Yifan Zhao,Honglin Kuang,Yi Sun,Zhen Yang,Chen,Jianyi Meng,Jun Han

DOI: https://doi.org/10.1109/asap57973.2023.00014

2023-01-01

Abstract:We present a cryptography extension built on RISC-V Vector Extension for efficient application of lattice-based post-quantum cryptography, offering custom instructions that can perform vectorized operations on polynomials of variable length and data width. We use micro-operation architecture to simplify the execution of variable-latency vector instructions and propose fracturable modular arithmetic units to support operations on variable coefficient width. On this basis, a vector unit is designed, achieving significant speed-up compared to the state-of-the-art counterparts for number-theoretic-transform-based polynomial multiplication. This cryptography extension is further integrated into the gem5 simulator to evaluate CRYSTALS-Kyber and CRYSTALS-Dilithium; results outperform the state-of-the-art implementations with more than 2.3 × improvement in cycle count.

Chuhui Wang,Zewen Ye,Haibin Shen,Kejie Huang

DOI: https://doi.org/10.1007/978-3-031-69766-1_10

2024-01-01

Abstract:Bit Flipping Key Encapsulation (BIKE) is a code-based key encapsulation mechanism that utilizes Quasi-Cyclic Medium Density Parity-Check (QC-MDPC) codes, which is a promising candidate in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization process. Polynomial multiplication calculation is the most critical operation in BIKE, which limits the speed of key generation and encapsulation. The high degree of the polynomial not only requires millions of computations but also necessitates complex memory access. To address this issue, we propose a Computation-in-Memory (CIM) based accelerator architecture for polynomial multiplication operations in BIKE. To minimize the size of the CIM core while maintaining high computational throughput, we propose a folded mapping strategy and a one-memory-multiple-NAND architecture. As a result, a 128x128 array is sufficient for the bike1 parameters, with zero padding at the higher part of the multiplicand. Furthermore, we introduce a data flow scheme that integrates carry-less multiplication and polynomial reduction operations to improve computational efficiency. The post-layout simulation results in 28nm CMOS technology show that our fastest configuration design occupies an area of approximately 1.37 mm(2) with a low power consumption of around 14.17 mW. Compared with state-of-the-art hardware implementations, our proposed design improves the speed of polynomial multiplication by approximately 2.5x.

Honglin Kuang,Yifan Zhao,Jun Han

DOI: https://doi.org/10.1109/APCCAS55924.2022.10090293

2022-01-01

Abstract:Saber is a module-learning with rounding-based post-quantum cryptography (PQC) scheme for key encapsulation mechanism (KEM). It is characterized by the use of power-of-two moduli, which makes all modulus reductions free in hardware. However, such a decision prevents the direct implementation of the asymptotically fastest number theoretic transform (NTT) for the time-consuming polynomial multiplication in Saber. To efficiently multiply polynomials, researches have been done using a schoolbook or Toom-Cook or Karatsuba algorithm. Though these approaches result in decent operating speed at moderate area cost, they are disadvantageous when considering expanding the system to support multiple PQC protocols. To enable NTT for Saber, we choose an appropriate prime and use the sign-magnitude format for computation. A concise and efficient vectorized NTT algorithm has been proposed, based on which we design a configurable vector NTT unit to perform NTT and other arithmetic operations. The accelerator is dedicatedly pipelined to achieve high speed and is driven by custom vector instruction extension of RISC-V. We implement the proposed architecture with vector lanes of 32 and 16 on Xilinx UltraScale+ ZCU111. Results show that our design can achieve up to 5x and 3x improvement in computation time and area-time-product (ATP) respectively for degree-256 polynomials multiplication, compared to the state-of-the-art Saber polynomial multiplier counterparts.

Yang Su,Bai-Long Yang,Chen Yang,Jing-Yuan He

DOI: https://doi.org/10.1007/s12652-020-02497-8

IF: 3.662

2020-09-02

Journal of Ambient Intelligence and Humanized Computing

Abstract:Composite Galois field multiplication is one of the most important and complex nonlinear arithmetic unit in symmetric cipher algorithms. However, current hardware implementations are hard to maintain high performance and flexibility. Based on reconfigurable technology, we propose a flexible architecture of composite Galois field multiplication (RCGFM) and dedicated instructions of composite Galois filed multiplication (ICGFM) over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span>, where <span class="mathjax-tex">\(n = 8,m = 1,2,3,4\)</span>. The RCGFM adopts a serial–parallel mixed structure, which can achieve different Galois field multiplications with good parallelism and scalability. By extending the <span class="mathjax-tex">\(x^{k} B\)</span> multiplications of serial chain, where <span class="mathjax-tex">\(k = 1,2,3\)</span>, the RCGFM can concurrently support the composite Galois filed multiplications with higher orders, such as <span class="mathjax-tex">\(GF((2^{8} )^{m} )\)</span>, where <span class="mathjax-tex">\(m \ge 5,m \in {\mathbb{Z}}^{ + }\)</span>. Moreover, in order to reduce the instruction overhead of target symmetric crypto processor, the ICGFM is specially designed, which is composed of operation and configuration instructions for <span class="mathjax-tex">\(x^{k} B\)</span> and <span class="mathjax-tex">\(A \times B\)</span> over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span>. The ICGFM can be applied to RCGFM structure efficiently and flexibly by configuring the corresponding parameters. The experimental results show that under 0.18 µm CMOS technology, the maximum clock frequency is 625 MHz, while the area of circuit is 11.2 kilo gates. Compared with current researches, the RCGFM structure can improve the throughput rate more than a factor of 1.36x–9.19x, when normalized to the same technology and per kilo gates, the technology-scaled throughput rate increases more than a factor of 1.25x–4.4x, while the area overhead does not increase significantly. In addition, the ICGFM can reduce 1–2 orders of magnitude the number of instructions compared with other works. At last, the reconfigurable architecture we proposed supports different composite Galois field multiplications over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span> with more flexibility and efficiency.

computer science, information systems,telecommunications, artificial intelligence

Guozhu Xin,Jun Han,Tianyu Yin,Yuchao Zhou,Jianwei Yang,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2020.2983185

2020-08-01

Abstract:In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.

Long-mei Nan,Xiao-yang Zeng,Wei Li,Chen Lin,Yi-ran Du,Zi-bin Dai

DOI: https://doi.org/10.1109/icsict.2018.8565649

2018-01-01

Abstract:In order to enhance the performance of composite field multiplications (CFM) realized by RISC processors and VLIW processors, high-performance and flexible composite field multiplications special instructions targeted at cryptographic algorithms processing are designed in this paper. Through analyzing the processing characteristics of CFM operations in different cryptographic algorithms, the proposed CFM instructions can support CFM operations in different composite field GF(2 8 ) m , under different basic and extended field generating polynomials (g(x), m(x)). The values of m can be 1, 2, 3, and 4; generating polynomials can support PAGE0, PAGE1, PAGE2, PAGE3. Furthermore, expanded CFM instructions are also exploited to support the execution of each instruction forcefully too, which are very strong to finish CFM operations in GF(2 k ) when k=8×m (GF(2 8 ), GF(2 16 ), GF(2 24 ), GF(2 32 )). So the CFM special instructions designed can be used as ameliorative instructions for RISC and VLIW universal processors to advance the performance of cryptographic algorithms, keeping high flexibility of RISC and VLIW universal processors.

Jie Shen,Biao Long,Chun Huang

DOI: https://doi.org/10.1007/s11390-021-1203-5

IF: 1.871

2023-08-09

Journal of Computer Science and Technology

Abstract:Transcendental functions are important functions in various high performance computing applications. Because these functions are time-consuming and the vector units on modern processors become wider and more scalable, there is an increasing demand for developing and using vector transcendental functions in such performance-hungry applications. However, the performance of vector transcendental functions as well as their accuracy remain largely unexplored. To address this issue, we perform a comprehensive evaluation of two Single Instruction Multiple Data (SIMD) intrinsics based vector math libraries on two ARMv8 compatible processors. We first design dedicated microbenchmarks that help us understand the performance behavior of vector transcendental functions. Then, we propose a piecewise, quantitative evaluation method with a set of meaningful metrics to quantify their performance and accuracy. By analyzing the experimental results, we find that vector transcendental functions achieve good performance speedups thanks to the vectorization and algorithm optimization. Moreover, vector math libraries can replace scalar math libraries in many cases because of improved performance and satisfactory accuracy. Despite this, the implementations of vector math libraries are still immature, which means further optimization is needed, and our evaluation reveals feasible optimization solutions for future vector math libraries.

computer science, software engineering, hardware & architecture

Zhuo Zhang,Jieyu Zheng,Yunlei Zhao

DOI: https://doi.org/10.1109/icpads60453.2023.00383

2023-01-01

Abstract:To tackle the challenges introduced by quantum computers to traditional public key cryptography, the domain of post-quantum cryptography (PQC) has taken center stage. Within this domain, the evaluation of computational performance emerges as a pivotal yardstick. Notably, NTTRU stands for one of the most efficient PQC schemes for key encapsulation mechanisms (KEM). This paper introduces the first optimized implementation of NTTRU on ARMv8 architecture. By leveraging the capabilities of the NEON engine, we strategically optimize the core modules of NTTRU: NTT/INTT, polynomial base case multiplication, and polynomial inversion. These optimizations have resulted in remarkable performance gains of 7.37×, 6.10×, 5.91×, and 4.43×, respectively when compared to the reference implementation. For the whole implementation, we achieve performance improvement of 2.85×, 2.36×, and 3.27× in key generation, encapsulation, and decapsulation respectively.

Xianwei Gao,Lian Xue,Zishan Tian

DOI: https://doi.org/10.1109/EEI59236.2023.10212585

2023-06-30

Abstract:The Number Theoretical Transform (NTT) plays a crucial role in post-quantum cryptography algorithms, with its computational performance directly impacting system operating speed. This article proposes a high-performance NTT hardware architecture based on a pipeline architecture to address the challenges of lengthy computing processes and complex control logic in NTT hardware implementation. Firstly, a recursive NTT is advanced to simplify the calculation process and facilitate hardware implementation. Next, effective pipeline segmentation is applied to the computing process to reduce hardware architecture complexity. Finally, a two-stage butterfly operation is employed to implement butterfly elements, and the reduction calculation process is optimized using shift and addition, resulting in reduced hardware resource costs. The proposed NTT hardware architecture is implemented on Quartus II (EP2AGZ225FF35C3) taking the CRYSTALS-Kyber anti-quantum cryptography scheme as an example, since the selected prime number can meet requirements. Experimental results demonstrate that the proposed design outperforms other related designs in terms of computational performance and hardware overhead.

Engineering,Computer Science

Xinglong Yu,Yi Sun,Yifan Zhao,Honglin Kuang,Jun Han

DOI: https://doi.org/10.23919/date58400.2024.10546713

2024-01-01

Abstract:The National Institute of Standards and Technology (NIST) has selected FALCON as one of the standardized digital signature algorithms against quantum attacks in 2022. Compared with the other post-quantum cryptography (PQC) schemes, lattice-based FALCON is more appropriate for future Internet of Things (IoT) applications due to the fastest signature verification process and the lowest transmission overhead. In this paper, we propose a custom extension based on the RISC-V scalar-vector framework for efficient implementation of FALCON. To our best knowledge, this work is the first hardware-software co-design for complete FALCON signature generation and verification routines. Besides, we design the first FALCON Gaussian sampling hardware and a RISC-V vector extension (RVV) based domain-specific core. The proposed architecture accelerates kernel operations in FALCON, such as discrete Gaussian sampling, number theoretic transform (NTT), inverse NTT, and polynomial operations. Compared with the reference implementation, results on the gem5-RTL simulation platform present a speedup for signature generation and verification of up to 18x and 6.9x.

Yunan Zhang,Po-An Tsai,Hung-Wei Tseng

DOI: https://doi.org/10.48550/arXiv.2205.01252

2022-09-01

Abstract:Matrix-multiplication units (MXUs) are now prevalent in every computing platform. The key attribute that makes MXUs so successful is the semiring structure, which allows tiling for both parallelism and data reuse. Nonetheless, matrix-multiplication is not the only algorithm with such attributes. We find that many algorithms share the same structure and differ in only the core operation; for example, using add-minimum instead of multiply-add. Algorithms with a semiring-like structure therefore have potential to be accelerated by a general-purpose matrix operation architecture, instead of common MXUs. In this paper, we propose SIMD$^2$, a new programming paradigm to support generalized matrix operations with a semiring-like structure. SIMD$^2$ instructions accelerate eight more types of matrix operations, in addition to matrix multiplications. Since SIMD$^2$ instructions resemble a matrix-multiplication instruction, we are able to build SIMD$^2$ architecture on top of any MXU architecture with minimal modifications. We developed a framework that emulates and validates SIMD$^2$ using NVIDIA GPUs with Tensor Cores. Across 8 applications, SIMD2 provides up to 38.59$\times$ speedup and more than 10.63$\times$ on average over optimized CUDA programs, with only 5% of full-chip area overhead.

Hardware Architecture

Yalong Pang,Jun Han,Jianmin Zeng,Yujie Huang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/isocc.2017.8368818

2017-01-01

Abstract:This paper presents instruction set extension and hardware acceleration for SVM application toward a vector processor. Based on the nyuzi processor, we customize the corresponding hardware acceleration unit, namely, kernel function processing unit (KPU), both supporting the linear kernel function and radial basis function (RBF) kernel. This work we utilize the mask vector to realize the exponential computation, and the total RBF kernel is completed with only approximately 35 basic instructions. The design is synthesized with SMIC 65nm CMOS technology, requiring 887 equivalent kGates and the max frequency is 540MHz. The simulation results show that with KPU the cycles of SVM training is obviously decreased and speedup is 2.62.

Longmei Nan,Xiaoyang Zeng,Qi Ding,Wei Li,Yiran Du,Lin Chen

DOI: https://doi.org/10.1109/iaeac.2018.8577824

2018-01-01

Abstract:High-performance and flexible finite field X multiplications special instructions targeted at cryptographic algorithms processing are proposed in this paper, in order to dispel the performance bottleneck of X multiplications realized by RISC and VLIW universal processors. Through analyzing the processing characteristics of X multiplications in different cryptographic algorithms, the proposed X-k multiplication instructions can support different processing data widths (8 bits, 16 bits, 32 bits, 64 bits, 128 bits), different k values (1 similar to 8), and instruction parallelism based on VLIW and operating several small data width at the same time are also designed with parallelism of 4, 2, 1 respectively. Furthermore, expanded X multiplication instructions are exploited to support the execution of each instruction forcefully too. The X multiplications special instructions designed can be used as ameliorative instructions for RISC and VLIW universal processors to advance the performance of cryptographic algorithms.

Quan Zhang,Yujie Huang,Yujie Cai,Yalong Pang,Jun Han

DOI: https://doi.org/10.1109/icsict.2018.8564985

2018-01-01

Abstract:A ring learning with errors(RLWE) cryptoprocessor based on the RISC-V instruction set architecture is proposed in this work. The cryptoprocessor is the integration of RISC-V core and co-processor. The co-processor is designed to complete complex polynomial operation such as addition, subtraction and multiplication. And RISC-V core is responsible for sending simple signals to control the operation of co-processor. To support parallel data processing and increase the bandwidth of accessing memory, this work extends vector channels and uses vector paths in internal data bus to transfer data. Besides, Operands adopt a memory-memory approach to reduce the latency of accessing data. The polynomial multiplication chooses the algorithm based on number theoretic transform(NTT). In the cryptosystem, arithmetic operations are performed on the NTT domain, which avoids the frequent operations of conversion to the finite-loop domain. And polynomial processing unit adopts the architecture of 8-lanes commutator to improve the degree of data parallelism. Barrett algorithm is chosen as module reduction operation in finite-loop domain. Simulation results show that RLWE cryptoprocessor operates properly and requires 60.5/22.0us to complete encryption/decryption. Results depict time-taken in encryption and decryption are both reduced comparing to designs based on FPGA Virtrex.

Yifan Zhao,Ruiqi Xie,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/tcsi.2022.3162593

2022-01-01

Abstract:The 5G edge computing infrastructure should be empowered with quantum attack resistance by implementing post-quantum cryptography (PQC). Among various PQC schemes, lattice-based cryptography (LBC) based on learning with error (LWE) has attracted much attention because of its performance efficiency and security guarantee. In LWE-based LBCs, the Module-LWE-based schemes gain advantage over the others benefiting from the unique polynomial matrix and vector structure. To provide a high-performance implementation of Module-LWE applications for the edge computing paradigm, we propose a domain-specific processor based on a matrix extension of RISC-V architecture. This custom extension encapsulates the matrix-based ring operations with a high-level functional abstraction. A 2-D systolic array with configurable functionality is proposed to perform matrix-based number theoretic transform (NTT) and other arithmetic operations, achieving high data-level parallelism with support for the variable-sized polynomial matrix and vector structure. As this structure of Module-LWE involves no data dependency between different inner elements, an out-of-order mechanism is further developed to exploit the instruction-level parallelism. We implement the proposed architecture under TSMC 28nm technology. The evaluation results show that our implementation can achieve up to and improvement in cycle count respectively in Kyber and Dilithium, compared to the state-of-the-art crypto-processor counterparts.

Lu Li,Qi Tian,Guofeng Qin,Shuaiyu Chen,Weijia Wang

DOI: https://doi.org/10.1145/3643826

2024-03-19

ACM Transactions on Embedded Computing Systems

Abstract:Post-quantum cryptography is considered to provide security against both traditional and quantum computer attacks. Dilithium is a digital signature algorithm that derives its security from the challenge of finding short vectors in lattices. It has been selected as one of the standardizations in the NIST post-quantum cryptography project. Hardware-software co-design is a commonly adopted implementation strategy to address various implementation challenges, including limited resources, high performance, and flexibility requirements. In this study, we investigate using compact instruction set extensions (ISEs) for Dilithium, aiming to improve software efficiency with low hardware overheads. To begin with, we propose tightly coupled accelerators that are deeply integrated into the RISC-V processor. These accelerators target the most computationally demanding components in resource-constrained processors, such as polynomial generation, Number Theoretic Transform (NTT), and modular arithmetic. Next, we design a set of custom instructions that seamlessly integrate with the RISC-V base instruction formats, completing the accelerators in a compact manner. Subsequently, we implement our ISEs in a chip design for the Hummingbird E203 core and conduct performance benchmarks for Dilithium utilizing these ISEs. Additionally, we evaluate the resource consumption of the ISEs on FPGA and ASIC technologies. Compared to the reference software implementation on the RISC-V core, our co-design demonstrates a remarkable speedup factor ranging from 6.95 to 9.96. This significant improvement in performance is achieved by incorporating additional hardware resources, specifically, a increase in LUTs, a increase in FFs, 7 additional DSPs, and no additional RAM. Furthermore, compared to the state-of-the-art approach, our work achieves faster speed performance with a reduced circuit cost. Specifically, the usage of additional LUTs, FFs, and RAMs is reduced by , , and , respectively. On ASIC technology, our approach demonstrates 12 412 cell counts. Our co-design provides a better trade-off implementation on speed performance and circuit overheads.

computer science, software engineering, hardware & architecture

Prakash Murali,Lingling Lao,Margaret Martonosi,Dan Browne

DOI: https://doi.org/10.1109/ISCA52012.2021.00071

2021-06-29

Abstract:Near-term quantum computing (QC) systems have limited qubit counts, high gate (instruction) error rates, and typically support a minimal instruction set having one type of two-qubit gate (2Q). To reduce program instruction counts and improve application expressivity, vendors have proposed, and shown proof-of-concept demonstrations of richer instruction sets such as XY gates (Rigetti) and fSim gates (Google). These instruction sets comprise of families of 2Q gate types parameterized by continuous qubit rotation angles. However, having such a large number of gate types is problematic because each gate type has to be calibrated periodically, across the full system, to obtain high fidelity implementations. This results in substantial recurring calibration overheads even on current systems which use only a few gate types. Our work aims to navigate this tradeoff between application expressivity and calibration overhead, and identify what instructions vendors should implement to get the best expressivity with acceptable calibration time. We develop NuOp, a flexible compilation pass based on numerical optimization, to efficiently decompose application operations into arbitrary hardware gate types. Using NuOp and four important quantum applications, we study the instruction set proposals of Rigetti and Google, with realistic noise simulations and a calibration model. Our experiments show that implementing 4-8 types of 2Q gates is sufficient to attain nearly the same expressivity as a full continuous gate family, while reducing the calibration overhead by two orders of magnitude. With several vendors proposing rich gate families as means to higher fidelity, our work has potential to provide valuable instruction set design guidance for near-term QC systems.

Quantum Physics,Emerging Technologies

José L. Imaña,Luis Piñuel,Yao-Ming Kuo,Oscar Ruano,Francisco García-Herrero

DOI: https://doi.org/10.1109/tcsii.2024.3369103

2024-01-01

Abstract:Binary extension field arithmetic is widely used in several important applications such as error-correcting codes, cryptography and digital signal processing. Multiplication is usually considered the most important finite field arithmetic operation. Therefore efficient hardware architectures for multiplication are highly desired. In this paper, a new architecture for multiplication over finite fields generated by irreducible trinomials f(x)=xm+xt+1 is presented. The architecture here proposed is based on the use of a polynomial multiplier and a cyclic shift register that can perform the multiplication in t-1 clock cycles. The general architecture is applied to the trinomials recommended by NIST (National Institute of Standards and Technology). Furthermore, a RISC-V instruction set for the proposed multiplier is implemented and validated using VeeR-EL2 on a Nexys A7 FPGA. To the best knowledge of the authors, this is the first work that integrates the multiplication based on NIST trinomials into a RISC-V SoC. Results show an improvement of several orders of magnitude in terms of latency at a cost of less than 50% more of area.

engineering, electrical & electronic

Bowen Hu,Yun Chen,Xiaoyang Zeng

DOI: https://doi.org/10.1109/icet51757.2021.9450911

2021-01-01

Abstract:The slowdown in Moore's Law scaling has triggered a growing awareness of domain-specific processors. One of the very promising techniques is the instruction set extension. RISC-V, as an open and simple instruction set architecture, is ideally suited as a basis for building domain-specific instruction-set processors. In this paper, we construct a framework based on the RISC-V processor that can receive data flow graph-based descriptions and automatically perform instruction set extensions. The framework is based on open-source software dependencies and is able to better interact with application codes, thus bridging the barrier between the application and the underlying microarchitecture of the processor. To evaluate the framework, a quantitative analysis of the Fast Fourier Transform algorithm is performed and the instruction set extension is applied with the framework proposed in this paper. By applying the methods in this paper to accelerate this commonly used digital signal processing algorithm, the runtime was reduced by 62%.

Trong-Hung Nguyen,Binh Kieu-Do-Nguyen,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.1109/access.2024.3371581

IF: 3.9

2024-03-12

IEEE Access

Abstract:The efficiency of polynomial multiplication execution majorly impacts the performance of lattice-based post-quantum cryptosystems. In this research, we propose a high-speed hardware architecture to accelerate polynomial multiplication based on the Number Theoretic Transform (NTT) in CRYSTAL-Kyber and CRYSTAL-Dilithium. We design a Digital Signal Processing (DSP) architecture for modular multiplication in butterfly and Point-Wise Multiplication (PWM) operations. Our method reduces the critical path delay of an -bit multiplier to that of a ( -2)-bit adder, optimizing both area and speed. These dedicated DSPs are employed in butterfly and PWM operations, completely eliminating the pre-process and post-process of NTT transforms. Furthermore, we introduce a novel unified pipelined architecture for the NTT and Inverse NTT (INTT) transformations of Kyber and Dilithium, with corresponding high-speed (Radix-2) and ultra-high-speed (Radix-4) versions. Lastly, we construct a complete hardware accelerator for polynomial matrix-vector multiplication in Kyber. The Field-Programmable Gate Array (FPGA) implementation results have proven that our designs have significantly improved execution time by – for the NTT transforms in Dilithium and – for Kyber polynomial multiplication, compared to previous studies reported to date. Additionally, the hardware footprint results indicate that our proposed architectures exhibit superior hardware performance in Area-Time-Product (ATP), corresponding to a 44%–96% improvement. The proposed architectures are efficient and well-suited for high-performance lattice-based cryptography systems.

computer science, information systems,telecommunications,engineering, electrical & electronic