Jiaming Zhang,Jiahao Lu,Aobo Li,Mingbo Wang,Xiang Li,Tianze Huang,Lei Chen,Dongsheng Liu

DOI: https://doi.org/10.1109/tcsii.2024.3382772

2024-01-01

Abstract:Security systems based on traditional cryptography mechanisms are at risk of being cracked by quantum computers in the future. CRYSTALS-KYBER (Kyber) as the NIST finalized lattice-based post-quantum cryptography (PQC) algorithm, will be widely used in public-key encryption scenarios. Although quantum-difficulty assumptions based on lattice math problems make Kyber quantum-resistant, how to effectively implement it into systems with different security needs remains a challenge. This brief presents a dual-issue superscalar Kyber processor (Super-K) that supports customized RISC-V instruction-set architecture (ISA) and implements the key encapsulation mechanism (KEM) flexibly and efficiently. A reconfigurable polynomial arithmetic unit (PAU) is designed, which optimizes the compress/decompress process, and accelerates polynomial operations efficiently by optimal parallelism. The pipelining scheduling technique is used in Super-K to improve instruction level parallelism and reduce time consumption. Super-K is implemented on UltraScale+ FPGA platform and evaluated under SMIC 40nm technology, which achieves the fastest computational speed with the lowest power consumption and $1.4\times /8.2\times $ improvement in FPGA/ASIC AT product efficiency.

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Yiming Huang,Miaoqing Huang,Zhongkui Lei,Jiaxuan Wu

DOI: https://doi.org/10.1587/elex.17.20200234

2020-09-10

IEICE Electronics Express

Abstract:This paper presents a pure hardware implementation of CRYSTALS-KYBER algorithm on Xilinx FPGAs. CRYSTALS-KYBER is one of 26 candidate algorithms in Round 2 of NIST Post-Quantum Cryptography (PQC) standardization process. The proposed design focuses on maximizing resource utilization by reusing most of the functional modules in the encapsulation and decapsulation processes of the algorithm. For instance, the hash module integrates several different hash functions in one module. Efficient parallel and pipelined computations are applied in the NTT module. Through the analysis of simulation and synthesis results, it is found that the proposed work has the advantages of higher frequencies and lower execution times. The scheme operates at 155 MHz and 192 MHz frequencies on Xilinx Artix-7 and Virtex-7 FPGAs, respectively. Compared with the performance of an embedded Cortex-M4 processor, the hardware implementation can achieve a maximum speedup of 129 times for encryption/decryption.

Tengfei Wang,Chi Zhang,Xiaolin Zhang,Dawu Gu,Pei Cao

DOI: https://doi.org/10.46586/tches.v2024.i3.99-135

2024-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Kyber and Dilithium are both lattice-based post-quantum cryptography (PQC) algorithms that have been selected for standardization by the American National Institute of Standards and Technology (NIST). NIST recommends them as two primary algorithms to be implemented for most use cases. As the applications of RISC-V processors move from specialized scenarios to general scenarios, efficient implementations of PQC algorithms on general-purpose RISC-V platforms are required. In this work, we present an optimized hardware-software co-design for Kyber and Dilithium on the industry’s first RISC-V System-on-Chip (SoC) Field Programmable Gate Array (FPGA) platform. The performance of both algorithms is enhanced through the utilization of hardware acceleration and software optimization, while a certain level of flexibility is still maintained. The polynomial arithmetic operations in Kyber and Dilithium are accelerated by the customized accelerators. We employ a unified high-level architecture to depict their shared characteristics and design dedicated underlying modular multipliers to explore their distinctive features. The hashing functions are optimized using RISC-V assembly instructions, resulting in improved performance and reduced code size without additional hardware resources. For other operations involving matrices and vectors, we present a multi-core acceleration scheme based on the multi-core RISC-V Microprocessor Sub-System (MSS). Combining these acceleration and optimization methods, experimental results show that the overall performance of Kyber and Dilithium across different security levels improves by 3 to 5 times, while the utilized FPGA resources account for less than 5% of the total resources provided by the platform.

Minghao Li,Jing Tian,Xiao Hu,Zhongfeng Wang

DOI: https://doi.org/10.1109/TCAD.2022.3230359

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Recently, the National Institute of Standards and Technology (NIST) has identified the first four quantum-resistant algorithms for post-quantum cryptography (PQC) standardization. CRYSTALS-Kyber (Kyber) is the only public-key encryption and key-establishment algorithm among them. In this article, we propose a reconfigurable, high-speed, and area-efficient polynomial multiplication accelerator for Kyber to facilitate its practical applications. The cornerstone of polynomial multiplication is the butterfly unit (BU) structure, composed of modular addition, subtraction, and multiplication. For the modular multiplication, we adopt the Barrett reduction method and reduce the size of operands leveraging the form of modulus with a novel formula transformation, which significantly decreases the computational complexity and increases the maximum clock frequency. On the hardware side, we make four BU modules constitute a binomial arithmetic core (Bi-Core) as the basic reconfigurable unit. The memory access scheme tailored for parallel processing is explored with data-reusing and memory-grouping methods, and a compact control logic is devised. The complete polynomial multiplication architecture is coded with Verilog and implemented on a Xilinx Artix-7 xc7a100t-3 device. Experiment results demonstrate that our implementations with different configurations all outperform the state-of-the-art works in area efficiency by up to 39% improvement in terms of area-time product (ATP). Moreover, the proposed design with four Bi-Cores achieves the fastest speed among existing designs.

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Wenbo Guo,Shuguo Li

DOI: https://doi.org/10.1109/tcsi.2023.3306347

2023-01-01

Abstract:The attack on quantum computers is an enormous threat to conventional public-key cryptography. Hence, it is crucial to study quantum-resistant cryptosystems. After four rounds of evaluation, the National Institute of Standards and Technology (NIST) has decided to standardize CRYSTALS-Kyber as one of the public-key post-quantum cryptography (PQC) algorithms. In the hardware design of CRYSTALS-Kyber, the polynomial-related calculations are the most time-consuming. In this paper, we present a highly-efficient hardware architecture for CRYSTALS-Kyber. Firstly, we propose the CRYSTALS-Kyber-oriented conflict-free memory mapping scheme with two modes. Based on this scheme, we construct the mixed radix-2/4 NTT/INTT algorithm, which has no pre- or post-processing, for the first time. By using the “lazy-last-layer” trick, the available memory bandwidth of NTT is temporarily increased, and the average performance of NTT is improved. Besides, the point-wise-multiplication (PWM) is performed in a single memory bank by cooperating with the two modes of our memory mapping scheme. This avoids the waste of memory bandwidth, thus avoiding the usage of large FIFOs for the sampled data. Last, we propose an efficient modular multiplier for CRYSTALS-Kyber, and we merge the divide-by-2 operations in the finite field into modular adders and subtractors to reduce resource consumption. This design, which supports all three security levels, is implemented on Xilinx Artix-7 FPGA with 7.3k LUTs, 3.2k FFs, 2.2k Slices, 5 BRAMs, and 4 DSPs. It performs 12% better in area-time-product than other leading designs in the literature.

Shiyang He,Hui Li,Fenghua Li,Ruhui Ma

DOI: https://doi.org/10.1016/j.jiixd.2024.02.004

2024-01-01

Journal of Information and Intelligence

Abstract:The security of cryptographic algorithms based on integer factorization and discrete logarithm will be threatened by quantum computers in future. Since December 2016, the National Institute of Standards and Technology (NIST) has begun to solicit post-quantum cryptographic (PQC) algorithms worldwide. CRYSTALS-Kyber was selected as the standard of PQC algorithm after 3 rounds of evaluation. Meanwhile considering the large resource consumption of current implementation, this paper presents a lightweight architecture for ASICs and its implementation on FPGAs for prototyping. In this implementation, a novel compact Modular Multiplication Unit (MMU) and compression/decompression module is proposed to save hardware resources. We put forward a specially optimized Schoolbook Polynomial Multiplication (SPM) instead of Number Theoretic Transform (NTT) core for polynomial multiplication, which can reduce about 74% SLICE cost. We also use signed number representation to save memory resources. In addition, we optimize the hardware implementation of the hash module, which cuts off about 48% of FF consumption by register reuse technology. Our design can be implemented on Kintex-7 (XC7K325T-2FFG900I) FPGA for prototyping, which occupations of 4777/4993 LUTs, 2661/2765 FFs, 1395/1452 SLICEs, 2.5/2.5 BRAMs, and 0/0 DSP respective of client/server side. The maximum clock frequency can reach at 244 MHz. As far as we know, our design consumes the least resources compared with other existing designs, which is very friendly to resource-constrained devices.

Jiahao Lu,Jiaming Zhang,Zhixiang Luo,Aobo Li,Tianze Huang,Dongsheng Liu,Chi Cheng

DOI: https://doi.org/10.1109/mwscas60917.2024.10658892

2024-01-01

Abstract:The globalized migration towards post-quantum cryptography (PQC) is accelerating to protect communications against the upcoming quantum threat. However, the resource-constrained IoT communication devices limits the deployment multiple PQC algorithms, which is hard to fulfill the various security requirements of IoT devices. In this paper, an efficient hardware architecture compatible with customized instruction format is proposed, which is compatible with CRYSTALS-Kyber and Dilithium. Following the methodology of maximize-reuse, a configurable polynomial modular arithmetic unit is presented to execute all the required modes of polynomial modular operations in pipeline. Implemented on UltraScale+ and Artix-7 platforms, the proposed architecture consumes 2310 and 4028 equivalent slices at a maximum frequency of 280MHz and 99MHz in two platforms. Compared to the state-of-the-art Kyber-only and Dilithium-only researches, this work supports two algorithms simultaneously and realizes the lowest area-time (AT) value for Dilithium and a competitive AT value for Kyber.

Weihang Tan,Yingjie Lao,Keshab K. Parhi

DOI: https://doi.org/10.1109/ICCAD57390.2023.10323839

2023-10-07

Abstract:CRYSTAL-Kyber (Kyber) is one of the post-quantum cryptography (PQC) key-encapsulation mechanism (KEM) schemes selected during the standardization process. This paper addresses optimization for Kyber architecture with respect to latency and throughput constraints. Specifically, matrix-vector multiplication and number theoretic transform (NTT)-based polynomial multiplication are critical operations and bottlenecks that require optimization. To address this challenge, we propose an algorithm and hardware co-design approach to systematically optimize matrix-vector multiplication and NTT-based polynomial multiplication by employing a novel sub-structure sharing technique in order to reduce computational complexity, i.e., the number of modular multiplications and modular additions/subtractions consumed. The sub-structure sharing approach is inspired by prior fast parallel approaches based on polyphase decomposition. The proposed efficient feed-forward architecture achieves high speed, low latency, and full utilization of all hardware components, which can significantly enhance the overall efficiency of the Kyber scheme. The FPGA implementation results show that our proposed design, using the fast two-parallel structure, leads to an approximate reduction of 90% in execution time, along with a 66 times improvement in throughput performance.

Cryptography and Security,Hardware Architecture

Yufei Xing,Shuguo Li

DOI: https://doi.org/10.46586/tches.v2021.i2.328-356

2021-02-23

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Post-quantum cryptosystems should be prepared before the advent of powerful quantum computers to ensure information secure in our daily life. In 2016 a post-quantum standardization contest was launched by National Institute of Standards and Technology (NIST), and there have been lots of works concentrating on evaluation of these candidate protocols, mainly in pure software or through hardware-software co-design methodology on different platforms. As the contest progresses to third round in July 2020 with only 7 finalists and 8 alternate candidates remained, more dedicated and specific hardware designs should be considered to illustrate the intrinsic property of a certain protocol and achieve better performance. To this end, we present a standalone hardware design of CRYSTALS-KYBER, amodule learning-with-errors (MLWE) based key exchange mechanism (KEM) protocol within the 7 finalists on FPGA platform. Through elaborate scheduling of sampling and number theoretic transform (NTT) related calculations, decent performance is achieved with limited hardware resources. The way that Encode/Decode and the tweaked Fujisaki-Okamoto transform are implemented is demonstrated in detail. Analysis about minimizing memory footprint is also given out. In summary, we realize the adaptive chosen ciphertext attack (CCA) secure Kyber with all selectable module dimension k on the smallest Xilinx Artix-7 device. Our design computes key-generation, encapsulation (encryption) and decapsulation (decryption and reencryption) phase in 3768/5079/6668 cycles when k = 2, 6316/7925/10049 cycles when k = 3, and 9380/11321/13908 cycles when k = 4, consuming 7412/6785 LUTs, 4644/3981 FFs, 2126/1899 slices, 2/2 DSPs and 3/3 BRAMs in server/client with 6.2/6.0 ns critical path delay, outperforming corresponding high level synthesis (HLS) based designs or hardware-software co-designs to a large extent.

Aobo Li,Dongsheng Liu,Cong Zhang,Xiang Li,Shuo Yang,Xingjie Liu,Jiahao Lu,Xuecheng Zou,Ang Hu,Tianming Ni

DOI: https://doi.org/10.1109/tii.2022.3195743

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Progress of quantum computing technology seriously threaten the industrial information security based on traditional public-key cryptosystem. Thus, the cryptosystem with anti-quantum attack characteristics is gradually becoming a significant research in the security field. In this article, a flexible and high-performance secure coprocessor is designed for security in industrial processes, which can execute the post-quantum cryptographic algorithm Saber efficiently. Custom instruction set and arithmetic accelerators are proposed to effectively optimize the flexibility of system architecture, and improve the performance of calculation. The hardware implementation results show that the maximum operating frequency of the coprocessor can reach 345 MHz. Compared with related state-of-the-art works, it achieves the highest operating frequency on the same Xilinx UltraScale+ FPGA platform, performing the encryption and decryption operations within 13.5 and 15.4 μs, respectively. Meanwhile, this article achieves 1.7/3.1/5.9× area-time product improvements in look-up table flip-flop block memory storage with good flexibility.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Wenbo Guo,Shuguo Li,Liang Kong

DOI: https://doi.org/10.1109/tcsii.2021.3103184

2022-01-01

Abstract:Quantum algorithms pose a huge threat to the current cryptosystems. In this article, we present a hardware implementation of CRYSTALS-KYBER which is one of the post-quantum cryptosystems based on the Module-LWE problem. Using the proposed modular reduction algorithm, modified modular adder and the reconfigurable data path, the design shares the computing resource for different polynomial related operations, and achieves higher degree of parallelism. Our design is implemented on a Xilinx Artix-7 FPGA. Compared with the leading hardware implementations, our design is more compact, the execution time is shorter, and it significantly consumes fewer registers.

Xinyi Ji,Jiankuo Dong,Tonggui Deng,Pinchang Zhang,Jiafeng Hua,Fu Xiao

DOI: https://doi.org/10.1109/tpds.2024.3379734

IF: 5.3

2024-04-10

IEEE Transactions on Parallel and Distributed Systems

Abstract:CRYSTALS-Kyber, as the only public key encryption (PKE) algorithm selected by the National Institute of Standards and Technology (NIST) in the third round, is considered one of the most promising post-quantum cryptography (PQC) schemes. Lattice-based cryptography uses complex discrete algorithm problems on lattices to build secure encryption and decryption systems to resist attacks from quantum computing. Performance is an important bottleneck affecting the promotion of post quantum cryptography. In this paper, we present a High-performance Implementation of Kyber (named HI-Kyber) on the NVIDIA GPUs, which can increase the key-exchange performance of Kyber to the million-level. Firstly, we propose a lattice-based PQC implementation architecture based on kernel fusion, which can avoid redundant global-memory access operations. Secondly, We optimize and implement the core operations of CRYSTALS-Kyber, including Number Theoretic Transform (NTT), inverse NTT (INTT), pointwise multiplication, etc. Especially for the calculation bottleneck NTT operation, three novel methods are proposed to explore extreme performance: the sliced layer merging (SLM), the sliced depth-first search (SDFS-NTT) and the entire depth-first search (EDFS-NTT), which achieve a speedup of 7.5%, 28.5%, and 41.6% compared to the native implementation. Thirdly, we conduct comprehensive performance experiments with different parallel dimensions based on the above optimization. Finally, our key exchange performance reaches 1,664 kops/s. Specifically, based on the same platform, our HI-Kyber is 3.52× that of the GPU implementation based on the same instruction set and 1.78× that of the state-of-the-art one based on AI-accelerated tensor core.

computer science, theory & methods,engineering, electrical & electronic

Wenbo Guo,Shuguo Li

DOI: https://doi.org/10.1109/tc.2023.3320040

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Facing the threat of large-scale quantum computers to traditional public-key cryptography, the National Institute of Standards and Technology has conducted Post-Quantum Cryptography algorithms evaluation for a long time, and CRYSTALS-Kyber has been selected to enter the standardization process. In the previous literature, hardware designs can significantly improve the performance of CRYSTALS-Kyber, and the most time-consuming operations are Number Theoretic Transform (NTT) and point-wise multiplication (PWM). However, the split-radix algorithm, which has a lower theoretical complexity in the FFT, has rarely been studied in the NTT. In this paper, we studied whether there are advantages of introducing split-radix algorithms into the NTT defined by CRYSTALS-Kyber and detailed derived the split-radix algorithms for the forward and inverse NTT without pre- or post-processing. By further optimizing the split-radix algorithm for the forward NTT, one of the three modular multipliers in the $\boldsymbol{L}$L-shaped butterfly unit is replaced by shifting-and-addition, which will reduce the hardware resource consumption. Besides, we proposed a recombined formula for PWM, which reduces the capacity of the intermediate data RAM for PWM by 25%. Together with the proposed hardware scheduling method, the above algorithms can improve performance and save hardware resources.

Hang Yang,Rongmao Chen,Qiong Wang,Zixuan Wu,Wei Peng

DOI: https://doi.org/10.1007/978-981-97-0945-8_7

2024-01-01

Abstract:CRYSTALS-Kyber is a promising post-quantum encryption candidate and has been selected for standardization. However, its operational efficiency faces challenges due to complex and time-consuming polynomial multiplication, which can be accelerated using number-theoretic transform (NTT). In this work, we propose a novel approach of hardware acceleration for NTT-based polynomial multiplication in CRYSTALS-Kyber on FPGA. Our approach leverages pipeline technology and optimized butterfly operation units with Montgomery and Barrett reductions, significantly improving computational efficiency. By running eight butterfly units in parallel, we achieve remarkably shorter computation cycles for key operations such as NTT, INTT, and PWM. Moreover, we introduce a dedicated Kyber algorithm PWM unit and optimized multi-RAM channel storage, greatly boosting memory access efficiency. This comprehensive optimization results in superior energy efficiency, surpassing other existing schemes and propelling the practical application of CRYSTALS-Kyber to new levels of efficiency.

Zewen Ye,Ruibing Song,Hao Zhang,Donglong Chen,Ray Chak-Chung Cheung,Kejie Huang

DOI: https://doi.org/10.46586/tches.v2024.i2.130-153

2024-01-01

Abstract:Lattice-Based Cryptography (LBC) schemes, like CRYSTALS-Kyber and CRYSTALS-Dilithium, have been selected to be standardized in the NIST Post-Quantum Cryptography standard. However, implementing these schemes in resourceconstrained Internet-of-Things (IoT) devices is challenging, considering efficiency, power consumption, area overhead, and flexibility to support various operations and parameter settings. Some existing ASIC designs that prioritize lower power and area can not achieve optimal performance efficiency, which are not practical for battery-powered devices. Custom hardware accelerators in prior co-processor and processor designs have limited applications and flexibility, incurring significant area and power overheads for IoT devices. To address these challenges, this paper presents an efficient lattice-based cryptography processor with customized Single-Instruction-Multiple-Data (SIMD) instruction. First, our proposed SIMD architecture supports efficient parallel execution of various polynomial operations in 256-bit mode and acceleration of Keccak in 320-bit mode, both utilizing efficiently reused resources. Additionally, we introduce data shuffling hardware units to resolve data dependencies within SIMD data. To further enhance performance, we design a dual-issue path for memory accesses and corresponding software design methodologies to reduce the impact of data load/store blocking. Through a hardware/software co-design approach, our proposed processor achieves high efficiency in supporting all operations in lattice-based cryptography schemes. Evaluations of Kyber and Dilithium show our proposed processor achieves over 10x speedup compared with the baseline RISC-V processor and over 5x speedup versus ARM Cortex M4 implementations, making it a promising solution for securing IoT communications and storage. Moreover, Silicon synthesis results show our design can run at 200 MHz with 2.01 mW for Kyber KEM 512 and 2.13 mW for Dilithium 2, which outperforms state-of-the-art works in terms of PPAP (Performance x Power x Area).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li

DOI: https://doi.org/10.1109/cicc60959.2024.10528999

2024-01-01

Abstract:The migration to post-quantum cryptography (PQC) is accelerating with the release of three drafts of the 2023 PQC federal information processing standard (FIPS), of which Kyber is the only officially selected key encapsulation mechanism (KEM) as Figure 1. However, the migration from traditional cryptography to PQC still faces the following three challenges: 1) The significant increase in key size and encryption/decryption latency leads to performance degradation and resource overhead in existing information devices. Moreover, unauthorized access also raises privacy concerns. 2) More complex calculations and scheduling, as well as potential efficiency issues. 3) The risk of side channel attack (SCA) and the improvement of protection requirements faced by PQC hardware.

Dejun Xu,Kai Wang,Jing Tian

2024-07-03

Abstract:CRYSTALS-Kyber (a.k.a. Kyber) has been drafted to be standardized as the only key encapsulation mechanism (KEM) scheme by the national institute of standards and technology (NIST) to withstand attacks by large-scale quantum computers. However, the side-channel attack (SCA) on its implementation is still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all the potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting the correlation power analysis (CPA) attacks on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hiding schemes.

Cryptography and Security