Chuhui Wang,Zewen Ye,Haibin Shen,Kejie Huang

DOI: https://doi.org/10.1007/978-3-031-69766-1_10

2024-01-01

Abstract:Bit Flipping Key Encapsulation (BIKE) is a code-based key encapsulation mechanism that utilizes Quasi-Cyclic Medium Density Parity-Check (QC-MDPC) codes, which is a promising candidate in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization process. Polynomial multiplication calculation is the most critical operation in BIKE, which limits the speed of key generation and encapsulation. The high degree of the polynomial not only requires millions of computations but also necessitates complex memory access. To address this issue, we propose a Computation-in-Memory (CIM) based accelerator architecture for polynomial multiplication operations in BIKE. To minimize the size of the CIM core while maintaining high computational throughput, we propose a folded mapping strategy and a one-memory-multiple-NAND architecture. As a result, a 128x128 array is sufficient for the bike1 parameters, with zero padding at the higher part of the multiplicand. Furthermore, we introduce a data flow scheme that integrates carry-less multiplication and polynomial reduction operations to improve computational efficiency. The post-layout simulation results in 28nm CMOS technology show that our fastest configuration design occupies an area of approximately 1.37 mm(2) with a low power consumption of around 14.17 mW. Compared with state-of-the-art hardware implementations, our proposed design improves the speed of polynomial multiplication by approximately 2.5x.

Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Honglin Kuang,Yifan Zhao,Jun Han

DOI: https://doi.org/10.1109/APCCAS55924.2022.10090293

2022-01-01

Abstract:Saber is a module-learning with rounding-based post-quantum cryptography (PQC) scheme for key encapsulation mechanism (KEM). It is characterized by the use of power-of-two moduli, which makes all modulus reductions free in hardware. However, such a decision prevents the direct implementation of the asymptotically fastest number theoretic transform (NTT) for the time-consuming polynomial multiplication in Saber. To efficiently multiply polynomials, researches have been done using a schoolbook or Toom-Cook or Karatsuba algorithm. Though these approaches result in decent operating speed at moderate area cost, they are disadvantageous when considering expanding the system to support multiple PQC protocols. To enable NTT for Saber, we choose an appropriate prime and use the sign-magnitude format for computation. A concise and efficient vectorized NTT algorithm has been proposed, based on which we design a configurable vector NTT unit to perform NTT and other arithmetic operations. The accelerator is dedicatedly pipelined to achieve high speed and is driven by custom vector instruction extension of RISC-V. We implement the proposed architecture with vector lanes of 32 and 16 on Xilinx UltraScale+ ZCU111. Results show that our design can achieve up to 5x and 3x improvement in computation time and area-time-product (ATP) respectively for degree-256 polynomials multiplication, compared to the state-of-the-art Saber polynomial multiplier counterparts.

Dejian Li,Junjie Zhong,Song Cheng,Yuantuo Zhang,Shunxian Gao,Yijun Cui

DOI: https://doi.org/10.3390/electronics13040675

IF: 2.9

2024-02-07

Electronics

Abstract:Information is pivotal in contemporary society, highlighting the necessity for a secure cryptographic system. The emergence of quantum algorithms and the swift advancement of specialized quantum computers will render traditional cryptography susceptible to quantum attacks in the foreseeable future. The lattice-based Saber key encapsulation protocol holds significant value in cryptographic research and practical applications. In this paper, we propose three types of polynomial multipliers for various application scenarios including lightweight Schoolbook multiplier, high-throughput multiplier based on the TMVP-Schoolbook algorithm and improved pipelined NTT multiplier. Other principal modules of Saber are designed encompassing the hash function module, sampling module and functional submodule. Based on our proposed multiplier, we implement the overall hardware circuits of the Saber key encapsulation protocol. Experimental results demonstrate that our overall hardware circuits have different advantages. Our lightweight implementation has minimal resource consumption. Our high-throughput implementation only needs 23.28 μs to complete the whole process, which is the fastest among the existing works. The throughput rate is 10,988 Kbps and the frequency is 416 MHz. Our hardware implementation based on the improved pipelined NTT multiplier achieved a good balance between area and performance. The overall frequency can reach 357 MHz.

engineering, electrical & electronic,computer science, information systems,physics, applied

Weihang Tan,Antian Wang,Yingjie Lao,Xinmiao Zhang,Keshab K. Parhi

DOI: https://doi.org/10.1109/TC.2023.3251847

2023-02-24

Abstract:This paper presents a low-latency hardware accelerator for modular polynomial multiplication for lattice-based post-quantum cryptography and homomorphic encryption applications. The proposed novel modular polynomial multiplier exploits the fast finite impulse response (FIR) filter architecture to reduce the computational complexity of the schoolbook modular polynomial multiplication. We also extend this structure to fast $M$-parallel architectures while achieving low-latency, high-speed, and full hardware utilization. We comprehensively evaluate the performance of the proposed architectures under various polynomial settings as well as in the Saber scheme for post-quantum cryptography as a case study. The experimental results show that our proposed modular polynomial multiplier reduces the computation time and area-time product, respectively, compared to the state-of-the-art designs.

Cryptography and Security,Hardware Architecture

Jianfei Wang,Jia Hou,Fahong Zhang,Yishuo Meng,Yang Su,Chen Yang

DOI: https://doi.org/10.1109/tcsii.2024.3457494

2024-01-01

Abstract:In this brief, an improved and efficient Winograd-based Large Integer Multiplication using least-positive form named WLIM is proposed, which can reduce 28.61% to 33.33% of the number of multiplications compared to least-positive form direct multiplication. By exploiting the cyclic parallelism of the improved algorithm, an Efficient and Parallelism-Scalable Large Integer Multiplier architecture named EPSM is proposed, which has two levels of adjustable parallelism. EPSM is implemented on Xilinx Virtex-7 VC709 Board, Zynq UltraScale+ XZCU19EG Device, and Alveo U250 Card, by using Vivado. Compared with the related works, EPSM can achieve a performance improvement of 1.29× 20.99×. In terms of area efficiency, EPSM can achieve 3.54× 41.41× area-time product (ATP) improvements.

Jianfei Wang,Chen Yang,Fahong Zhang,Yishuo Meng,Yang Su

DOI: https://doi.org/10.1109/tvlsi.2023.3277865

2023-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Polynomial multiplication over rings is a significant bottleneck of ring learning with error (RLWE)-based encryption. To speed it up, three algorithms are widely used, i.e., number theoretic transform (NTT), Schoolbook, and Toom-Cook. Compared with Schoolbook and NTT, Toom-Cook can achieve a better trade-off between performance and flexibility. However, in Toom-Cook postprocessing, there are many redundant steps and calculations that have not been eliminated. Therefore, we propose an efficient, compressed, and fused Toom-Cook postprocessing algorithm that reduces the number of steps and at least 33.33% of the arithmetic operations of postprocessing. A highly reconfigurable and efficient Toom-Cook-based polynomial multiplier (TCPM) is proposed to speed up polynomial multiplication over rings. In TCPM, a high-throughput and efficient heterogeneous processing element (PE) array is designed to exploit the parallelism of Toom-Cook, and based on the compressed algorithm, the PE array for postprocessing is scaled down. In addition, as it is provided with a reconfigurable evaluation module, a flexible polynomial data storage module and a universal PE array, TCPM can efficiently map and execute Toom-Cook-2, 3, and 4 on a unified hardware architecture. Implemented on the Xilinx VC709 field-programmable gate array (FPGA) platform, TCPM can perform a Toom-Cook-4-based $256\times256$ polynomial multiplication over rings with a modulus of a power of two or a prime every 3.28 $\mu \text{s}$ at a 360-MHz clock frequency. It achieves a $2.47\times $ to $50.11\times $ speedup compared with the previous designs.

Trong-Hung Nguyen,Binh Kieu-Do-Nguyen,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.1109/access.2024.3371581

IF: 3.9

2024-03-12

IEEE Access

Abstract:The efficiency of polynomial multiplication execution majorly impacts the performance of lattice-based post-quantum cryptosystems. In this research, we propose a high-speed hardware architecture to accelerate polynomial multiplication based on the Number Theoretic Transform (NTT) in CRYSTAL-Kyber and CRYSTAL-Dilithium. We design a Digital Signal Processing (DSP) architecture for modular multiplication in butterfly and Point-Wise Multiplication (PWM) operations. Our method reduces the critical path delay of an -bit multiplier to that of a ( -2)-bit adder, optimizing both area and speed. These dedicated DSPs are employed in butterfly and PWM operations, completely eliminating the pre-process and post-process of NTT transforms. Furthermore, we introduce a novel unified pipelined architecture for the NTT and Inverse NTT (INTT) transformations of Kyber and Dilithium, with corresponding high-speed (Radix-2) and ultra-high-speed (Radix-4) versions. Lastly, we construct a complete hardware accelerator for polynomial matrix-vector multiplication in Kyber. The Field-Programmable Gate Array (FPGA) implementation results have proven that our designs have significantly improved execution time by – for the NTT transforms in Dilithium and – for Kyber polynomial multiplication, compared to previous studies reported to date. Additionally, the hardware footprint results indicate that our proposed architectures exhibit superior hardware performance in Area-Time-Product (ATP), corresponding to a 44%–96% improvement. The proposed architectures are efficient and well-suited for high-performance lattice-based cryptography systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tang Hu,Xiangdi Li,Xiao Yu,Songnan Ren,Li Yan,Xuyang Bai,Zhiwei Xu,Shiqiang Zhu

DOI: https://doi.org/10.1109/tcsii.2022.3200750

2022-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:Efficient FPGA-based floating-point singular value decomposition (SVD) is challenging for its enormous complexity with the rapid growth of the matrix dimension. Numerous hardware architectures have been proposed to improve the performance of SVD by increasing capacity of computation units, reusing data, and enhancing bandwidth. These designs, however, are not optimum due to their low parallelism, poor data access efficiency, and inferior iterations scheduling. In this express, we propose a block column vector Hestenes-Jacobi (BCV Jacobi) algorithm that decomposes an arbitrary large matrix into several blocks, enhances the access efficiency by customizing the distinctive data structure, and improves the system-level parallelism by simplifying the iteration scheduling. The proposed BCV Jacobi algorithm also achieves better scalability and efficiency. Experimental results show that the performance of the proposed FPGA based SVD processor is superior to other SVD implementations in terms of parallelism, data access efficiency, matrix size, and execution time. When compared with state of the art SVD accelerator engine, the proposed algorithm speeds up the runtime over $2{\times }$ on average.

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2015.399

2015-01-01

Abstract:Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial multiplication over rings is the most critical and computationally intensive operation of these cryptosystems. In this paper, we exploit the number theoretic transform (NTT) to build a family of scalable polynomial multiplier architectures, which provide designers with a trade-off choice of speed vs. area. Our multiplier architectures reduce the required clock cycles from 8n+1.5n lg n) to (2n+1.5n lg n)/B, where n is the dimension of the polynomials and B is number of butterfly operators. The experimental results on a Spartan-6 FPGA show that our proposed polynomial multiplier (B = 2) achieves a speedup of 2.5 times on average and consumes less slices and block RAMs when compared with the state of art of compact design. On a Stratix FPGA, our polynomial multiplier (B = 4) is able to achieve a speedup of 1.2 times on average and save around 90% Memory ALUTs, 75% block memory bits, and 63% DSPs when compared with the state of art of high speed design. On a Spartan-6 FPGA, our polynomial multiplier (B = 8) is capable to calculate the product of two polynomials of degree 256/512/1024/2048 in 2.88/5.71/11.46/24.89 µs.

Liejun Ma,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/icet49382.2020.9119654

2020-01-01

Abstract:In the last few years, with the fleeting progress of quantum computer the traditional encryption technology is being threatened. Lattice based cryptography is a new post quantum cryptography which has been proved the security under the quantum computer attack. However, due to the limitation of communication frequency and power consumption, it is difficult to implement the lattice based cryptographic algorithm on the existing general processor platform. The polynomial multiplication is the most basic and critical operation in these lattice based cryptographic systems. It is also the computationally intensive operation which is more suitable for hardware implement. In this paper, we proposed a small area, low-power polynomial multiplier design in a specific field. Our scheme not only ensures the performance requirements, but also reduces the overhead of area and power consumption. The proposed scheme in this paper need not use the DSP resources on FPGA so that we can maximize the parallel NTT butterfly operators to improve the computing efficiency. It is a low-cost, high-performance implementation scheme.

Jianfei Wang,Chen Yang,Yishuo Meng,Fahong Zhang,Jia Hou,Siwei Xiang,Yang Su

DOI: https://doi.org/10.1109/tcsi.2024.3483229

2024-01-01

IEEE Transactions on Circuits and Systems I Regular Papers

Abstract:Out-of-place constant-geometry (CG) NTT usually has a simple and uniform memory access pattern. However, out-of-place CG NTT always requires ping-pong memory, resulting in a memory capacity requirement of 2 $N$ . Therefore, we propose a novel radix-4 in-place CG (IPCG) NTT/INTT that reduces the capacity requirement from 2 $N$ to $N$ . An area-efficient and dynamical reconfigurable polynomial multiplier (RAEPM) based on IPCG NTT is proposed to speed up polynomial multiplication over rings. In RAEPM, a Barrett modular multiplier using area-efficient radix-4 booth multiplier is designed to reduce area. In addition, an odd-bank buffer structure is proposed to achieve conflict-free memory mapping independent of polynomial length $N$ and NTT/INTT stage. Moreover, we also proposed an efficient modular reduction for specific numbers and introduced a division equivalent method to eliminate the odd number modular reduction and odd number division in addressing. RAEPM is implemented on Xilinx VC709 FPGA and runs at 294MHz clock frequency. Compared with the prior pure NTT accelerators, under the same parameters, RAEPM achieves a decrease of 39.02% $\sim$ 57.63% in area-time complexity of equivalent LUT, and a decrease of 15.97% $\sim$ 49.24% in area-time complexity of equivalent FF. Compared with the prior NTT-based polynomial multipliers, under the same parameters, RAEPM achieves a decrease of 35.48% $\sim$ 90.81% in area-time complexity of equivalent LUT, and a decrease of 24.24% $\sim$ 88.41% in area-time complexity of equivalent FF.

Xiang Feng,Shuguo Li,Sufen Xu

DOI: https://doi.org/10.1109/tcsii.2019.2917621

2020-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:Cryptography based on ring learning with error (RLWE) problem has become increasingly popular due to its resistance against quantum analysis. The most time-consuming operation in RLWE cryptosystem is polynomial multiplication. This brief presents a novel polynomial multiplier based on Stockham fast Fourier transform (FFT) algorithm. We propose a multi-lane number theoretic transform (NTT) algorithm which can achieve ${n}$ -degree polynomial multiplication in ${(nlgn)/d+2n/d}$ clock cycles with ${d}$ lanes of butterfly units. In addition, we also customize a memory addressing strategy and a round constant managing scheme for the proposed multi-lane NTT algorithm. Based on our proposed algorithm, a high-speed polynomial multiplier is accomplished on FPGA platform. Implementation results on Spantan-6 FPGA show that our proposed algorithm can achieve a speed up factor of no less than 2.7 times compared with the state of art designs.

郑伟,姚庆栋,张明,刘鹏,李东晓

DOI: https://doi.org/10.3785/j.issn.1008-973X.2004.05.004

2004-01-01

Abstract:The structure of a low-power 16 bit by 8 bit two's complement multiplier unit in the design of a DSP (digital signal processor) chip was proposed based on standard cell. The multiplier used modified Booth's algorithm to generate the partial products, a Wallace tree structure to achieve the high-speed partial products addition, and finally, a high speed carry lookahead adder to finish the carry propagation. The delay of the carry propagation plays a very important role in the whole delay of the multiplier. To solve this problem, the LRCF (left-to-right-carry-free) algorithm was applied to complete the MSB (most significant bits) result calculation partially parallel with the Wallace tree addition. The power consumption distribution within this multiplier was analyzed and some methods were applied to reduce the switching activity of the Wallace tree structure to reduce the power consumption. Based on the UMC 0.18 μm CMOS technology standard cell library, the reports of Design Power showed that the multiplier can achieve the speed of 2.80 ns, an average dynamic power dissipation of 0.089 mW/MHz at 1.62 V and 125°C.

Mengyuan Li,Haoran Geng,Michael Niemier,Xiaobo Sharon Hu

2023-07-27

Abstract:Lattice-based cryptographic algorithms built on ring learning with error theory are gaining importance due to their potential for providing post-quantum security. However, these algorithms involve complex polynomial operations, such as polynomial modular multiplication (PMM), which is the most time-consuming part of these algorithms. Accelerating PMM is crucial to make lattice-based cryptographic algorithms widely adopted by more applications. This work introduces a novel high-throughput and compact PMM accelerator, X-Poly, based on the crossbar (XB)-type compute-in-memory (CIM). We identify the most appropriate PMM algorithm for XB-CIM. We then propose a novel bit-mapping technique to reduce the area and energy of the XB-CIM fabric, and conduct processing engine (PE)-level optimization to increase memory utilization and support different problem sizes with a fixed number of XB arrays. X-Poly design achieves 3.1X10^6 PMM operations/s throughput and offers 200X latency improvement compared to the CPU-based implementation. It also achieves 3.9X throughput per area improvement compared with the state-of-the-art CIM accelerators.

Cryptography and Security,Hardware Architecture

Chaohui Du,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1145/2902961.2902969

2016-01-01

Abstract:Many lattice-based cryptosystems are based on the security of the Ring learning with errors (Ring-LWE) problem. The most critical and computationally intensive operation of these Ring-LWE based cryptosystems is polynomial multiplication. In this paper, we exploit the number theoretic transform to build a high-speed polynomial multiplier for the Ring-LWE based public key cryptosystems. We present a versatile pipelined polynomial multiplication architecture to calculate the product of two $n$-degree polynomials in about (( n lg n )/4 + n /2) clock cycles. In addition, we introduce several optimization techniques to reduce the required ROM storage. The experimental results on a Spartan-6 FPGA show that the proposed hardware architecture can achieve a speedup of on average 2.25 than the state of the art of high-speed design. Meanwhile, our design is able to save up to 47.06% memory blocks.

Ruiqi Chen,Haoyang Zhang,Yuhanxiao Ma,Jianli Chen,Jun Yu,Kun Wang

DOI: https://doi.org/10.1109/iscas46773.2023.10181734

2023-01-01

Abstract:Symmetric Sparse Matrix-Vector Multiplication (SSpMV) is a prevalent operation in numerous application domains (e.g., physical simulations, machine learning, and graph processing). Existing researches focus on the SSpMV implementation and its improvement on high-performance computing platforms but ignore the resource-limited edge platforms due to the main challenges: memory access overload and limited computing parallelism feasibility. To this end, this paper proposes an embedded-FPGA-based hardware accelerator for SSpMV, called eSSpMV. We first propose an optimized data format, named Symmetric Compressed Sparse Row (SCSR), to reduce memory consumption. Moreover, a fully-pipelined computation unit is proposed to be compatible with the optimized data format. Experimental results show that eSSpMV outperforms the stateof-the-art FPGA implementation for 2.9 x speedup, while still achieving a computing resource reduction of 39.3% and 32.3% for LUT and DSP, respectively. As for edge CPU and GPU implementations, eSSpMV achieves 9.3x speedup over CPU while acquiring 13.1x better power latency product than GPU.

Raziyeh Salarifard,Hadi Soleimany

DOI: https://doi.org/10.1007/s13389-024-00357-1

2024-06-06

Journal of Cryptographic Engineering

Abstract:The number theoretic transform (NTT) is used to efficiently execute polynomial multiplication. It has become an important part of lattice-based post-quantum methods and the subsequent generation of standard cryptographic systems. However, implementing post-quantum schemes is challenging since they rely on intricate structures. This paper demonstrates how to develop a high-speed NTT multiplier highly optimized for FPGAs with few logical resources. We describe a novel architecture for NTT that leverages unique precomputation. Our method efficiently maps these specific pre-computed values into the built-in Block RAMs, which greatly reduces the area and time required for implementation when compared to previous works. We have chosen Kyber parameters to implement the proposed architectures. Compared to the most well-known approach for implementing Kyber's polynomial multiplication using NTT, the AC (area latency) is reduced by , and AT (area time) is improved by as a result of the pre-computation we suggest in this study.

computer science, theory & methods

JianWei Liu,DongXu Cheng,ZhenYu Guan,Ziyu Wang

DOI: https://doi.org/10.1109/iisr.2018.8535680

2018-01-01

Abstract:With the rapid development of cloud computing, e-commerce, authentication among multi-robot systems, the highspeed implementation of Elliptic Curve Cryptography (ECC) is in widespread use. The performance of ECC is decided by the design of scalar point multiplier, which is one of the most time-consuming component. This paper presents a full set of methods to achieve an ultra high-speed scalar point multiplier, its Scalar Point Multiplication (SPM) is optimized comprehensively in terms of speed-first design approach by concurrently implementing the Point-add (PA) and Point-double (PD) algorithms, improving large integer modular inversion algorithm and large integer modular multiplication algorithm. Finally, Montgomery domain operation and Non-Adjacent Form (NAF) encoding theory are applied to enhance the speed of scalar point multiplier. In the VLSI design, a high-speed $\pmb{256\times 256}$ -bit scalar point multiplier is achieved based on SMIC's 65nm process. It can complete single calculation of SPM within 12.5us on average, in other word, 80,000 times of SPM can be computed in one second. Compared to the scalar point multiplier realized by other publications based on VLSI, the reports for circuits synthesis show that our multiplier is optimal in terms of $AT^{2}$ and ultrafast in terms of speed.

Zhuo Chen,Duoli Zhang,Zhenmin Li,Gaoming Du,Xiaolei Wang

DOI: https://doi.org/10.1145/3649476.3658794

2024-06-12

Abstract:In the post-quantum signature CRYSTALS-Dilithium algorithm, polynomial multiplication accounts for 32% of the total computation Latency. It is necessary to design a high-performance polynomial multiplication module. In this paper, we have proposed a low-Latency polynomial multiplier. First, we insert registers in the Radix-2 Multi-path Delay Commutator (R2MDC) structure to increase clock frequency. Additionally, to further enhance the computational clock frequency, we have designed a five-stage pipelined Butterfly unit. Secondly, we have proposed a fully pipelined polynomial multiplier that supports polynomial point-wise multiplication during NTT/INTT transformations to save a significant number of cycles. We also designed a configurable Polynomial Pointwise Multiplication (PPM) module that supports calculations with three different security levels. Our polynomial multiplier structure is implemented on the K7 model of FPGA. Compared to the currently fastest design in terms of computational speed, we have saved between 13% and 39% of the computation latency.

Engineering,Computer Science