Patrick Karl,Jonas Schupp,Tim Fritzmann,Georg Sigl

DOI: https://doi.org/10.1145/3579092

2023-01-06

ACM Transactions on Embedded Computing Systems

Abstract:CRYSTALS-Dilithium and Falcon are digital signature algorithms based on cryptographic lattices, that are considered secure even if large-scale quantum computers will be able to break conventional public-key cryptography. Both schemes have been selected for standardization in the NIST post-quantum competition. In this work, we present a RISC-V HW/SW codesign that aims to combine the advantages of software- and hardware implementations, i.e. flexibility and performance. It shows the use of flexible hardware accelerators, which have been previously used for Public-Key Encryption (PKE) and Key-Encapsulation Mechanism (KEM), for post-quantum signatures. It is optimized for Dilithium as a generic signature scheme but also accelerates applications that require fast verification of Falcon’s compact signatures. We provide a comparison with previous works showing that for Dilithium and Falcon, cycle counts are significantly reduced, such that our design is faster than previous software implementations or other HW/SW codesigns. In addition to that, we present a compact Globalfoundries 22 nm ASIC design that runs at 800 MHz. By using hardware acceleration, energy consumption for Dilithium is reduced by up to \(92.2\% \) , and up to \(67.5\% \) for Falcon’s signature verification.

computer science, software engineering, hardware & architecture

Yongseok Lee,Jonghee Youn,Kevin Nam,Heon Hui Jung,Myunghyun Cho,Jimyung Na,Jong-Yeon Park,Seungsu Jeon,Bo Gyeong Kang,Hyunyoung Oh,Yunheung Paek

DOI: https://doi.org/10.1109/access.2024.3387489

IF: 3.9

2024-04-30

IEEE Access

Abstract:We propose in this paper an efficient FALCON accelerator called EFX based on a HW/SW co-design where FALCON is a post-quantum cryptographic (PQC) scheme tailored as a digital signature algorithm (DSA). Our findings reveal that FALCON exhibits unique characteristics and structures which distinguish it from other PQC-DSAs. A key finding is that, unlike its counterparts, FALCON doesn't prioritize a single, time-consuming task; instead, it processes a variety of tasks with comparable execution times. Consequently, the conventional methods focusing on accelerating dominant few tasks, which are generally effective for other algorithms, prove less efficient for FALCON, especially concerning the minimization of the silicon area used. To overcome this, we strategically focus on the granular optimization of lower-level operations rather than on broader functional segments, aiming to boost performance while conserving hardware space. Moreover, to mitigate the potential degradation due to limitation of hardware resources, we have implemented a pipelined execution strategy for the FALCON functions and refined the sampling function–a critical task that is challenging to accelerate due to inherent sequential algorithm–enabling it to run concurrently on both software and hardware, thus reducing latency. Our hardware design, synthesized at using Samsung's and process technologies, demonstrates superior performance in generating FALCON signatures, with a improvement in clock cycles over an existing hardware accelerator. EFX occupies 38K and 74K for and processes, respectively, comparatively small compared to other PQC accelerators.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ghada Alsuhli,Hani Saleh,Mahmoud Al-Qutayri,Baker Mohammad,Thanos Stouraitis

2024-01-19

Abstract:Quantum computing is an emerging technology on the verge of reshaping industries, while simultaneously challenging existing cryptographic algorithms. FALCON, a recent standard quantum-resistant digital signature, presents a challenging hardware implementation due to its extensive non-integer polynomial operations, necessitating FFT over the ring $\mathbb{Q}[x]/(x^n+1)$. This paper introduces an ultra-low power and compact processor tailored for FFT/IFFT operations over the ring, specifically optimized for FALCON applications on resource-constrained edge devices. The proposed processor incorporates various optimization techniques, including twiddle factor compression and conflict-free scheduling. In an ASIC implementation using a 22 nm GF process, the proposed processor demonstrates an area occupancy of 0.15 mm$^2$ and a power consumption of 12.6 mW at an operating frequency of 167 MHz. Since a hardware implementation of FFT/IFFT over the ring is currently non-existent, the execution time achieved by this processor is compared to the software implementation of FFT/IFFT of FALCON on a Raspberry Pi 4 with Cortex-A72, where the proposed processor achieves a speedup of up to 2.3$\times$. Furthermore, in comparison to dedicated state-of-the-art hardware accelerators for classic FFT, this processor occupies 42\% less area and consumes 83\% less power, on average. This suggests that the proposed hardware design offers a promising solution for implementing FALCON on resource-constrained devices.

Signal Processing

Yifan Zhao,Honglin Kuang,Yi Sun,Zhen Yang,Chen,Jianyi Meng,Jun Han

DOI: https://doi.org/10.1109/asap57973.2023.00014

2023-01-01

Abstract:We present a cryptography extension built on RISC-V Vector Extension for efficient application of lattice-based post-quantum cryptography, offering custom instructions that can perform vectorized operations on polynomials of variable length and data width. We use micro-operation architecture to simplify the execution of variable-latency vector instructions and propose fracturable modular arithmetic units to support operations on variable coefficient width. On this basis, a vector unit is designed, achieving significant speed-up compared to the state-of-the-art counterparts for number-theoretic-transform-based polynomial multiplication. This cryptography extension is further integrated into the gem5 simulator to evaluate CRYSTALS-Kyber and CRYSTALS-Dilithium; results outperform the state-of-the-art implementations with more than 2.3 × improvement in cycle count.

GUO Li-min,LIU Dan,WANG Li-hui,LI Qing,YU Jun

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2020.09.009

2020-01-01

Abstract:Falcon is the only NTRU-based signature scheme submitted for the NIST standardization process of post-quantum cryptography. Compared to other signature schemes, Falcon has achieve very small public keys and signatures. The signature generation and verification procedures are very fast. The limitations are that both the key generation procedure and the fast Fourier sampling are non-trivial to understand and delicate to implement. This work aims to present an optimized implementation of Falcon suited for memory constrained devices. We managed to reduce the dynamic memory consumption of Falcon by 37% in comparison to the reference implementation.. Besides, our implementation requires only 334.7 ms for signing and 6.16ms for verification.

Tobias Oder,Julian Speith,Kira Höltgen,Tim Güneysu

DOI: https://doi.org/10.1007/978-3-030-25510-7_4

2019-01-01

Abstract:The majority of submissions to NIST’s recent call for Post-Quantum Cryptography are encryption schemes or key encapsulation mechanisms. Signature schemes constitute a much smaller group of submissions with only 21 proposals. In this work, we analyze the practicability of one of the latter category – the signature scheme Falcon with respect to its suitability for embedded microcontroller platforms.Falcon has a security proof in the QROM in combination with smallest public key and signature sizes among all lattice-based signature scheme submissions with decent performance on common x86 computing architectures. One of the specific downsides of the scheme is, however, that according to its specification it is “non-trivial to understand and delicate to implement”.This work aims to provide some new insights on the realization of Falcon by presenting an optimized implementation for the ARM Cortex-M4F platform. This includes a revision of its memory layout as this is the limiting factor on such constrained platforms. We managed to reduce the dynamic memory consumption of Falcon by 43% in comparison to the reference implementation. Summarizing, our implementation requires 682 ms for key generation, 479 ms for signing, and only 3.2 ms for verification for the n=512$$n=512$$ parameter set.

Chen,Xiaoyan Xiang,Chang Liu,Yunhai Shang,Ren Guo,Dongqi Liu,Yimin Lu,Ziyi Hao,Jiahui Luo,Zhijian Chen,Chunqiang Li,Yu Pu,Jianyi Meng,Xiaolang Yan,Yuan Xie,Xiaoning Qi

DOI: https://doi.org/10.1109/isca45697.2020.00016

2020-01-01

Abstract:The open source RISC-V ISA has been quickly gaining momentum. This paper presents Xuantie-910, an industry leading 64-bit high performance embedded RISC-V processor from Alibaba T-Head division. It is fully based on the RV64GCV instruction set and it features custom extensions to arithmetic operation, bit manipulation, load and store, TLB and cache operations. It also implements the 0.7.1 stable release of RISCV vector extension specification for high efficiency vector processing. Xuantie-910 supports multi-core multi-cluster SMP with cache coherence. Each cluster contains 1 to 4 core(s) capable of booting the Linux operating system. Each single core utilizes the state-of-the-art 12-stage deep pipeline, out-of-order, multi-issue superscalar architecture, achieving a maximum clock frequency of 2.5 GHz in the typical process, voltage and temperature condition in a TSMC 12nm FinFET process technology. Each single core with the vector execution unit costs an area of 0.8 mm 2 , (excluding the L2 cache). The toolchain is enhanced significantly to support the vector extension and custom extensions. Through hardware and toolchain co-optimization, to date Xuantie-910 delivers the highest performance (in terms of IPC, speed, and power efficiency) for a number of industrial control flow and data computing benchmarks, when compared with its predecessors in the RISC-V family. Xuantie-910 FPGA implementation has been deployed in the data centers of Alibaba Cloud, for applicationspecific acceleration (e.g., blockchain transaction). The ASIC deployment at low-cost SoC applications, such as IoT endpoints and edge computing, is planned to facilitate Alibaba’s end-to-end and cloud-to-edge computing infrastructure.

Guozhu Xin,Jun Han,Tianyu Yin,Yuchao Zhou,Jianwei Yang,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2020.2983185

2020-08-01

Abstract:In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.

Wai-Kong Lee,Raymond K. Zhao,Ron Steinfeld,Amin Sakzad,Seong Oun Hwang

DOI: https://doi.org/10.1109/tpds.2024.3367319

IF: 5.3

2024-03-09

IEEE Transactions on Parallel and Distributed Systems

Abstract:The US National Institute of Standards and Technology initiated a standardization process for post-quantum cryptography in 2017, with the aim of selecting key encapsulation mechanisms and signature schemes that can withstand the threat from emerging quantum computers. In 2022, Falcon was selected as one of the standard signature schemes, eventually attracting effort to optimize the implementation of Falcon on various hardware architectures for practical applications. Recently, Mitaka was proposed as an alternative to Falcon, allowing parallel execution of most of its operations. These recent advancements motivate us to develop high throughput implementations of Falcon and Mitaka signature schemes on Graphics Processing Units (GPUs), a massively parallel architecture widely available on cloud service platforms. In this article, we propose the first parallel implementation of Falcon on various GPUs. We develop an iterative version of the sampling process in Falcon, which is also the most time-consuming Falcon operation. This allows us to implement Falcon signature generation without relying on expensive recursive function calls on GPUs. In addition, we propose a parallel random samples generation approach to accelerate the performance of Mitaka on GPUs. We evaluate our implementation techniques on state-of-the-art GPU architectures (RTX 3080, A100, T4 and V100). Experimental results show that our Falcon-512 implementation achieves 58,595 signatures/second and 2,721,562 verifications/second on an A100 GPU, which is 20.03× and 29.51× faster than the highly optimized AVX2 implementation on CPU. Our Mitaka implementation achieves 161,985 signatures/second and 1,421,046 verifications/second on the same GPU. Due to the adoption of a parallelizable sampling process, Mitaka signature generation enjoys ≈2– 20× higher throughput than Falcon on various GPUs. The high throughput signature generation and verification achieved by this work can be very useful in various emerging applications, including the Internet of Things.

computer science, theory & methods,engineering, electrical & electronic

Honglin Kuang,Yifan Zhao,Yi Sun,Jun Han

DOI: https://doi.org/10.1109/ASICON58565.2023.10396597

2023-01-01

Abstract:We present a general vector instruction extension applicable for both ARM NEON and RISC-V Vector Extension. The extension targets efficient bit-manipulation and can provide considerable speedup for applications in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) such as code-based post-quantum cryptography schemes. The effectiveness of the extension is evaluated by using the custom instructions to optimize the kernel operations in BIKE key-encapsulation schemes. We first innovate vectorized versions of bit-polynomial multiplication and inversion algorithms in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) and propose vector instruction extension. Furthermore, a configurable hardware unit has been proposed to support custom operations of different bandwidths at little cost and constant latency. Both experiments on Xilinx UltraScale+ ZCU104 for ARM and simulations on gem5 for RISC-V have been carried out. Compared to portable C implementation, the result shows a speedup for bit-polynomial multiplication and inversion of up to 13x and 16x in ARM, 13x and 22x in RISC-V respectively.

Honglin Kuang,Yifan Zhao,Jun Han

DOI: https://doi.org/10.1109/APCCAS55924.2022.10090293

2022-01-01

Abstract:Saber is a module-learning with rounding-based post-quantum cryptography (PQC) scheme for key encapsulation mechanism (KEM). It is characterized by the use of power-of-two moduli, which makes all modulus reductions free in hardware. However, such a decision prevents the direct implementation of the asymptotically fastest number theoretic transform (NTT) for the time-consuming polynomial multiplication in Saber. To efficiently multiply polynomials, researches have been done using a schoolbook or Toom-Cook or Karatsuba algorithm. Though these approaches result in decent operating speed at moderate area cost, they are disadvantageous when considering expanding the system to support multiple PQC protocols. To enable NTT for Saber, we choose an appropriate prime and use the sign-magnitude format for computation. A concise and efficient vectorized NTT algorithm has been proposed, based on which we design a configurable vector NTT unit to perform NTT and other arithmetic operations. The accelerator is dedicatedly pipelined to achieve high speed and is driven by custom vector instruction extension of RISC-V. We implement the proposed architecture with vector lanes of 32 and 16 on Xilinx UltraScale+ ZCU111. Results show that our design can achieve up to 5x and 3x improvement in computation time and area-time-product (ATP) respectively for degree-256 polynomials multiplication, compared to the state-of-the-art Saber polynomial multiplier counterparts.

Yucong Huang,Bingzhen Chen,Zhiyuan Xu,Xingbo Wang

DOI: https://doi.org/10.1109/AICAS59952.2024.10595907

2024-04-22

Abstract:Convolution forms the basis of computation in neural network applications. Many different approaches have been proposed in the past years to optimize the convolution operation. In this paper, we propose to use Fermat Number Transform (FNT) technique to accelerate the computation of convolution in neural networks. Calculations in FNT are all based on real numbers, which significantly reduce the complexity as compared to complex-number-based FFT calculations. Furthermore, by using diminished-1 encoding, multiplication and modulo operations can also be simplified into bit manipulations. In this paper, we have constructed a RISC-V based processor, called RISCV-FNT, which incorporates an FNT-based convolution acceleration unit, along with custom instruction sets. FPGA implementation of RISCV-FNT demonstrated an 8.5× speedup compared to other RISC-V processors without FNT acceleration when performing inference tasks on Lenet-5. Synthesized results from Synopsys® DC achieved area energy efficiency of 93.9 GOPs/W/mm2.

Computer Science,Engineering

Tang Hu,Xiangdi Li,Xiao Yu,Songnan Ren,Li Yan,Xuyang Bai,Zhiwei Xu,Shiqiang Zhu

DOI: https://doi.org/10.1109/tcsii.2022.3200750

2022-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:Efficient FPGA-based floating-point singular value decomposition (SVD) is challenging for its enormous complexity with the rapid growth of the matrix dimension. Numerous hardware architectures have been proposed to improve the performance of SVD by increasing capacity of computation units, reusing data, and enhancing bandwidth. These designs, however, are not optimum due to their low parallelism, poor data access efficiency, and inferior iterations scheduling. In this express, we propose a block column vector Hestenes-Jacobi (BCV Jacobi) algorithm that decomposes an arbitrary large matrix into several blocks, enhances the access efficiency by customizing the distinctive data structure, and improves the system-level parallelism by simplifying the iteration scheduling. The proposed BCV Jacobi algorithm also achieves better scalability and efficiency. Experimental results show that the performance of the proposed FPGA based SVD processor is superior to other SVD implementations in terms of parallelism, data access efficiency, matrix size, and execution time. When compared with state of the art SVD accelerator engine, the proposed algorithm speeds up the runtime over $2{\times }$ on average.

Emre Karabulut,Aydin Aysu

DOI: https://doi.org/10.1109/dac18074.2021.9586131

2021-12-05

Abstract:This paper proposes the first side-channel attack on FALCON—a NIST Round-3 finalist for the post-quantum digital signature standard. We demonstrate a known-plaintext attack that uses the electromagnetic measurements of the device to extract the secret signing keys, which then can be used to forge signatures on arbitrary messages. The proposed attack targets the unique floating-point multiplications within FALCON’s Fast Fourier Transform through a novel extend-and-prune strategy that extracts the sign, mantissa, and exponent variables without false positives. The extracted floating-point values are then mapped back to the secret key’s coefficients. Our attack, notably, does not require pre-characterizing the power profile of the target device or crafting special inputs. Instead, the statistical differences on obtained traces are sufficient to successfully execute our proposed differential electromagnetic analysis. The results on an ARM-Cortex-M4 running the FALCON NIST’s reference software show that approximately 10k measurements are sufficient to extract the entire key.

Lu Li,Qi Tian,Guofeng Qin,Shuaiyu Chen,Weijia Wang

DOI: https://doi.org/10.1145/3643826

2024-03-19

ACM Transactions on Embedded Computing Systems

Abstract:Post-quantum cryptography is considered to provide security against both traditional and quantum computer attacks. Dilithium is a digital signature algorithm that derives its security from the challenge of finding short vectors in lattices. It has been selected as one of the standardizations in the NIST post-quantum cryptography project. Hardware-software co-design is a commonly adopted implementation strategy to address various implementation challenges, including limited resources, high performance, and flexibility requirements. In this study, we investigate using compact instruction set extensions (ISEs) for Dilithium, aiming to improve software efficiency with low hardware overheads. To begin with, we propose tightly coupled accelerators that are deeply integrated into the RISC-V processor. These accelerators target the most computationally demanding components in resource-constrained processors, such as polynomial generation, Number Theoretic Transform (NTT), and modular arithmetic. Next, we design a set of custom instructions that seamlessly integrate with the RISC-V base instruction formats, completing the accelerators in a compact manner. Subsequently, we implement our ISEs in a chip design for the Hummingbird E203 core and conduct performance benchmarks for Dilithium utilizing these ISEs. Additionally, we evaluate the resource consumption of the ISEs on FPGA and ASIC technologies. Compared to the reference software implementation on the RISC-V core, our co-design demonstrates a remarkable speedup factor ranging from 6.95 to 9.96. This significant improvement in performance is achieved by incorporating additional hardware resources, specifically, a increase in LUTs, a increase in FFs, 7 additional DSPs, and no additional RAM. Furthermore, compared to the state-of-the-art approach, our work achieves faster speed performance with a reduced circuit cost. Specifically, the usage of additional LUTs, FFs, and RAMs is reduced by , , and , respectively. On ASIC technology, our approach demonstrates 12 412 cell counts. Our co-design provides a better trade-off implementation on speed performance and circuit overheads.

computer science, software engineering, hardware & architecture

Jihye Lee,Whijin Kim,Ji-Hoon Kim

DOI: https://doi.org/10.3390/s23239408

IF: 3.9

2023-11-25

Sensors

Abstract:The advancement of quantum computing threatens the security of conventional public-key cryptosystems. Post-quantum cryptography (PQC) was introduced to ensure data confidentiality in communication channels, and various algorithms are being developed. The National Institute of Standards and Technology (NIST) has initiated PQC standardization, and the selected algorithms for standardization and round 4 candidates were announced in 2022. Due to the large memory footprint and highly repetitive operations, there have been numerous attempts to accelerate PQC on both hardware and software. This paper introduces the RISC-V instruction set extension for NIST PQC standard algorithms and round 4 candidates. The proposed programmable crypto-processor can support a wide range of PQC algorithms with the extended RISC-V instruction set and demonstrates significant reductions in code size, the number of executed instructions, and execution cycle counts of target operations in PQC algorithms of up to 79%, 92%, and 87%, respectively, compared to RV64IM with optimization level 3 (-O3) in the GNU toolchain.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yifan Zhao,Ruiqi Xie,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/tcsi.2022.3162593

2022-01-01

Abstract:The 5G edge computing infrastructure should be empowered with quantum attack resistance by implementing post-quantum cryptography (PQC). Among various PQC schemes, lattice-based cryptography (LBC) based on learning with error (LWE) has attracted much attention because of its performance efficiency and security guarantee. In LWE-based LBCs, the Module-LWE-based schemes gain advantage over the others benefiting from the unique polynomial matrix and vector structure. To provide a high-performance implementation of Module-LWE applications for the edge computing paradigm, we propose a domain-specific processor based on a matrix extension of RISC-V architecture. This custom extension encapsulates the matrix-based ring operations with a high-level functional abstraction. A 2-D systolic array with configurable functionality is proposed to perform matrix-based number theoretic transform (NTT) and other arithmetic operations, achieving high data-level parallelism with support for the variable-sized polynomial matrix and vector structure. As this structure of Module-LWE involves no data dependency between different inner elements, an out-of-order mechanism is further developed to exploit the instruction-level parallelism. We implement the proposed architecture under TSMC 28nm technology. The evaluation results show that our implementation can achieve up to and improvement in cycle count respectively in Kyber and Dilithium, compared to the state-of-the-art crypto-processor counterparts.

Weizhen Wang,Jun Han,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1016/j.mejo.2021.105165

IF: 1.992

2021-01-01

Microelectronics Journal

Abstract:With the prevailing of Internet-of-Things (IoT) technology, information security for ever-growing connected devices is an inevitable issue and gaining more attention. However, implementation of cryptography algorithms on battery-powered IoT devices is challenging due to limited power-budget. In this paper, we present an energy-efficient crypto-coprocessor. This coprocessor is designed with a unified pipelined structure for cryptography primitives of 128-bit or 256-bit data path and supports cryptography algorithms including AES, ECC and SHA. Since the clock tree and the sequential circuits dissipate a large percentage of the chip power, a conditional-charged flip-flop is proposed to reduce the clock tree power. Our design is integrated with an open-sourced RISC-V core as a crypto-extension, and shows both good flexibility and high energy-efficiency. This work is implemented in 28 nm technology and the power consumption for different cryptography applications is evaluated with post-layout simulation. When simulated with NIST prime fields curve P-256 and binary fields curve K-233, the energy consumed for one base point scalar multiplication is 43.54 μJ and 20.40 μJ, respectively. The proposed design consumes 0.0568 nJ/bit and 0.0288 nJ/bit for the AES-GCM mode and the AES-CBC mode, respectively. As for SHA-256, each bit requires 0.0874 nJ. Compared with previous works, this work provides both flexibility and high energy performance.

Luca Bertaccini,Gianna Paulin,Matheus Cavalcante,Tim Fischer,Stefan Mach,Luca Benini

DOI: https://doi.org/10.1109/tetc.2024.3365354

2024-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Low-precision floating-point (FP) formats have recently been intensely investigated in the context of machine learning inference and training applications. While 16-bit formats are already widely used, 8-bit FP data types have lately emerged as a viable option for neural network training when employed in a mixed-precision scenario and combined with rounding methods increasing the precision in compound additions, such as stochastic rounding. So far, hardware implementations supporting FP8 are mostly implemented within domain-specific accelerators. We propose two RISC-V instruction set architecture (ISA) extensions, enhancing respectively scalar and vector general-purpose cores with low and mixed-precision capabilities. The extensions support two 8-bit and two 16-bit FP formats and are based on dot-product instructions accumulating at higher precision. We develop a hardware unit supporting mixed-precision dot products and stochastic rounding and integrate it into an open-source floating-point unit (FPU). Finally, we integrate the enhanced FPU into a cluster of scalar cores, as well as a cluster of vector cores, and implement them in a 12 nm FinFET technology. The former achieves 575 GFLOPS/W on FP8-to-FP16 matrix multiplications at 0.8 V, 1.26 GHz; the latter reaches 860 GFLOPS/W at 0.8 V, 1.08 GHz, 1.93x higher efficiency than computing on FP16-to-FP32.

computer science, information systems,telecommunications

Florian Zaruba,Fabian Schuiki,Luca Benini

DOI: https://doi.org/10.48550/arXiv.2008.06502

2020-11-20

Abstract:Data-parallel problems demand ever growing floating-point (FP) operations per second under tight area- and energy-efficiency constraints. In this work, we present Manticore, a general-purpose, ultra-efficient chiplet-based architecture for data-parallel FP workloads. We have manufactured a prototype of the chiplet's computational core in Globalfoundries 22FDX process and demonstrate more than 5x improvement in energy efficiency on FP intensive workloads compared to CPUs and GPUs. The compute capability at high energy and area efficiency is provided by Snitch clusters containing eight small integer cores, each controlling a large FPU. The core supports two custom ISA extensions: The SSR extension elides explicit load and store instructions by encoding them as register reads and writes. The FREP extension decouples the integer core from the FPU allowing floating-point instructions to be issued independently. These two extensions allow the single-issue core to minimize its instruction fetch bandwidth and saturate the instruction bandwidth of the FPU, achieving FPU utilization above 90%, with more than 40% of core area dedicated to the FPU.

Hardware Architecture