing Li,Weikang Qian,Xunzhao Yin,Cheng Zhuo

DOI: https://doi.org/10.1145/3446213

IF: 2.013

2021-01-01

ACM Journal on Emerging Technologies in Computing Systems

Abstract:Multiplications have been commonly conducted in quantized CNNs, filters, and reconfigurable cores, and so on, which are widely deployed in mobile and embedded applications. Most multipliers are designed to perform multiplications with symmetric bit-widths, i.e., n - by n -bit multiplication. Such features would cause extra area overhead and performance loss when m - by n -bit multiplications ( m > n ) are deployed in the same hardware design, resulting in inefficient multiplication operations. It is highly desired and challenging to propose a reconfigurable multiplier design to accommodate operands with both symmetric and asymmetric bit-widths. In this work, we propose a reconfigurable approximate multiplier to support multiplications at various precisions, i.e., bit-widths. Unlike prior works of approximate adders assuming a uniform weight distribution with bit-wise independence, scenarios like a quantized CNN may have a centralized weight distribution and hence follow a Gaussian-like distribution with correlated adjacent bits. Thus, a new block-based approximate adder is also proposed as part of the multiplier to ensure energy-efficient operation with an awareness of the bit-wise correlation. Our experimental results show that the proposed approximate adder significantly reduces the error rate by 76% to 98% over a state-of-the-art approximate adder for Gaussian-like distribution scenarios. Evaluation results show that the proposed multiplier is 19% faster and 22% more power saving than a Xilinx multiplier IP at the same bit precision and achieves a 23.94-dB peak signal-to-noise ratio, which is comparable to the accurate one of 24.10 dB when deployed in a Gaussian filter for image processing tasks.

Ying Wu,Chen-Yi Wen,Xun-Zhao Yin,Cheng Zhuo

DOI: https://doi.org/10.1007/s11390-023-2572-8

2023-01-01

Abstract:The development of IoT (Internet of Things) calls for circuit designs with energy and area efficiency for edge devices. Approximate computing which trades unnecessary computation precision for hardware cost savings is a promising direction for error-tolerant applications. Multipliers, as frequently invoked basic modules which consume non-trivial hardware costs, have been introduced approximation to achieve distinct energy and area savings for data-intensive applications. In this paper, we propose a fixed-point approximate multiplier that employs a linear mapping technique, which enables the configurability of approximation levels and the unbiasedness of computation errors. We then introduce a dynamic truncation method into the proposed multiplier design to cover a wider and more fine-grained configuration range of approximation for more flexible hardware cost savings. In addition, a novel normalization module is proposed for the required shifting operations, which balances the occupied area and the critical path delay compared with normal shifters. The introduced errors of our proposed design are analyzed and expressed by formulas which are validated by experimental results. Experimental evaluations show that compared with accurate multipliers, our proposed approximate multiplier design provides maximum area and power savings up to 49.70% and 66.39% respectively with acceptable computation errors.

Shaik Ahmadunnisa,Sudha Ellison Mathe

DOI: https://doi.org/10.1109/access.2024.3426990

IF: 3.9

2024-07-19

IEEE Access

Abstract:The advancement in quantum computing has led to a significant progress in the development of public-key cryptosystems, referred as Post Quantum Cryptography (PQC) which has robust security to withstand both classical and quantum attacks. Lattice-based cryptography, one of the most promising PQC candidate offers low complexity and has strong security proof relying on the hardness of Learning-with-errors (LWE) problem. A variant of LWE, Ring-learning-with-error (RLWE) performs arithmetic operations over a polynomial ring and has more efficient implementations compared to LWE. Recent works propose Binary-ring-learning-with-error (BRLWE), a new variant of RLWE which has less key size and more efficient implementations compared to both LWE and RLWE-based schemes. In this paper, an algorithm is developed for BRLWE-based scheme based on decomposing the arithmetic operation into desired number of segments. The arithmetic operation includes polynomial multiplication and addition over the ring where H and M are two integer polynomials and L is a binary polynomial. We illustrate two efficient hardware architectures Dual-LFSR (DL) and Quad-LFSR (QL) to enable parallel execution of individual segments employing LFSR structures to have a significant reduction in latency compared to the existing works. Despite of having larger area, the reduction in latency leads to an improvement in other performance metrics such as delay, Area-Delay Product (ADP), Power-Delay Product (PDP), throughput and efficiency making the proposed structures well suitable for PQC schemes. Experimental results show that the proposed architectures when compared with the recently reported work has 23% and 25% ADP improvement with DL and QL structures respectively when n = 256.

computer science, information systems,telecommunications,engineering, electrical & electronic

Uyangaa Khuchit,Liji Wu,Xiangmin Zhang,Yanzhao Yin,Altantsooj Batsukh,Bayarpurev Mongolyn,Munkhbaatar Chinbat

DOI: https://doi.org/10.1109/asid50160.2020.9271725

2020-01-01

Abstract:An ideal lattice is defined over a ring learning with errors (Ring-LWE) problem. Polynomial multiplication over the ring is the most computational and time-consuming block in lattice-based cryptography. This paper presents the first hardware design of the polynomial multiplication for LAC, one of the Round-2 candidates of the NIST PQC Standardization Process, which has byte-level modulus p=251. The proposed architecture supports polynomial multiplications for different degree n (n=512/1024/2048). For designing the scheme, we used the Vivado HLS compiler, a high-level synthesis based hardware design methodology, which is able to optimize software algorithms into actual hardware products. The design of the scheme takes 274/280/291 FFs and 204/217/208 LUTs on the Xilinx Artix-7 family FPGA, requested by NIST PQC competition for hardware implementation. Multiplication core uses only 1/1/2 pieces of 18Kb BRAMs, 1/1/1 DSPs, and 90/94/95 slices on the board. Our timing result achieved in an alternative degree n with 5.052/4.3985/5.133ns.

Shaik Ahmadunnisa,Sudha Ellison Mathe

DOI: https://doi.org/10.1016/j.micpro.2024.105044

IF: 3.503

2024-03-28

Microprocessors and Microsystems

Abstract:In lattice-based cryptography, Ring Learning with Errors (RLWE) is a computationally hard cryptographic problem, comprising three basic mechanisms i.e., key generation, encryption, and decryption. Binary Ring Learning with Error (BRLWE), a new variant of RLWE has been proposed recently to reduce the key size and computational complexity compared to previous RLWE-based schemes. Based on this BRLWE scheme, efficient hardware architectures have been obtained in recent works for lightweight applications. The key operation involved in this scheme is AB+C , where A and C are integer polynomials and B is a binary polynomial. This paper proposes an efficient hardware architecture for BRLWE-based scheme targeted for lightweight applications. The architecture computes the arithmetic operation AB+C , which includes polynomial multiplication and addition over the polynomial ring Zq/(xn+1) . The proposed architecture is applied in two conditions, fixed and variable values of q . Experimental results show the architecture proposed has 50% less Area-Delay Product (ADP) and 20% less Power-Delay Product (PDP) compared to the recently reported work for n=256 .

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Archisman Ghosh,Jose Maria Bermudo Mera,Angshuman Karmakar,Debayan Das,Santosh Ghosh,Ingrid Verbauwhede,Shreyas Sen

2023-05-18

Abstract:The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard & Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice based cryptography. Because public key cryptography is mostly used to establish common secret keys, focus is on compact area, power and energy budget and to a lesser extent on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT) based multiplications, in this paper we highly optimize a Toom-Cook based multiplier. We demonstrate that a memory-efficient striding Toom-Cook with lazy interpolation, results in a highly compact, low power implementation, which on top enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating and shift-add multiplier has helped to achieve 38% less power than state-of-the art PQC core, 4x less memory, 36.8% reduction in multiplier energy and 118x reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes 0.158mm2 active area which is lowest reported till date despite process disadvantages of the state-of-the-art designs.

Cryptography and Security

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2015.399

2015-01-01

Abstract:Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial multiplication over rings is the most critical and computationally intensive operation of these cryptosystems. In this paper, we exploit the number theoretic transform (NTT) to build a family of scalable polynomial multiplier architectures, which provide designers with a trade-off choice of speed vs. area. Our multiplier architectures reduce the required clock cycles from 8n+1.5n lg n) to (2n+1.5n lg n)/B, where n is the dimension of the polynomials and B is number of butterfly operators. The experimental results on a Spartan-6 FPGA show that our proposed polynomial multiplier (B = 2) achieves a speedup of 2.5 times on average and consumes less slices and block RAMs when compared with the state of art of compact design. On a Stratix FPGA, our polynomial multiplier (B = 4) is able to achieve a speedup of 1.2 times on average and save around 90% Memory ALUTs, 75% block memory bits, and 63% DSPs when compared with the state of art of high speed design. On a Spartan-6 FPGA, our polynomial multiplier (B = 8) is capable to calculate the product of two polynomials of degree 256/512/1024/2048 in 2.88/5.71/11.46/24.89 µs.

Weihang Tan,Antian Wang,Yingjie Lao,Xinmiao Zhang,Keshab K. Parhi

DOI: https://doi.org/10.1109/TC.2023.3251847

2023-02-24

Abstract:This paper presents a low-latency hardware accelerator for modular polynomial multiplication for lattice-based post-quantum cryptography and homomorphic encryption applications. The proposed novel modular polynomial multiplier exploits the fast finite impulse response (FIR) filter architecture to reduce the computational complexity of the schoolbook modular polynomial multiplication. We also extend this structure to fast $M$-parallel architectures while achieving low-latency, high-speed, and full hardware utilization. We comprehensively evaluate the performance of the proposed architectures under various polynomial settings as well as in the Saber scheme for post-quantum cryptography as a case study. The experimental results show that our proposed modular polynomial multiplier reduces the computation time and area-time product, respectively, compared to the state-of-the-art designs.

Cryptography and Security,Hardware Architecture

Jose L. Imana,Pengzhou He,Tianyou Bao,Yazheng Tu,Jiafeng Xie

DOI: https://doi.org/10.1109/tcsi.2022.3169471

2022-07-29

Abstract:Ring learning-with-errors (RLWE)-based encryption scheme is a lattice-based cryptographic algorithm that constitutes one of the most promising candidates for Post-Quantum Cryptography (PQC) standardization due to its efficient implementation and low computational complexity. Binary Ring-LWE (BRLWE) is a new optimized variant of RLWE, which achieves smaller computational complexity and higher efficient hardware implementations. In this paper, two efficient architectures based on Linear-Feedback Shift Register (LFSR) for the arithmetic used in Inverted Binary Ring-LWE (InvBRLWE)-based encryption scheme are presented, namely the operation of over the polynomial ring . The first architecture optimizes the resource usage for major computation and has a novel input processing setup to speed up the overall processing latency with minimized input loading cycles. The second architecture deploys an innovative serial-in serial-out processing format to reduce the involved area usage further yet maintains a regular input loading time-complexity. Experimental results show that the architectures presented here improve the complexities obtained by competing schemes found in the literature, e.g., involving 71.23% less area-delay product than recent designs. Both architectures are highly efficient in terms of area-time complexities and can be extended for deploying in different lightweight application environments.

Mengyuan Li,Haoran Geng,Michael Niemier,Xiaobo Sharon Hu

2023-07-27

Abstract:Lattice-based cryptographic algorithms built on ring learning with error theory are gaining importance due to their potential for providing post-quantum security. However, these algorithms involve complex polynomial operations, such as polynomial modular multiplication (PMM), which is the most time-consuming part of these algorithms. Accelerating PMM is crucial to make lattice-based cryptographic algorithms widely adopted by more applications. This work introduces a novel high-throughput and compact PMM accelerator, X-Poly, based on the crossbar (XB)-type compute-in-memory (CIM). We identify the most appropriate PMM algorithm for XB-CIM. We then propose a novel bit-mapping technique to reduce the area and energy of the XB-CIM fabric, and conduct processing engine (PE)-level optimization to increase memory utilization and support different problem sizes with a fixed number of XB arrays. X-Poly design achieves 3.1X10^6 PMM operations/s throughput and offers 200X latency improvement compared to the CPU-based implementation. It also achieves 3.9X throughput per area improvement compared with the state-of-the-art CIM accelerators.

Cryptography and Security,Hardware Architecture

Yifan Zhao,Ruiqi Xie,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/tcsi.2022.3162593

2022-01-01

Abstract:The 5G edge computing infrastructure should be empowered with quantum attack resistance by implementing post-quantum cryptography (PQC). Among various PQC schemes, lattice-based cryptography (LBC) based on learning with error (LWE) has attracted much attention because of its performance efficiency and security guarantee. In LWE-based LBCs, the Module-LWE-based schemes gain advantage over the others benefiting from the unique polynomial matrix and vector structure. To provide a high-performance implementation of Module-LWE applications for the edge computing paradigm, we propose a domain-specific processor based on a matrix extension of RISC-V architecture. This custom extension encapsulates the matrix-based ring operations with a high-level functional abstraction. A 2-D systolic array with configurable functionality is proposed to perform matrix-based number theoretic transform (NTT) and other arithmetic operations, achieving high data-level parallelism with support for the variable-sized polynomial matrix and vector structure. As this structure of Module-LWE involves no data dependency between different inner elements, an out-of-order mechanism is further developed to exploit the instruction-level parallelism. We implement the proposed architecture under TSMC 28nm technology. The evaluation results show that our implementation can achieve up to and improvement in cycle count respectively in Kyber and Dilithium, compared to the state-of-the-art crypto-processor counterparts.

Chaohui Du,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1145/2902961.2902969

2016-01-01

Abstract:Many lattice-based cryptosystems are based on the security of the Ring learning with errors (Ring-LWE) problem. The most critical and computationally intensive operation of these Ring-LWE based cryptosystems is polynomial multiplication. In this paper, we exploit the number theoretic transform to build a high-speed polynomial multiplier for the Ring-LWE based public key cryptosystems. We present a versatile pipelined polynomial multiplication architecture to calculate the product of two $n$-degree polynomials in about (( n lg n )/4 + n /2) clock cycles. In addition, we introduce several optimization techniques to reduce the required ROM storage. The experimental results on a Spartan-6 FPGA show that the proposed hardware architecture can achieve a speedup of on average 2.25 than the state of the art of high-speed design. Meanwhile, our design is able to save up to 47.06% memory blocks.

Liejun Ma,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/icet49382.2020.9119654

2020-01-01

Abstract:In the last few years, with the fleeting progress of quantum computer the traditional encryption technology is being threatened. Lattice based cryptography is a new post quantum cryptography which has been proved the security under the quantum computer attack. However, due to the limitation of communication frequency and power consumption, it is difficult to implement the lattice based cryptographic algorithm on the existing general processor platform. The polynomial multiplication is the most basic and critical operation in these lattice based cryptographic systems. It is also the computationally intensive operation which is more suitable for hardware implement. In this paper, we proposed a small area, low-power polynomial multiplier design in a specific field. Our scheme not only ensures the performance requirements, but also reduces the overhead of area and power consumption. The proposed scheme in this paper need not use the DSP resources on FPGA so that we can maximize the parallel NTT butterfly operators to improve the computing efficiency. It is a low-cost, high-performance implementation scheme.

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/iscas.2016.7527456

2016-01-01

Abstract:Ring learning with errors (Ring-LWE) is the basis of various lattice based cryptosystems. The most critical and computationally intensive operation of Ring-LWE based cryptosystems is polynomial multiplication over rings. In this paper, we introduce several optimization techniques to build an efficient polynomial multiplier with the number theoretic transform (NTT). We propose a technique to optimize the bit-reverse operation of NTT and inverse-NTT. With additional optimizations, our polynomial multiplier reduces the required clock cycles from (8n+1.5n lg n) to (2n+1.5n lg n). By exploiting the relationship of the constant factors, our polynomial multiplier is able to reduce the number of constant factors from 4n to 2.5n, which saves about 37.5% ROM storage. In addition, we propose a novel memory access scheme to achieve maximum utilization of the butterfly operator. With these techniques, our polynomial multiplier is capable to perform 57304/26913 polynomial multiplications per second for dimension 256/512 on a Spartan-6 FPGA.

GU Ye-hua,ZENG Xiao-yang,ZHAO Jia,LU Rong-hua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.19.080

2007-01-01

Abstract:This paper proposes a modified multiple-word radix-2k Montgomery multiplication(MWR2kMM) algorithm with its corresponding VLSI architecture.With the adoption of MWR2kMM algorithm,the proposed multiplier is able to work with any precision of the input operands and has a shorter critical path.Meanwhile,its performance is much higher compared with previous work because of the optimization of the pipeline architecture.The proposed multiplier is very suitable to the low cost and high performance RSA cryptosystem and can be easily implemented in VLSI technology.

Bo Zhang,Zeming Cheng,Massoud Pedram

DOI: https://doi.org/10.1109/tvlsi.2024.3368002

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Modular multiplication (MM) is a fundamental operation in many cryptographic and arithmetic applications. In this article, we present an improved Barrett modular multiplication (BMM) algorithm and its hardware-efficient implementation. The proposed algorithm leverages parallel computation of quotient and intermediate results, enhancing overall efficiency. To further optimize the algorithm, two optimizations are introduced, replacing expensive multiplications and additions with more efficient compression and encoding operations at each iteration. We first introduce a novel data model that enables the use of a 2-bit adder to handle potential overflow in signed addition. Moreover, by employing a 3-bit addition on intermediate results, we eliminate the need for complete round operations while ensuring the desired result range. The experimental results demonstrate significant improvements in terms of area and computation time compared to existing classic BMM and Montgomery modular multiplication (MMM) designs. Our improved BMM outperforms these designs, particularly in high-radix scenarios. This work provides a valuable contribution to the field of MM, offering a hardware-efficient solution for achieving improved performance in cryptographic and arithmetic systems.

engineering, electrical & electronic,computer science, hardware & architecture

Tao Wu,Shuguo Li,Litian Liu

DOI: https://doi.org/10.1109/iccsnt.2012.6525895

2012-01-01

Abstract:Due to complex hardware architecture and heavy computation, it is difficult to perform modular multiplications over large integers. In this paper, we propose a low-latency scalable modular multiplier for multi-precision modular multiplications. Unlike popular scalable architectures by Montgomery algorithm, the classic modular multiplication A · B mod M is directly implemented here. Low latency can be obtained by deferring the uses of most significant bits during the interleaving modular multiplications. Also, the critical path of processing elements is greatly reduced by carry-save additions. While the scalable modular multiplier obtains comparable performance with optimal scalable Montgomery modular multiplier, its area overhead increases since more registers and selection logics are employed. The proposed modular multiplier is convenient for variant operands and nonsuccessive modular multiplications, where it is more energy-efficient than popular scalable Montgomery modular multipliers.

Chaohui Du,Guoqiang Bai,Hongyi Chen

DOI: https://doi.org/10.1109/trustcom.2015.510

2015-01-01

Abstract:Lattice-based cryptography is considered as a main candidate for post-quantum cryptosystems. Its security is based on worst-case computational assumptions in lattices that remain hard even for quantum computers. In this paper, we present an efficient software implementation of lattice based Ring-LWE public key encryption scheme, which optimizes the two basic building blocks: multiplication over polynomial rings and discrete Gaussian sampling. We exploit the number theoretic transform (NTT) to speed up polynomial multiplication over rings and propose an optimized single instruction multiple data (SIMD) based implementation of NTT. It takes 1965/4411 clock cycles to perform a transform with 256/512 elements. Our implementation can save about 75% memory accesses and more than 51% modulo q operations during NTT computation. On the other hand, we propose an efficient implementation of high precision discrete Gaussian sampler, which is based on the inverse of the cumulative distribution function. Our implementation has maximum statistical distance of 2-90 to a theoretical discrete Gaussian distribution. It takes on average 15.4 ns and 9.5 uniformly random bits to generate a Gaussian sample. With these optimizations, our implementation of the public key encryption scheme performs encryption/decryption operations in 15.88/2.37 μs for medium security and 31.30/4.59 μs for high security on one core of an Intel Core i7-4771 processor. Its throughput is higher than the existing software implementation by about two orders of magnitude, and it is even higher than all the hardware implementations.

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/ISCAS.2016.7527452

2016-01-01

Abstract:The most critical and computationally intensive operation of Ring-LWE based public key cryptosystems is polynomial multiplication. In this paper, we introduce several optimization techniques to speed up polynomial multiplication with the number theoretic transform (NTT). We propose to precompute NTT of the constant polynomial to reduce the number of NTT computations. In order to reduce the cost of bit-reverse operation, a optimization technique is introduced to perform it on-the-fly. We also present a technique to improve the utilization rate of the butterfly operator. Moreover, the cancellation lemma is exploited to reduce the required ROM storage. Based on these optimizations, we present a versatile pipelined polynomial multiplication architecture, which takes around (n lg n + 1.5n) clock cycles to calculate the product of two n-degree polynomials. Experimental results on a Spartan-6 FPGA show that our polynomial multiplier achieves a speedup of 2.04 on average and consumes less hardware resources when compared with the state of art of efficient implementation.

Jianfei Wang,Chen Yang,Yishuo Meng,Fahong Zhang,Jia Hou,Siwei Xiang,Yang Su

DOI: https://doi.org/10.1109/tcsi.2024.3483229

2024-01-01

IEEE Transactions on Circuits and Systems I Regular Papers

Abstract:Out-of-place constant-geometry (CG) NTT usually has a simple and uniform memory access pattern. However, out-of-place CG NTT always requires ping-pong memory, resulting in a memory capacity requirement of 2 $N$ . Therefore, we propose a novel radix-4 in-place CG (IPCG) NTT/INTT that reduces the capacity requirement from 2 $N$ to $N$ . An area-efficient and dynamical reconfigurable polynomial multiplier (RAEPM) based on IPCG NTT is proposed to speed up polynomial multiplication over rings. In RAEPM, a Barrett modular multiplier using area-efficient radix-4 booth multiplier is designed to reduce area. In addition, an odd-bank buffer structure is proposed to achieve conflict-free memory mapping independent of polynomial length $N$ and NTT/INTT stage. Moreover, we also proposed an efficient modular reduction for specific numbers and introduced a division equivalent method to eliminate the odd number modular reduction and odd number division in addressing. RAEPM is implemented on Xilinx VC709 FPGA and runs at 294MHz clock frequency. Compared with the prior pure NTT accelerators, under the same parameters, RAEPM achieves a decrease of 39.02% $\sim$ 57.63% in area-time complexity of equivalent LUT, and a decrease of 15.97% $\sim$ 49.24% in area-time complexity of equivalent FF. Compared with the prior NTT-based polynomial multipliers, under the same parameters, RAEPM achieves a decrease of 35.48% $\sim$ 90.81% in area-time complexity of equivalent LUT, and a decrease of 24.24% $\sim$ 88.41% in area-time complexity of equivalent FF.