Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li

DOI: https://doi.org/10.1109/cicc60959.2024.10528999

2024-01-01

Abstract:The migration to post-quantum cryptography (PQC) is accelerating with the release of three drafts of the 2023 PQC federal information processing standard (FIPS), of which Kyber is the only officially selected key encapsulation mechanism (KEM) as Figure 1. However, the migration from traditional cryptography to PQC still faces the following three challenges: 1) The significant increase in key size and encryption/decryption latency leads to performance degradation and resource overhead in existing information devices. Moreover, unauthorized access also raises privacy concerns. 2) More complex calculations and scheduling, as well as potential efficiency issues. 3) The risk of side channel attack (SCA) and the improvement of protection requirements faced by PQC hardware.

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Jiaming Zhang,Jiahao Lu,Dongsheng Liu,Aobo Li,Xiang Li,Shuo Yang,Ang Hu,Xuecheng Zou

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347942

2023-01-01

Abstract:With the development of quantum computers in recent years, the security of traditional public-key encryption algorithms is facing serious threats, and post-quantum cryptography (PQC) algorithms that can resist quantum computer attacks are urgently needed. CRYSTALS-KYBER as the finalized NIST key-encapsulation scheme, is continuously advancing the standardization process. The existing hardware implementations of Kyber mostly use compact architectures to pursue high speed and high performance with the cost of programmability, while most hardware-software co-designs suffer from low parallelism and performance. Aiming at flexibly and efficiently implementing the key encapsulation mechanism (KEM) of Kyber, this work presents a single instruction multiple data (SIMD) Kyber coprocessor that supports the RISC-V instruction-set. A reconfigurable polynomial and logic unit (PLU) is designed, which can accelerate all types of polynomial vector instruction operations, and a dynamic hardware scheduling strategy is proposed to enable different types of instructions to be executed parallelly, improving the coprocessor pipeline throughput. Implemented on the Ultrascale+ FPGA platform and evaluated under SMIC 40nm technology, the proposed coprocessor achieves the fastest computing speed with the lowest power consumption and 3.5×/6.2× improvement in FPGA/ASIC AT product efficiency.

Jiaming Zhang,Jiahao Lu,Aobo Li,Mingbo Wang,Xiang Li,Tianze Huang,Lei Chen,Dongsheng Liu

DOI: https://doi.org/10.1109/tcsii.2024.3382772

2024-01-01

Abstract:Security systems based on traditional cryptography mechanisms are at risk of being cracked by quantum computers in the future. CRYSTALS-KYBER (Kyber) as the NIST finalized lattice-based post-quantum cryptography (PQC) algorithm, will be widely used in public-key encryption scenarios. Although quantum-difficulty assumptions based on lattice math problems make Kyber quantum-resistant, how to effectively implement it into systems with different security needs remains a challenge. This brief presents a dual-issue superscalar Kyber processor (Super-K) that supports customized RISC-V instruction-set architecture (ISA) and implements the key encapsulation mechanism (KEM) flexibly and efficiently. A reconfigurable polynomial arithmetic unit (PAU) is designed, which optimizes the compress/decompress process, and accelerates polynomial operations efficiently by optimal parallelism. The pipelining scheduling technique is used in Super-K to improve instruction level parallelism and reduce time consumption. Super-K is implemented on UltraScale+ FPGA platform and evaluated under SMIC 40nm technology, which achieves the fastest computational speed with the lowest power consumption and $1.4\times /8.2\times $ improvement in FPGA/ASIC AT product efficiency.

Wenbo Guo,Shuguo Li

DOI: https://doi.org/10.1109/tcsi.2023.3306347

2023-01-01

Abstract:The attack on quantum computers is an enormous threat to conventional public-key cryptography. Hence, it is crucial to study quantum-resistant cryptosystems. After four rounds of evaluation, the National Institute of Standards and Technology (NIST) has decided to standardize CRYSTALS-Kyber as one of the public-key post-quantum cryptography (PQC) algorithms. In the hardware design of CRYSTALS-Kyber, the polynomial-related calculations are the most time-consuming. In this paper, we present a highly-efficient hardware architecture for CRYSTALS-Kyber. Firstly, we propose the CRYSTALS-Kyber-oriented conflict-free memory mapping scheme with two modes. Based on this scheme, we construct the mixed radix-2/4 NTT/INTT algorithm, which has no pre- or post-processing, for the first time. By using the “lazy-last-layer” trick, the available memory bandwidth of NTT is temporarily increased, and the average performance of NTT is improved. Besides, the point-wise-multiplication (PWM) is performed in a single memory bank by cooperating with the two modes of our memory mapping scheme. This avoids the waste of memory bandwidth, thus avoiding the usage of large FIFOs for the sampled data. Last, we propose an efficient modular multiplier for CRYSTALS-Kyber, and we merge the divide-by-2 operations in the finite field into modular adders and subtractors to reduce resource consumption. This design, which supports all three security levels, is implemented on Xilinx Artix-7 FPGA with 7.3k LUTs, 3.2k FFs, 2.2k Slices, 5 BRAMs, and 4 DSPs. It performs 12% better in area-time-product than other leading designs in the literature.

Yiming Huang,Miaoqing Huang,Zhongkui Lei,Jiaxuan Wu

DOI: https://doi.org/10.1587/elex.17.20200234

2020-09-10

IEICE Electronics Express

Abstract:This paper presents a pure hardware implementation of CRYSTALS-KYBER algorithm on Xilinx FPGAs. CRYSTALS-KYBER is one of 26 candidate algorithms in Round 2 of NIST Post-Quantum Cryptography (PQC) standardization process. The proposed design focuses on maximizing resource utilization by reusing most of the functional modules in the encapsulation and decapsulation processes of the algorithm. For instance, the hash module integrates several different hash functions in one module. Efficient parallel and pipelined computations are applied in the NTT module. Through the analysis of simulation and synthesis results, it is found that the proposed work has the advantages of higher frequencies and lower execution times. The scheme operates at 155 MHz and 192 MHz frequencies on Xilinx Artix-7 and Virtex-7 FPGAs, respectively. Compared with the performance of an embedded Cortex-M4 processor, the hardware implementation can achieve a maximum speedup of 129 times for encryption/decryption.

Haocheng Ma,Shijian Pan,Ya Gao,Jiaji He,Yiqiang Zhao,Yier Jin

DOI: https://doi.org/10.1109/ASIANHOST56390.2022.10022165

2022-01-01

Abstract:The emergence of quantum computing and its impact on current cryptographic algorithms has triggered the migration to post-quantum cryptography (PQC). Among the PQC candidates, CRYSTALS-Kyber is a key encapsulation mechanism (KEM) that stands out from the National Institute of Standards and Technology (NIST) standardization project. While software implementations of Kyber have been developed and evaluated recently, Kyber's hardware implementations, especially designs with parallel architecture, are rarely discussed. To help better understand Kyber hardware designs and their security against side-channel analysis (SCA) attacks, in this paper, we first adapt the two most recent Kyber hardware designs for FPGA implementations. We then perform SCA attacks against these hardware designs with different architectures, i.e., parallelization and pipelining. Our experimental results show that Kyber designs on FPGA boards are vulnerable to SCA attacks including electromagnetic (EM) and power side channels. An attacker only needs 27 similar to 1600 power traces or 60 similar to 2680 EM traces to recover the decryption key successfully.

Wenbo Guo,Shuguo Li,Liang Kong

DOI: https://doi.org/10.1109/tcsii.2021.3103184

2022-01-01

Abstract:Quantum algorithms pose a huge threat to the current cryptosystems. In this article, we present a hardware implementation of CRYSTALS-KYBER which is one of the post-quantum cryptosystems based on the Module-LWE problem. Using the proposed modular reduction algorithm, modified modular adder and the reconfigurable data path, the design shares the computing resource for different polynomial related operations, and achieves higher degree of parallelism. Our design is implemented on a Xilinx Artix-7 FPGA. Compared with the leading hardware implementations, our design is more compact, the execution time is shorter, and it significantly consumes fewer registers.

Yihong Zhu,Wenping Zhu,Min Zhu,Chongyang Li,Chenchen Deng,Chen Chen,Shuying Yin,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC42614.2022.9731783

2022-01-01

Abstract:In the post-quantum era, post-quantum cryptography (PQC) processors are required to ensure quantum-secure communication and e-commerce with high throughput, while maintaining adequate flexibility to execute different crypto-primitives, such as key encapsulation mechanism (KEM) and digital signature (DS) at multiple security levels with evolving modifications. The PQC standards, which are based on multiple mathematical problems, will be available around the end of 2021 in NIST's PQC standardization (Fig. 34.1.1). Crypto-agility, coupled with new mathematical calculations, high computing complexity, and large memory consumption brings challenges to the design of PQC processors considering flexibility, throughput, and energy efficiency.

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Min Zhu,Qi Zhao,Jinjiang Yang,Chen Chen,Qichao Tao,Guang Yang,Aoyang Zhang,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC49657.2024.10454332

2024-01-01

Abstract:The migration towards post-quantum cryptography (PQC) is in progress to secure communications and transactions against the impending quantum threat, while three key-encapsulation mechanisms (KEM) and one digital signature (DS) scheme are being standardized by NIST [1]. This multi-year migration poses serious challenges to PQC implementations for compatibility and performance requirements in various scenarios and settings: 1) Performance limitations caused by diverse computation patterns and relatively higher computation costs. 2) Crypto-agility resulting from different mathematical problems, various security parameters, or even different standardization bodies. 3.) Domain-specific optimization to address the long-term security of the evolving algorithm families. However, most existing PQC accelerators [2, 3, 5] were only customized for specific algorithms based on unique mathematical problems. The latest configurable PQC processor [4] did not support Falcon and Sphincs+, which are being drafted for standardization. To address this issue, a versatile PQC processor fabricated in 28nm is presented with three key features: 1) task-clustering-based architecture for scalable processing with aggressive parallelism; 2) region-based task-path (TP) with dynamic update for agile cryptographic computing; 3) efficient PQC task-operators (TO), including hash/sample, format, floating-point/complex, encoding/decoding operators, for further improvements on throughput and energy-efficiency. Based on these contributions, the proposed chip supports all predominant schemes in NIST’s PQC standardization, while still delivering 44.6% and 10.3% improvements in the throughput and energy-delay product (EDP), respectively, relative to a state-of-the-art design [4].

Yufei Xing,Shuguo Li

DOI: https://doi.org/10.46586/tches.v2021.i2.328-356

2021-02-23

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Post-quantum cryptosystems should be prepared before the advent of powerful quantum computers to ensure information secure in our daily life. In 2016 a post-quantum standardization contest was launched by National Institute of Standards and Technology (NIST), and there have been lots of works concentrating on evaluation of these candidate protocols, mainly in pure software or through hardware-software co-design methodology on different platforms. As the contest progresses to third round in July 2020 with only 7 finalists and 8 alternate candidates remained, more dedicated and specific hardware designs should be considered to illustrate the intrinsic property of a certain protocol and achieve better performance. To this end, we present a standalone hardware design of CRYSTALS-KYBER, amodule learning-with-errors (MLWE) based key exchange mechanism (KEM) protocol within the 7 finalists on FPGA platform. Through elaborate scheduling of sampling and number theoretic transform (NTT) related calculations, decent performance is achieved with limited hardware resources. The way that Encode/Decode and the tweaked Fujisaki-Okamoto transform are implemented is demonstrated in detail. Analysis about minimizing memory footprint is also given out. In summary, we realize the adaptive chosen ciphertext attack (CCA) secure Kyber with all selectable module dimension k on the smallest Xilinx Artix-7 device. Our design computes key-generation, encapsulation (encryption) and decapsulation (decryption and reencryption) phase in 3768/5079/6668 cycles when k = 2, 6316/7925/10049 cycles when k = 3, and 9380/11321/13908 cycles when k = 4, consuming 7412/6785 LUTs, 4644/3981 FFs, 2126/1899 slices, 2/2 DSPs and 3/3 BRAMs in server/client with 6.2/6.0 ns critical path delay, outperforming corresponding high level synthesis (HLS) based designs or hardware-software co-designs to a large extent.

Aobo Li,Dongsheng Liu,Xiang Li,Tianze Huang,Shuo Yang,Jiahao Lu,Ang Hu

DOI: https://doi.org/10.1109/a-sscc56115.2022.9980779

2022-01-01

Abstract:Post-quantum cryptography (PQC) uses novel difficult mathematical principles to defend the cracking of quantum computers which threaten the traditional crypto system such as Rivest–Shamir– Adleman (RSA) and elliptic curves cryptography (ECC). The lattice-based PQC schemes are currently the most potential candidates. The software methods of these schemes are usually low speed, and optimized dedicated hardware design can accelerate the algorithms. Saber and Kyber are two PQC algorithms which are based on difficult lattice problems of “Module Learning with Rounding” (M-LWR) and “Module Learning with Errors” (M-LWE). They have different modulus computing domains, which are $2 ^{13}$ and prime 3329 respectively. These characteristics lead to complicated solution and slow operation of conventional implementation, which is not conducive to resource efficiency and flexibility. In this work, we proposed a reconfigurable arithmetic unit with variable modulus domains, and combined with custom instruction-set architecture to design a flexible crypto processor for M-LWR and M-LWE. The work achieved the flexible implementation of variable parameters and instruction programming under the strategy of resource efficiency and performance trade-off, and verified on the FPGA platform.

Yiqiang Zhao,Shijian Pan,Haocheng Ma,Ya Gao,Xintong Song,Jiaji He,Yier Jin

DOI: https://doi.org/10.1109/tcsi.2023.3288600

2023-01-01

Abstract:The emergence of quantum computing and its impact on current cryptographic algorithms has triggered the migration to post-quantum cryptography (PQC). Among the PQC candidates, CRYSTALS-Kyber is a key encapsulation mechanism (KEM) that stands out from the National Institute of Standards and Technology (NIST) standardization project. While software implementations of Kyber have been developed and evaluated recently, Kyber's hardware implementations especially those designed with parallel architecture, are rarely discussed. To help better understand Kyber hardware designs and their security against side-channel analysis (SCA) attacks, in this paper, we first adapt the two most recent Kyber hardware designs for FPGA implementations. We then perform SCA attacks against these hardware designs with different architectures, i.e., parallelization and pipelining. Our experimental results show that Kyber designs on FPGA boards are vulnerable to SCA attacks including electromagnetic (EM) and power side channels. An attacker only needs 27 similar to 1, 600 power traces or 60 similar to 2, 680 EM traces to recover the decryption key successfully. Furthermore, we propose two first-order IND-CPA Kyber decapsulation masking protected designs, and then we evaluate their securities and overheads. The experimental results demonstrate that the side channel security of masked Kyber designs has increased by more than 10x.

Jiahao Lu,Jiaming Zhang,Zhixiang Luo,Aobo Li,Tianze Huang,Dongsheng Liu,Chi Cheng

DOI: https://doi.org/10.1109/mwscas60917.2024.10658892

2024-01-01

Abstract:The globalized migration towards post-quantum cryptography (PQC) is accelerating to protect communications against the upcoming quantum threat. However, the resource-constrained IoT communication devices limits the deployment multiple PQC algorithms, which is hard to fulfill the various security requirements of IoT devices. In this paper, an efficient hardware architecture compatible with customized instruction format is proposed, which is compatible with CRYSTALS-Kyber and Dilithium. Following the methodology of maximize-reuse, a configurable polynomial modular arithmetic unit is presented to execute all the required modes of polynomial modular operations in pipeline. Implemented on UltraScale+ and Artix-7 platforms, the proposed architecture consumes 2310 and 4028 equivalent slices at a maximum frequency of 280MHz and 99MHz in two platforms. Compared to the state-of-the-art Kyber-only and Dilithium-only researches, this work supports two algorithms simultaneously and realizes the lowest area-time (AT) value for Dilithium and a competitive AT value for Kyber.

Archisman Ghosh,Jose Maria Bermudo Mera,Angshuman Karmakar,Debayan Das,Santosh Ghosh,Ingrid Verbauwhede,Shreyas Sen

2023-05-18

Abstract:The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard & Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice based cryptography. Because public key cryptography is mostly used to establish common secret keys, focus is on compact area, power and energy budget and to a lesser extent on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT) based multiplications, in this paper we highly optimize a Toom-Cook based multiplier. We demonstrate that a memory-efficient striding Toom-Cook with lazy interpolation, results in a highly compact, low power implementation, which on top enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating and shift-add multiplier has helped to achieve 38% less power than state-of-the art PQC core, 4x less memory, 36.8% reduction in multiplier energy and 118x reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes 0.158mm2 active area which is lowest reported till date despite process disadvantages of the state-of-the-art designs.

Cryptography and Security

Minghao Li,Jing Tian,Xiao Hu,Zhongfeng Wang

DOI: https://doi.org/10.1109/TCAD.2022.3230359

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Recently, the National Institute of Standards and Technology (NIST) has identified the first four quantum-resistant algorithms for post-quantum cryptography (PQC) standardization. CRYSTALS-Kyber (Kyber) is the only public-key encryption and key-establishment algorithm among them. In this article, we propose a reconfigurable, high-speed, and area-efficient polynomial multiplication accelerator for Kyber to facilitate its practical applications. The cornerstone of polynomial multiplication is the butterfly unit (BU) structure, composed of modular addition, subtraction, and multiplication. For the modular multiplication, we adopt the Barrett reduction method and reduce the size of operands leveraging the form of modulus with a novel formula transformation, which significantly decreases the computational complexity and increases the maximum clock frequency. On the hardware side, we make four BU modules constitute a binomial arithmetic core (Bi-Core) as the basic reconfigurable unit. The memory access scheme tailored for parallel processing is explored with data-reusing and memory-grouping methods, and a compact control logic is devised. The complete polynomial multiplication architecture is coded with Verilog and implemented on a Xilinx Artix-7 xc7a100t-3 device. Experiment results demonstrate that our implementations with different configurations all outperform the state-of-the-art works in area efficiency by up to 39% improvement in terms of area-time product (ATP). Moreover, the proposed design with four Bi-Cores achieves the fastest speed among existing designs.

Aobo Li,Dongsheng Liu,Cong Zhang,Xiang Li,Shuo Yang,Xingjie Liu,Jiahao Lu,Xuecheng Zou,Ang Hu,Tianming Ni

DOI: https://doi.org/10.1109/tii.2022.3195743

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Progress of quantum computing technology seriously threaten the industrial information security based on traditional public-key cryptosystem. Thus, the cryptosystem with anti-quantum attack characteristics is gradually becoming a significant research in the security field. In this article, a flexible and high-performance secure coprocessor is designed for security in industrial processes, which can execute the post-quantum cryptographic algorithm Saber efficiently. Custom instruction set and arithmetic accelerators are proposed to effectively optimize the flexibility of system architecture, and improve the performance of calculation. The hardware implementation results show that the maximum operating frequency of the coprocessor can reach 345 MHz. Compared with related state-of-the-art works, it achieves the highest operating frequency on the same Xilinx UltraScale+ FPGA platform, performing the encryption and decryption operations within 13.5 and 15.4 μs, respectively. Meanwhile, this article achieves 1.7/3.1/5.9× area-time product improvements in look-up table flip-flop block memory storage with good flexibility.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Shiyang He,Hui Li,Fenghua Li,Ruhui Ma

DOI: https://doi.org/10.1016/j.jiixd.2024.02.004

2024-01-01

Journal of Information and Intelligence

Abstract:The security of cryptographic algorithms based on integer factorization and discrete logarithm will be threatened by quantum computers in future. Since December 2016, the National Institute of Standards and Technology (NIST) has begun to solicit post-quantum cryptographic (PQC) algorithms worldwide. CRYSTALS-Kyber was selected as the standard of PQC algorithm after 3 rounds of evaluation. Meanwhile considering the large resource consumption of current implementation, this paper presents a lightweight architecture for ASICs and its implementation on FPGAs for prototyping. In this implementation, a novel compact Modular Multiplication Unit (MMU) and compression/decompression module is proposed to save hardware resources. We put forward a specially optimized Schoolbook Polynomial Multiplication (SPM) instead of Number Theoretic Transform (NTT) core for polynomial multiplication, which can reduce about 74% SLICE cost. We also use signed number representation to save memory resources. In addition, we optimize the hardware implementation of the hash module, which cuts off about 48% of FF consumption by register reuse technology. Our design can be implemented on Kintex-7 (XC7K325T-2FFG900I) FPGA for prototyping, which occupations of 4777/4993 LUTs, 2661/2765 FFs, 1395/1452 SLICEs, 2.5/2.5 BRAMs, and 0/0 DSP respective of client/server side. The maximum clock frequency can reach at 244 MHz. As far as we know, our design consumes the least resources compared with other existing designs, which is very friendly to resource-constrained devices.

Latif Akçay,Berna Örs Yalçın

DOI: https://doi.org/10.1007/s13369-024-08976-w

IF: 2.807

2024-04-20

Arabian Journal for Science and Engineering

Abstract:Abstract Lattice-based cryptography (LBC) algorithms are considered suitable candidates for post-quantum cryptography (PQC), as they dominate the standardization process put forward by the National Institute of Standards and Technology (NIST). Indeed, three of the four key encapsulation mechanism (KEM) algorithms in the third round of the process are based on computationally hard lattice problems. On the other hand, there is an urgent need for processor designs that can run PQC algorithms efficiently, especially for embedded systems. This study presents an application-specific instruction set processor (ASIP) design for the Kyber, Saber, and NewHope algorithms based on transport triggered architecture (TTA). Custom hardware accelerators are added to the baseline processor architecture for computation-intensive steps without applying any software optimization to the reference code. We compared FPGA and ASIC implementations of our design with the prominent RISC-V cores and instruction set extension studies in the literature. According to the results, the proposed design offers greater efficiency, better performance, and lower resource utilization than its competitors in most cases.

multidisciplinary sciences