Mohamed Saoudi,Akram Kermiche,Omar Hocine Benhaddad,Nadir Guetmi,Boufeldja Allailou

DOI: https://doi.org/10.2139/ssrn.4560994

IF: 3.503

2024-04-21

Microprocessors and Microsystems

Abstract:This paper presents an FPGA implementation of Number Theoretic Transform (NTT) for the Kyber Post-Quantum Cryptographic (PQC) standard. NTT is the slowest process within Kyber thus a large number of efforts has been conducted to enhance its computational efficiency. Leveraging parallelism and dedicated multipliers, our design achieves state-of-the-art latency, performing NTT/INTT in just 0.4/ 0.5μs , surpassing existing designs by at least 3.75/3 times. The proposed design is implemented on the cost-effective Artix-7 FPGA.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Hang Yang,Rongmao Chen,Qiong Wang,Zixuan Wu,Wei Peng

DOI: https://doi.org/10.1007/978-981-97-0945-8_7

2024-01-01

Abstract:CRYSTALS-Kyber is a promising post-quantum encryption candidate and has been selected for standardization. However, its operational efficiency faces challenges due to complex and time-consuming polynomial multiplication, which can be accelerated using number-theoretic transform (NTT). In this work, we propose a novel approach of hardware acceleration for NTT-based polynomial multiplication in CRYSTALS-Kyber on FPGA. Our approach leverages pipeline technology and optimized butterfly operation units with Montgomery and Barrett reductions, significantly improving computational efficiency. By running eight butterfly units in parallel, we achieve remarkably shorter computation cycles for key operations such as NTT, INTT, and PWM. Moreover, we introduce a dedicated Kyber algorithm PWM unit and optimized multi-RAM channel storage, greatly boosting memory access efficiency. This comprehensive optimization results in superior energy efficiency, surpassing other existing schemes and propelling the practical application of CRYSTALS-Kyber to new levels of efficiency.

Raziyeh Salarifard,Hadi Soleimany

DOI: https://doi.org/10.1007/s13389-024-00357-1

2024-06-06

Journal of Cryptographic Engineering

Abstract:The number theoretic transform (NTT) is used to efficiently execute polynomial multiplication. It has become an important part of lattice-based post-quantum methods and the subsequent generation of standard cryptographic systems. However, implementing post-quantum schemes is challenging since they rely on intricate structures. This paper demonstrates how to develop a high-speed NTT multiplier highly optimized for FPGAs with few logical resources. We describe a novel architecture for NTT that leverages unique precomputation. Our method efficiently maps these specific pre-computed values into the built-in Block RAMs, which greatly reduces the area and time required for implementation when compared to previous works. We have chosen Kyber parameters to implement the proposed architectures. Compared to the most well-known approach for implementing Kyber's polynomial multiplication using NTT, the AC (area latency) is reduced by , and AT (area time) is improved by as a result of the pre-computation we suggest in this study.

computer science, theory & methods

Weihang Tan,Yingjie Lao,Keshab K. Parhi

DOI: https://doi.org/10.1109/ICCAD57390.2023.10323839

2023-10-07

Abstract:CRYSTAL-Kyber (Kyber) is one of the post-quantum cryptography (PQC) key-encapsulation mechanism (KEM) schemes selected during the standardization process. This paper addresses optimization for Kyber architecture with respect to latency and throughput constraints. Specifically, matrix-vector multiplication and number theoretic transform (NTT)-based polynomial multiplication are critical operations and bottlenecks that require optimization. To address this challenge, we propose an algorithm and hardware co-design approach to systematically optimize matrix-vector multiplication and NTT-based polynomial multiplication by employing a novel sub-structure sharing technique in order to reduce computational complexity, i.e., the number of modular multiplications and modular additions/subtractions consumed. The sub-structure sharing approach is inspired by prior fast parallel approaches based on polyphase decomposition. The proposed efficient feed-forward architecture achieves high speed, low latency, and full utilization of all hardware components, which can significantly enhance the overall efficiency of the Kyber scheme. The FPGA implementation results show that our proposed design, using the fast two-parallel structure, leads to an approximate reduction of 90% in execution time, along with a 66 times improvement in throughput performance.

Cryptography and Security,Hardware Architecture

Trong-Hung Nguyen,Binh Kieu-Do-Nguyen,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.1109/access.2024.3371581

IF: 3.9

2024-03-12

IEEE Access

Abstract:The efficiency of polynomial multiplication execution majorly impacts the performance of lattice-based post-quantum cryptosystems. In this research, we propose a high-speed hardware architecture to accelerate polynomial multiplication based on the Number Theoretic Transform (NTT) in CRYSTAL-Kyber and CRYSTAL-Dilithium. We design a Digital Signal Processing (DSP) architecture for modular multiplication in butterfly and Point-Wise Multiplication (PWM) operations. Our method reduces the critical path delay of an -bit multiplier to that of a ( -2)-bit adder, optimizing both area and speed. These dedicated DSPs are employed in butterfly and PWM operations, completely eliminating the pre-process and post-process of NTT transforms. Furthermore, we introduce a novel unified pipelined architecture for the NTT and Inverse NTT (INTT) transformations of Kyber and Dilithium, with corresponding high-speed (Radix-2) and ultra-high-speed (Radix-4) versions. Lastly, we construct a complete hardware accelerator for polynomial matrix-vector multiplication in Kyber. The Field-Programmable Gate Array (FPGA) implementation results have proven that our designs have significantly improved execution time by – for the NTT transforms in Dilithium and – for Kyber polynomial multiplication, compared to previous studies reported to date. Additionally, the hardware footprint results indicate that our proposed architectures exhibit superior hardware performance in Area-Time-Product (ATP), corresponding to a 44%–96% improvement. The proposed architectures are efficient and well-suited for high-performance lattice-based cryptography systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Liejun Ma,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/cisce52179.2021.9445987

2021-01-01

Abstract:With the development of quantum information theory, classical cryptographical schemes will be threatened. CRYSTALS-KYBER (KYBER) is a kind of lattice-based post quantum cryptographical algorithms which can resist the quantum attack to a large extent. The polynomial multiplication is the most computationally intensive operation in the KYBER algorithm. In this paper, we proposed a Number Theoretic Transformation (NTT) implementation strategy to speed up the polynomial multiplication in FPGA platform. We optimized the structure by adopting a parallel approach, this can further reduce the NTT iteration time and achieve better performance.

Bin Li,Yunfei Yan,Yuanxin Wei,Heru Han

DOI: https://doi.org/10.1109/tvlsi.2023.3312423

2023-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:In lattice-based postquantum cryptography (PQC), polynomial multiplication is complex and time-consuming, which affects the overall computational efficiency. In addition, the parameters of different lattice-based algorithms require different number theoretic transform (NTT) structures, which limits the versatility of hardware design. To this end, this article proposes scalable and parallel optimization of the NTT based on a field-programmable gate array (FPGA). By analyzing the algorithm flow of the NTT, inverse NTT (INTT), and pointwise multiplication (PWM), an FPGA loosely coupled structure is designed, which can be used to place butterfly units of multiple pipelines in parallel and supports various modulo operations of a polynomial. In addition, to improve computing efficiency and scalability, key algorithm modules such as multipliers and modular reduction are deeply optimized. Moreover, the storage optimization of multiple RAM channels is carried out, and the alternate access control of data and the multiplexing of RAM resources reduce resource consumption and improve data access efficiency. For the SHA-3 algorithm, the scalable Keccak algorithm is implemented in a serial–parallel hybrid manner and supports multiple hash modes. Finally, taking the Dilithium algorithm as an example, through the parallelization of SHA-3 and NTT, the calculation cycle of key generation, signature, and verification is shortened. The experimental results and analysis show that the scheme in this article shortens the NTT calculation period while ensuring a high frequency, and the calculation time is significantly better than that of other schemes. Furthermore, it can support the optimized parallelization of multiple moduli and give full play to the computing advantages of an FPGA.

engineering, electrical & electronic,computer science, hardware & architecture

Xinyi Ji,Jiankuo Dong,Tonggui Deng,Pinchang Zhang,Jiafeng Hua,Fu Xiao

DOI: https://doi.org/10.1109/tpds.2024.3379734

IF: 5.3

2024-04-10

IEEE Transactions on Parallel and Distributed Systems

Abstract:CRYSTALS-Kyber, as the only public key encryption (PKE) algorithm selected by the National Institute of Standards and Technology (NIST) in the third round, is considered one of the most promising post-quantum cryptography (PQC) schemes. Lattice-based cryptography uses complex discrete algorithm problems on lattices to build secure encryption and decryption systems to resist attacks from quantum computing. Performance is an important bottleneck affecting the promotion of post quantum cryptography. In this paper, we present a High-performance Implementation of Kyber (named HI-Kyber) on the NVIDIA GPUs, which can increase the key-exchange performance of Kyber to the million-level. Firstly, we propose a lattice-based PQC implementation architecture based on kernel fusion, which can avoid redundant global-memory access operations. Secondly, We optimize and implement the core operations of CRYSTALS-Kyber, including Number Theoretic Transform (NTT), inverse NTT (INTT), pointwise multiplication, etc. Especially for the calculation bottleneck NTT operation, three novel methods are proposed to explore extreme performance: the sliced layer merging (SLM), the sliced depth-first search (SDFS-NTT) and the entire depth-first search (EDFS-NTT), which achieve a speedup of 7.5%, 28.5%, and 41.6% compared to the native implementation. Thirdly, we conduct comprehensive performance experiments with different parallel dimensions based on the above optimization. Finally, our key exchange performance reaches 1,664 kops/s. Specifically, based on the same platform, our HI-Kyber is 3.52× that of the GPU implementation based on the same instruction set and 1.78× that of the state-of-the-art one based on AI-accelerated tensor core.

computer science, theory & methods,engineering, electrical & electronic

Shiyang He,Hui Li,Fenghua Li,Ruhui Ma

DOI: https://doi.org/10.1016/j.jiixd.2024.02.004

2024-01-01

Journal of Information and Intelligence

Abstract:The security of cryptographic algorithms based on integer factorization and discrete logarithm will be threatened by quantum computers in future. Since December 2016, the National Institute of Standards and Technology (NIST) has begun to solicit post-quantum cryptographic (PQC) algorithms worldwide. CRYSTALS-Kyber was selected as the standard of PQC algorithm after 3 rounds of evaluation. Meanwhile considering the large resource consumption of current implementation, this paper presents a lightweight architecture for ASICs and its implementation on FPGAs for prototyping. In this implementation, a novel compact Modular Multiplication Unit (MMU) and compression/decompression module is proposed to save hardware resources. We put forward a specially optimized Schoolbook Polynomial Multiplication (SPM) instead of Number Theoretic Transform (NTT) core for polynomial multiplication, which can reduce about 74% SLICE cost. We also use signed number representation to save memory resources. In addition, we optimize the hardware implementation of the hash module, which cuts off about 48% of FF consumption by register reuse technology. Our design can be implemented on Kintex-7 (XC7K325T-2FFG900I) FPGA for prototyping, which occupations of 4777/4993 LUTs, 2661/2765 FFs, 1395/1452 SLICEs, 2.5/2.5 BRAMs, and 0/0 DSP respective of client/server side. The maximum clock frequency can reach at 244 MHz. As far as we know, our design consumes the least resources compared with other existing designs, which is very friendly to resource-constrained devices.

Wenbo Guo,Shuguo Li

DOI: https://doi.org/10.1109/tcsi.2023.3306347

2023-01-01

Abstract:The attack on quantum computers is an enormous threat to conventional public-key cryptography. Hence, it is crucial to study quantum-resistant cryptosystems. After four rounds of evaluation, the National Institute of Standards and Technology (NIST) has decided to standardize CRYSTALS-Kyber as one of the public-key post-quantum cryptography (PQC) algorithms. In the hardware design of CRYSTALS-Kyber, the polynomial-related calculations are the most time-consuming. In this paper, we present a highly-efficient hardware architecture for CRYSTALS-Kyber. Firstly, we propose the CRYSTALS-Kyber-oriented conflict-free memory mapping scheme with two modes. Based on this scheme, we construct the mixed radix-2/4 NTT/INTT algorithm, which has no pre- or post-processing, for the first time. By using the “lazy-last-layer” trick, the available memory bandwidth of NTT is temporarily increased, and the average performance of NTT is improved. Besides, the point-wise-multiplication (PWM) is performed in a single memory bank by cooperating with the two modes of our memory mapping scheme. This avoids the waste of memory bandwidth, thus avoiding the usage of large FIFOs for the sampled data. Last, we propose an efficient modular multiplier for CRYSTALS-Kyber, and we merge the divide-by-2 operations in the finite field into modular adders and subtractors to reduce resource consumption. This design, which supports all three security levels, is implemented on Xilinx Artix-7 FPGA with 7.3k LUTs, 3.2k FFs, 2.2k Slices, 5 BRAMs, and 4 DSPs. It performs 12% better in area-time-product than other leading designs in the literature.

Xianwei Gao,Lian Xue,Zishan Tian

DOI: https://doi.org/10.1109/EEI59236.2023.10212585

2023-06-30

Abstract:The Number Theoretical Transform (NTT) plays a crucial role in post-quantum cryptography algorithms, with its computational performance directly impacting system operating speed. This article proposes a high-performance NTT hardware architecture based on a pipeline architecture to address the challenges of lengthy computing processes and complex control logic in NTT hardware implementation. Firstly, a recursive NTT is advanced to simplify the calculation process and facilitate hardware implementation. Next, effective pipeline segmentation is applied to the computing process to reduce hardware architecture complexity. Finally, a two-stage butterfly operation is employed to implement butterfly elements, and the reduction calculation process is optimized using shift and addition, resulting in reduced hardware resource costs. The proposed NTT hardware architecture is implemented on Quartus II (EP2AGZ225FF35C3) taking the CRYSTALS-Kyber anti-quantum cryptography scheme as an example, since the selected prime number can meet requirements. Experimental results demonstrate that the proposed design outperforms other related designs in terms of computational performance and hardware overhead.

Engineering,Computer Science

Yiming Huang,Miaoqing Huang,Zhongkui Lei,Jiaxuan Wu

DOI: https://doi.org/10.1587/elex.17.20200234

2020-09-10

IEICE Electronics Express

Abstract:This paper presents a pure hardware implementation of CRYSTALS-KYBER algorithm on Xilinx FPGAs. CRYSTALS-KYBER is one of 26 candidate algorithms in Round 2 of NIST Post-Quantum Cryptography (PQC) standardization process. The proposed design focuses on maximizing resource utilization by reusing most of the functional modules in the encapsulation and decapsulation processes of the algorithm. For instance, the hash module integrates several different hash functions in one module. Efficient parallel and pipelined computations are applied in the NTT module. Through the analysis of simulation and synthesis results, it is found that the proposed work has the advantages of higher frequencies and lower execution times. The scheme operates at 155 MHz and 192 MHz frequencies on Xilinx Artix-7 and Virtex-7 FPGAs, respectively. Compared with the performance of an embedded Cortex-M4 processor, the hardware implementation can achieve a maximum speedup of 129 times for encryption/decryption.

Minghao Li,Jing Tian,Xiao Hu,Zhongfeng Wang

DOI: https://doi.org/10.1109/TCAD.2022.3230359

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Recently, the National Institute of Standards and Technology (NIST) has identified the first four quantum-resistant algorithms for post-quantum cryptography (PQC) standardization. CRYSTALS-Kyber (Kyber) is the only public-key encryption and key-establishment algorithm among them. In this article, we propose a reconfigurable, high-speed, and area-efficient polynomial multiplication accelerator for Kyber to facilitate its practical applications. The cornerstone of polynomial multiplication is the butterfly unit (BU) structure, composed of modular addition, subtraction, and multiplication. For the modular multiplication, we adopt the Barrett reduction method and reduce the size of operands leveraging the form of modulus with a novel formula transformation, which significantly decreases the computational complexity and increases the maximum clock frequency. On the hardware side, we make four BU modules constitute a binomial arithmetic core (Bi-Core) as the basic reconfigurable unit. The memory access scheme tailored for parallel processing is explored with data-reusing and memory-grouping methods, and a compact control logic is devised. The complete polynomial multiplication architecture is coded with Verilog and implemented on a Xilinx Artix-7 xc7a100t-3 device. Experiment results demonstrate that our implementations with different configurations all outperform the state-of-the-art works in area efficiency by up to 39% improvement in terms of area-time product (ATP). Moreover, the proposed design with four Bi-Cores achieves the fastest speed among existing designs.

Suraj Mandal,Debapriya Basu Roy

2023-11-08

Abstract:Large-degree polynomial multiplication is an integral component of post-quantum secure lattice-based cryptographic algorithms like CRYSTALS-Kyber and Dilithium. The computational complexity of large-degree polynomial multiplication can be reduced significantly through Number Theoretic Transformation (NTT). In this paper, we aim to develop a unified and shared NTT architecture that can support polynomial multiplication for both CRYSTALS-Kyber and Dilithium. More specifically, in this paper, we have proposed three different unified architectures for NTT multiplication in CRYSTALS-Kyber and Dilithium with varying numbers of configurable radix-2 butterfly units. Additionally, the developed implementation is coupled with a conflict-free memory mapping scheme that allows the architecture to be fully pipelined. We have validated our implementation on Artix-7, Zynq-7000 and Zynq Ultrascale+ FPGAs. Our standalone implementations for NTT multiplication for CRYSTALS-Kyber and Dilithium perform better than the existing works, and our unified architecture shows excellent area and timing performance compared to both standalone and existing unified implementations. This architecture can potentially be used for compact and efficient implementation for CRYSTALS-Kyber and Dilithium.

Hardware Architecture,Cryptography and Security

Wenbo Guo,Shuguo Li,Liang Kong

DOI: https://doi.org/10.1109/tcsii.2021.3103184

2022-01-01

Abstract:Quantum algorithms pose a huge threat to the current cryptosystems. In this article, we present a hardware implementation of CRYSTALS-KYBER which is one of the post-quantum cryptosystems based on the Module-LWE problem. Using the proposed modular reduction algorithm, modified modular adder and the reconfigurable data path, the design shares the computing resource for different polynomial related operations, and achieves higher degree of parallelism. Our design is implemented on a Xilinx Artix-7 FPGA. Compared with the leading hardware implementations, our design is more compact, the execution time is shorter, and it significantly consumes fewer registers.

Minghao Li,Jing Tian,Xiao Hu,Yuan Cao,Zhongfeng Wang

DOI: https://doi.org/10.1109/apccas55924.2022.10090253

2022-01-01

Abstract:In the process of NIST post-quantum cryptography standardization, CRYSTALS-Kyber (Kyber) was selected as one of the first four candidates to be standardized for its strong security and excellent performance. Towards the computation-intensive modular reduction operation of Kyber, this paper proposes a high-speed and low-complexity modular reduction algorithm based on the signed number representation and the proposed Fast Look-Up Table (FLUT). FPGA experiment results demonstrate that our design costs nearly 25% fewer hardware resources and 25% shorter critical path than the state-of-the-art reduction design for Kyber. Moreover, the computational complexity of Inverse Number Theoretic Transform (INTT), a primary function of Kyber, is reduced using the property of our reduction algorithm.

Xiangren Chen,Bohan Yang,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2022.i1.94-126

2021-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Number theoretic transform (NTT) is widely utilized to speed up polynomial multiplication, which is the critical computation bottleneck in a lot of cryptographic algorithms like lattice-based post-quantum cryptography (PQC) and homomorphic encryption (HE). One of the tendency for NTT hardware architecture is to support diverse security parameters and meet resource constraints on different computing platforms. Thus flexibility and Area-Time Product (ATP) become two crucial metrics in NTT hardware design. The flexibility of NTT in terms of different vector sizes and moduli can be obtained directly. Whereas the varying strides in memory access of in-place NTT render the design for different radix and number of parallel butterfly units a tough problem. This paper proposes an efficient conflict-free memory mapping scheme that supports the configuration for both multiple parallel butterfly units and arbitrary radix of NTT. Compared to other approaches, this scheme owns broader applicability and facilitates the parallelization of non-radix-2 NTT hardware design. Based on this scheme, we propose a scalable radix-2 and radix-4 NTT multiplication architecture by algorithm-hardware co-design. A dedicated schedule method is leveraged to reduce the number of modular additions/subtractions and modular multiplications in radix-4 butterfly unit by 20% and 33%, respectively. To avoid the bit-reversed cost and save memory footprint in arbitrary radix NTT/INTT, we put forward a general method by rearranging the loop structure and reusing the twiddle factors. The hardware-level optimization is achieved by excavating the symmetric operators in radix-4 butterfly unit, which saves almost 50% hardware resources compared to a straightforward implementation. Through experimental results and theoretical analysis, we point out that the radix-4 NTT with the same number of parallel butterfly units outperforms the radix-2 NTT in terms of area-time performance in the interleaved memory system. This advantage is enlarged when increasing the number of parallel butterfly units. For example, when processing 1024 14-bit points NTT with 8 parallel butterfly units, the ATP of LUT/FF/DSP/BRAM n radix-4 NTT core is approximately 2.2 × /1.2 × /1.1 × /1.9 × less than that of the radix-2 NTT core on a similar FPGA platform.

Kasra Ahmadi,Saeed Aghapour,Mehran Mozaffari Kermani,Reza Azarderakhsh

2024-09-19

Abstract:Polynomial multiplication stands out as a highly demanding arithmetic process in the development of post-quantum cryptosystems. The importance of the number-theoretic transform (NTT) extends beyond post-quantum cryptosystems, proving valuable in enhancing existing security protocols such as digital signature schemes and hash functions. CRYSTALS-KYBER stands out as the sole public key encryption (PKE) algorithm chosen by the National Institute of Standards and Technology (NIST) in its third round selection, making it highly regarded as a leading post-quantum cryptography (PQC) solution. Due to the potential for errors to significantly disrupt the operation of secure, cryptographically-protected systems, compromising data integrity, and safeguarding against side-channel attacks initiated through faults it is essential to incorporate mitigating error detection schemes. This paper introduces algorithm level fault detection schemes in the NTT multiplication using Negative Wrapped Convolution and the NTT tailored for Kyber Round 3, representing a significant enhancement compared to previous research. We evaluate this through the simulation of a fault model, ensuring that the conducted assessments accurately mirror the obtained results. Consequently, we attain a notably comprehensive coverage of errors. Furthermore, we assess the performance of our efficient error detection scheme for Negative Wrapped Convolution on FPGAs to showcase its implementation and resource requirements. Through implementation of our error detection approach on Xilinx/AMD Zynq Ultrascale+ and Artix-7, we achieve a comparable throughput with just a 9% increase in area and 13% increase in latency compared to the original hardware implementations. Finally, we attained an error detection ratio of nearly 100% for the NTT operation in Kyber Round 3, with a clock cycle overhead of 16% on the Cortex-A72 processor.

Cryptography and Security

Ali Yahya Hummdi,Amer Aljaedi,Zaid Bassfar,Sajjad Shaukat Jamal,Mohammad Mazyad Hazzazi,Mujeeb Ur Rehman

DOI: https://doi.org/10.1109/access.2024.3425813

IF: 3.9

2024-07-19

IEEE Access

Abstract:Polynomial multiplications based on the number theoretic transform (NTT) are critical in lattice-based post-quantum cryptography algorithms. Therefore, this paper presents a platform-agnostic unified hardware accelerator design (Unif-NTT) to compute the forward and inverse operations of the NTT for the CRYSTALS-Kyber algorithm. Moreover, a unified design (Unif-BU) of the Cooley-Tukey and Gentleman-Sande butterflies is presented using two adders, multipliers, subtractors, routing multiplexers and barret-based modular reduction units. Finally, a dedicated controller is implemented for efficient control functionalities. The implementation results are realized on field-programmable gate array (FPGA) and application-specific integrated circuit (ASIC) platforms. The Unif-NTT requires 1664 and 1792 clock cycles for one forward and inverse NTT computations, respectively. It can operate up to a maximum frequency of and over Virtex-7 FPGA and 28nm ASIC platforms, respectively. The Unif-NTT is 26% more efficient in Area-Time-Product compared to the most area-optimized NTT accelerator from the state-of-the-art. The Unif-NTT design is suited for applications that demand reasonable hardware resources with processing speed.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenbo Guo,Shuguo Li

DOI: https://doi.org/10.1109/tc.2023.3320040

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Facing the threat of large-scale quantum computers to traditional public-key cryptography, the National Institute of Standards and Technology has conducted Post-Quantum Cryptography algorithms evaluation for a long time, and CRYSTALS-Kyber has been selected to enter the standardization process. In the previous literature, hardware designs can significantly improve the performance of CRYSTALS-Kyber, and the most time-consuming operations are Number Theoretic Transform (NTT) and point-wise multiplication (PWM). However, the split-radix algorithm, which has a lower theoretical complexity in the FFT, has rarely been studied in the NTT. In this paper, we studied whether there are advantages of introducing split-radix algorithms into the NTT defined by CRYSTALS-Kyber and detailed derived the split-radix algorithms for the forward and inverse NTT without pre- or post-processing. By further optimizing the split-radix algorithm for the forward NTT, one of the three modular multipliers in the $\boldsymbol{L}$L-shaped butterfly unit is replaced by shifting-and-addition, which will reduce the hardware resource consumption. Besides, we proposed a recombined formula for PWM, which reduces the capacity of the intermediate data RAM for PWM by 25%. Together with the proposed hardware scheduling method, the above algorithms can improve performance and save hardware resources.