Abstract:Information is pivotal in contemporary society, highlighting the necessity for a secure cryptographic system. The emergence of quantum algorithms and the swift advancement of specialized quantum computers will render traditional cryptography susceptible to quantum attacks in the foreseeable future. The lattice-based Saber key encapsulation protocol holds significant value in cryptographic research and practical applications. In this paper, we propose three types of polynomial multipliers for various application scenarios including lightweight Schoolbook multiplier, high-throughput multiplier based on the TMVP-Schoolbook algorithm and improved pipelined NTT multiplier. Other principal modules of Saber are designed encompassing the hash function module, sampling module and functional submodule. Based on our proposed multiplier, we implement the overall hardware circuits of the Saber key encapsulation protocol. Experimental results demonstrate that our overall hardware circuits have different advantages. Our lightweight implementation has minimal resource consumption. Our high-throughput implementation only needs 23.28 μs to complete the whole process, which is the fastest among the existing works. The throughput rate is 10,988 Kbps and the frequency is 416 MHz. Our hardware implementation based on the improved pipelined NTT multiplier achieved a good balance between area and performance. The overall frequency can reach 357 MHz.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is: With the rapid development of quantum computing technology, traditional encryption algorithms (such as RSA) may be threatened by quantum attacks in the future. Therefore, it is necessary to develop post - quantum encryption algorithms that can resist quantum attacks. Specifically, this paper focuses on the efficient hardware implementation of the Saber key encapsulation protocol. ### Problem Background 1. **Vulnerability of Traditional Encryption Algorithms** - Traditional encryption algorithms (such as RSA) rely on mathematical problems (such as integer factorization). These problems are difficult to crack on classical computers but may become easy in the face of quantum computers. - With the development of quantum algorithms and dedicated quantum computers, traditional encryption algorithms will face the risk of quantum attacks. 2. **Requirement for Post - Quantum Encryption Algorithms** - Post - quantum encryption algorithms (such as the Saber key encapsulation protocol based on lattice theory) aim to resist quantum attacks. - Although the Saber protocol was eliminated in the third round of NIST evaluation, it still has obvious advantages in hardware implementation, transmission bandwidth, and security, and is suitable for further research and application. ### Research Objectives The objective of this paper is to design and implement an efficient hardware circuit for the Saber key encapsulation protocol to meet the needs of different application scenarios. Specifically, it includes: 1. **Propose Three Polynomial Multipliers** - **Light - weight Schoolbook Multiplier**: Suitable for resource - constrained scenarios. - **High - Throughput Multiplier Based on the TMVP - Schoolbook Algorithm**: Suitable for scenarios requiring high - speed processing. - **Improved Pipelined NTT Multiplier**: Achieves a good balance between area and performance. 2. **Design Other Main Modules** - Hash Function Module - Sampling Module - Functional Sub - module 3. **Experimental Verification** - Demonstrate the advantages of the proposed hardware circuit in different aspects, such as resource consumption, throughput, and frequency, through experimental results. ### Main Contributions - Proposed three polynomial multipliers suitable for different application scenarios, optimizing the core operations of the Saber protocol. - Designed a complete hardware circuit for the Saber key encapsulation protocol, demonstrating its superior performance in terms of resource consumption, throughput, and frequency. - Provided valuable references and practical experiences for the future hardware implementation of post - quantum encryption algorithms. In conclusion, this paper improves the performance of the Saber key encapsulation protocol through efficient hardware design, providing strong support for dealing with future quantum attacks.

High-Performance Hardware Implementation of the Saber Key Encapsulation Protocol

A Folded Computation-in-Memory Accelerator for Fast Polynomial Multiplication in BIKE.

Implementation of elliptic curve cryptography accelerator

A 334$μ$W 0.158mm$^2$ ASIC for Post-Quantum Key-Encapsulation Mechanism Saber with Low-latency Striding Toom-Cook Multiplication Authors Version

A High-Speed NTT-Based Polynomial Multiplication Accelerator with Vector Extension of RISC-V for Saber Algorithm

High-Speed VLSI Architectures for Modular Polynomial Multiplication via Fast Filtering and Applications to Lattice-Based Cryptography

High-Speed NTT Accelerator for CRYSTAL-Kyber and CRYSTAL-Dilithium

LWRpro: an Energy-Efficient Configurable Crypto-Processor for Module-LWR.

A Flexible and High-Performance Lattice-Based Post-Quantum Crypto Secure Coprocessor

Design Space Exploration of SABER in 65nm ASIC

A Low Cost High Performance Polynomial Multiplier Design for FPGA Implementation

Hardware Design and Optimization of Polynomial Multiplication for Post-Quantum Cryptography Algorithm Based on NTT

DCryp-Unit: Crypto Hardware Accelerator Unit Design for Elliptic Curve Point Multiplication

A Number Theoretic Transform Accelerator with Two Parallel Simplified Butterfly Units

Hardware Acceleration for High-Volume Operations of CRYSTALS-Kyber and CRYSTALS-Dilithium

Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography

A Low-Latency Polynomial Multiplier Accelerator for CRYSTALS-Dilithium Digital Signature

16.2 A 28nm 69.4kOPS 4.4μJ/Op Versatile Post-Quantum Crypto-Processor Across Multiple Mathematical Problems.

Scalable and Parallel Optimization of the Number Theoretic Transform Based on FPGA

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols

Towards High-Performance Supersingular Isogeny Cryptographic Hardware Accelerator Design