Aobo Li,Dongsheng Liu,Xiang Li,Tianze Huang,Shuo Yang,Jiahao Lu,Ang Hu

DOI: https://doi.org/10.1109/a-sscc56115.2022.9980779

2022-01-01

Abstract:Post-quantum cryptography (PQC) uses novel difficult mathematical principles to defend the cracking of quantum computers which threaten the traditional crypto system such as Rivest–Shamir– Adleman (RSA) and elliptic curves cryptography (ECC). The lattice-based PQC schemes are currently the most potential candidates. The software methods of these schemes are usually low speed, and optimized dedicated hardware design can accelerate the algorithms. Saber and Kyber are two PQC algorithms which are based on difficult lattice problems of “Module Learning with Rounding” (M-LWR) and “Module Learning with Errors” (M-LWE). They have different modulus computing domains, which are $2 ^{13}$ and prime 3329 respectively. These characteristics lead to complicated solution and slow operation of conventional implementation, which is not conducive to resource efficiency and flexibility. In this work, we proposed a reconfigurable arithmetic unit with variable modulus domains, and combined with custom instruction-set architecture to design a flexible crypto processor for M-LWR and M-LWE. The work achieved the flexible implementation of variable parameters and instruction programming under the strategy of resource efficiency and performance trade-off, and verified on the FPGA platform.

Jiaming Zhang,Jiahao Lu,Dongsheng Liu,Aobo Li,Xiang Li,Shuo Yang,Ang Hu,Xuecheng Zou

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347942

2023-01-01

Abstract:With the development of quantum computers in recent years, the security of traditional public-key encryption algorithms is facing serious threats, and post-quantum cryptography (PQC) algorithms that can resist quantum computer attacks are urgently needed. CRYSTALS-KYBER as the finalized NIST key-encapsulation scheme, is continuously advancing the standardization process. The existing hardware implementations of Kyber mostly use compact architectures to pursue high speed and high performance with the cost of programmability, while most hardware-software co-designs suffer from low parallelism and performance. Aiming at flexibly and efficiently implementing the key encapsulation mechanism (KEM) of Kyber, this work presents a single instruction multiple data (SIMD) Kyber coprocessor that supports the RISC-V instruction-set. A reconfigurable polynomial and logic unit (PLU) is designed, which can accelerate all types of polynomial vector instruction operations, and a dynamic hardware scheduling strategy is proposed to enable different types of instructions to be executed parallelly, improving the coprocessor pipeline throughput. Implemented on the Ultrascale+ FPGA platform and evaluated under SMIC 40nm technology, the proposed coprocessor achieves the fastest computing speed with the lowest power consumption and 3.5×/6.2× improvement in FPGA/ASIC AT product efficiency.

Jiaming Zhang,Jiahao Lu,Aobo Li,Mingbo Wang,Xiang Li,Tianze Huang,Lei Chen,Dongsheng Liu

DOI: https://doi.org/10.1109/tcsii.2024.3382772

2024-01-01

Abstract:Security systems based on traditional cryptography mechanisms are at risk of being cracked by quantum computers in the future. CRYSTALS-KYBER (Kyber) as the NIST finalized lattice-based post-quantum cryptography (PQC) algorithm, will be widely used in public-key encryption scenarios. Although quantum-difficulty assumptions based on lattice math problems make Kyber quantum-resistant, how to effectively implement it into systems with different security needs remains a challenge. This brief presents a dual-issue superscalar Kyber processor (Super-K) that supports customized RISC-V instruction-set architecture (ISA) and implements the key encapsulation mechanism (KEM) flexibly and efficiently. A reconfigurable polynomial arithmetic unit (PAU) is designed, which optimizes the compress/decompress process, and accelerates polynomial operations efficiently by optimal parallelism. The pipelining scheduling technique is used in Super-K to improve instruction level parallelism and reduce time consumption. Super-K is implemented on UltraScale+ FPGA platform and evaluated under SMIC 40nm technology, which achieves the fastest computational speed with the lowest power consumption and $1.4\times /8.2\times $ improvement in FPGA/ASIC AT product efficiency.

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

He Li,Yongming Tang,Zhiqiang Que,Jiliang Zhang

DOI: https://doi.org/10.1109/tnano.2022.3217802

2022-01-01

IEEE Transactions on Nanotechnology

Abstract:Recent advancement in quantum information processing technology has led to the emergence of advanced cryptography in the post-quantum era. Next generation cryptographic techniques aim to be mathematically resistant against any known attacks related to quantum computing, and can be easily implemented on traditional hardware platforms. The National Institutes of Standards and Technology (NIST) has entered the fourth-round standardization process of post-quantum cryptography (PQC). Software implementations of PQC candidates have been widely investigated. Interests in domain-specific hardware acceleration of PQC algorithms have risen, in particular using field-programmable gate arrays (FPGAs). While conventional general-purpose hardware platforms have been used for PQC implementations, modern FPGAs promise software-hardware co-optimisation, deep pipeline parallelism and trivial support for custom-precision arithmetic. Therefore, the time is ripe for reviewing recent FPGA-based PQC implementations. This article first surveys state-of-the-art advances in PQC implementations on FPGAs, including fast arithmetic, algorithm-hardware codesign approaches and open-source PQC hardware projects, then gives a brief review of recent attacks on PQC algorithms and their hardware implementations. Finally, we summarise the challenges for hardware implementations along with potential research directions in this promising field.

Archisman Ghosh,Jose Maria Bermudo Mera,Angshuman Karmakar,Debayan Das,Santosh Ghosh,Ingrid Verbauwhede,Shreyas Sen

2023-05-18

Abstract:The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard & Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice based cryptography. Because public key cryptography is mostly used to establish common secret keys, focus is on compact area, power and energy budget and to a lesser extent on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT) based multiplications, in this paper we highly optimize a Toom-Cook based multiplier. We demonstrate that a memory-efficient striding Toom-Cook with lazy interpolation, results in a highly compact, low power implementation, which on top enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating and shift-add multiplier has helped to achieve 38% less power than state-of-the art PQC core, 4x less memory, 36.8% reduction in multiplier energy and 118x reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes 0.158mm2 active area which is lowest reported till date despite process disadvantages of the state-of-the-art designs.

Cryptography and Security

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Min Zhu,Qi Zhao,Jinjiang Yang,Chen Chen,Qichao Tao,Guang Yang,Aoyang Zhang,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC49657.2024.10454332

2024-01-01

Abstract:The migration towards post-quantum cryptography (PQC) is in progress to secure communications and transactions against the impending quantum threat, while three key-encapsulation mechanisms (KEM) and one digital signature (DS) scheme are being standardized by NIST [1]. This multi-year migration poses serious challenges to PQC implementations for compatibility and performance requirements in various scenarios and settings: 1) Performance limitations caused by diverse computation patterns and relatively higher computation costs. 2) Crypto-agility resulting from different mathematical problems, various security parameters, or even different standardization bodies. 3.) Domain-specific optimization to address the long-term security of the evolving algorithm families. However, most existing PQC accelerators [2, 3, 5] were only customized for specific algorithms based on unique mathematical problems. The latest configurable PQC processor [4] did not support Falcon and Sphincs+, which are being drafted for standardization. To address this issue, a versatile PQC processor fabricated in 28nm is presented with three key features: 1) task-clustering-based architecture for scalable processing with aggressive parallelism; 2) region-based task-path (TP) with dynamic update for agile cryptographic computing; 3) efficient PQC task-operators (TO), including hash/sample, format, floating-point/complex, encoding/decoding operators, for further improvements on throughput and energy-efficiency. Based on these contributions, the proposed chip supports all predominant schemes in NIST’s PQC standardization, while still delivering 44.6% and 10.3% improvements in the throughput and energy-delay product (EDP), respectively, relative to a state-of-the-art design [4].

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Latif Akçay,Berna Örs Yalçın

DOI: https://doi.org/10.1007/s13369-024-08976-w

IF: 2.807

2024-04-20

Arabian Journal for Science and Engineering

Abstract:Abstract Lattice-based cryptography (LBC) algorithms are considered suitable candidates for post-quantum cryptography (PQC), as they dominate the standardization process put forward by the National Institute of Standards and Technology (NIST). Indeed, three of the four key encapsulation mechanism (KEM) algorithms in the third round of the process are based on computationally hard lattice problems. On the other hand, there is an urgent need for processor designs that can run PQC algorithms efficiently, especially for embedded systems. This study presents an application-specific instruction set processor (ASIP) design for the Kyber, Saber, and NewHope algorithms based on transport triggered architecture (TTA). Custom hardware accelerators are added to the baseline processor architecture for computation-intensive steps without applying any software optimization to the reference code. We compared FPGA and ASIC implementations of our design with the prominent RISC-V cores and instruction set extension studies in the literature. According to the results, the proposed design offers greater efficiency, better performance, and lower resource utilization than its competitors in most cases.

multidisciplinary sciences

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Jiaming Zhang,Tianze Huang,Siqi Xiong

DOI: https://doi.org/10.1109/MCSoC60832.2023.00009

2023-01-01

Abstract:The Internet of Things (IoT) communication prevents information from being decrypted or tampered with by unauthorized third parties. Post-quantum cryptography ensures that the information exchange between IoT devices can resist potential quantum computer attacks, thereby enhancing the quantum security of the IoT. This paper presents a quantum-secure hardware-software architecture for embedded systems. An FPGA-based post-quantum cryptographic Kyber accelerator and an STM32 microcontroller with AES encryption are integrated into the system. Customized hardware structures such as hash and modular arithmetic unit provide faster calculation speed. The command exchange protocol bridges embedded software and FPGA hardware. The server handles key generation and decryption, while the client manages encryption. AES-256 encryption is utilized to ensure the confidentiality and integrity of the data and keys, with the Kyber algorithm encrypting the session keys. Compared to previous works, this implementation demonstrates better resource utilization as well as enhanced performance in key generation, encryption, and decryption. Hardware implementation operates at 100MHz on the Artix-7 FPGA platform, consuming 20,782 LUTs, 5,077 FFs, 7.5 BRAMs, and 8 DSPs. The architecture also achieves up to 1.5x speed improvements in encryption and similar enhancements in decryption across various security levels.

Zewen Ye,Ruibing Song,Hao Zhang,Donglong Chen,Ray Chak-Chung Cheung,Kejie Huang

DOI: https://doi.org/10.46586/tches.v2024.i2.130-153

2024-01-01

Abstract:Lattice-Based Cryptography (LBC) schemes, like CRYSTALS-Kyber and CRYSTALS-Dilithium, have been selected to be standardized in the NIST Post-Quantum Cryptography standard. However, implementing these schemes in resourceconstrained Internet-of-Things (IoT) devices is challenging, considering efficiency, power consumption, area overhead, and flexibility to support various operations and parameter settings. Some existing ASIC designs that prioritize lower power and area can not achieve optimal performance efficiency, which are not practical for battery-powered devices. Custom hardware accelerators in prior co-processor and processor designs have limited applications and flexibility, incurring significant area and power overheads for IoT devices. To address these challenges, this paper presents an efficient lattice-based cryptography processor with customized Single-Instruction-Multiple-Data (SIMD) instruction. First, our proposed SIMD architecture supports efficient parallel execution of various polynomial operations in 256-bit mode and acceleration of Keccak in 320-bit mode, both utilizing efficiently reused resources. Additionally, we introduce data shuffling hardware units to resolve data dependencies within SIMD data. To further enhance performance, we design a dual-issue path for memory accesses and corresponding software design methodologies to reduce the impact of data load/store blocking. Through a hardware/software co-design approach, our proposed processor achieves high efficiency in supporting all operations in lattice-based cryptography schemes. Evaluations of Kyber and Dilithium show our proposed processor achieves over 10x speedup compared with the baseline RISC-V processor and over 5x speedup versus ARM Cortex M4 implementations, making it a promising solution for securing IoT communications and storage. Moreover, Silicon synthesis results show our design can run at 200 MHz with 2.01 mW for Kyber KEM 512 and 2.13 mW for Dilithium 2, which outperforms state-of-the-art works in terms of PPAP (Performance x Power x Area).

Guozhu Xin,Jun Han,Tianyu Yin,Yuchao Zhou,Jianwei Yang,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2020.2983185

2020-08-01

Abstract:In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.

Shuo Yang,Dongsheng Liu,Ang Hu,Aobo Li,Jiaming Zhang,Xiang Li,Jiahao Lu,Changwen Mo

DOI: https://doi.org/10.1109/asianhost56390.2022.10022178

2022-01-01

Abstract:Post-quantum cryptography (PQC) is proposed to resist the attack of quantum computer. Among various PQC schemes, lattice-based cryptography depended on learning with errors (LWE) problem has attracted much attention. As one of the lattice-based PQC schemes, number theory research unit (NTRU) algorithm is flexible, simple and fast. In this paper, we propose a high-performance cryptographic processor towards NTRU. In the processor, we optimize instruction set architecture, which also saves memories. Three-level Karatsuba method is utilized to accelerate polynomial multiplication, and the computing time is reduced by 10x. Fixed and custom instructions are used to control the whole data path, with flexibility and high efficiency. Compared to other FPGA implementations, the results show this design performs the highest operating frequency of 200MHz, only consumes 28k look-up tables (LUTs). Besides, it has the shortest time of encryption, decryption and the best area-time product (ATP), which is 1.4x better than state-of-the-art work.

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Qi Zhao,Min Zhu,Jinjiang Yang,Chen,Qichao Tao,Hanning Wang,Guang Yang,Shaojun Wei,Aoyang Zhang,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2024.3476949

IF: 5.4

2024-01-01

IEEE Journal of Solid-State Circuits

Abstract:Post-quantum cryptography (PQC) is currently being standardized to replace the existing public-key cryptography for data security in the era of quantum computing. PQC algorithms exhibit considerable diversity in their underlying mathematical problems, storage requirements, and computational patterns, thus complicating unified PQC architecture design. To address this issue, a unified PQC domain-specific accelerator (DSA), post-quantum processing unit (PQPU), is proposed to address the trade-off between performance and flexibility at the algorithm, architecture, and circuit levels. First, a task-clustering-based framework is proposed to enable task-level parallel execution by utilizing the inherent parallelism and common functions across different PQC algorithms. Second, a region-based dynamically updated task path (TP) is constructed to facilitate automatic task-dependency management, with agile control flow and minimized overheads. Finally, algorithm-hardware co-optimizations are proposed in each task cluster to improve throughput and energy efficiency. Fabricated in a 28-nm process, PQPU has energy efficiency and throughput of 4.4 mu J/Op and 69.4 kOPS. The energy-delay product (EDP) and throughput achieved are 19.3% and 44.6% compared to the state-of-the-art design, respectively. To the best of our knowledge, PQPU is the first silicon-proven PQC accelerator that supports all valid schemes in NIST PQC standardization.

Yihong Zhu,Wenping Zhu,Min Zhu,Chongyang Li,Chenchen Deng,Chen Chen,Shuying Yin,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC42614.2022.9731783

2022-01-01

Abstract:In the post-quantum era, post-quantum cryptography (PQC) processors are required to ensure quantum-secure communication and e-commerce with high throughput, while maintaining adequate flexibility to execute different crypto-primitives, such as key encapsulation mechanism (KEM) and digital signature (DS) at multiple security levels with evolving modifications. The PQC standards, which are based on multiple mathematical problems, will be available around the end of 2021 in NIST's PQC standardization (Fig. 34.1.1). Crypto-agility, coupled with new mathematical calculations, high computing complexity, and large memory consumption brings challenges to the design of PQC processors considering flexibility, throughput, and energy efficiency.

Utsav Banerjee,Tenzin S. Ukyab,Anantha P. Chandrakasan

DOI: https://doi.org/10.13154/tches.v2019.i4.17-61

2019-10-26

Abstract:Public key cryptography protocols, such as RSA and elliptic curve cryptography, will be rendered insecure by Shor's algorithm when large-scale quantum computers are built. Cryptographers are working on quantum-resistant algorithms, and lattice-based cryptography has emerged as a prime candidate. However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on low-power embedded devices. To address this challenge, we present Sapphire - a lattice cryptography processor with configurable parameters. Efficient sampling, with a SHA-3-based PRNG, provides two orders of magnitude energy savings; a single-port RAM-based number theoretic transform memory architecture is proposed, which provides 124k-gate area savings; while a low-power modular arithmetic unit accelerates polynomial computations. Our test chip was fabricated in TSMC 40nm low-power CMOS process, with the Sapphire cryptographic core occupying 0.28 mm2 area consisting of 106k logic gates and 40.25 KB SRAM. Sapphire can be programmed with custom instructions for polynomial arithmetic and sampling, and it is coupled with a low-power RISC-V micro-processor to demonstrate NIST Round 2 lattice-based CCA-secure key encapsulation and signature protocols Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations. All key building blocks of Sapphire are constant-time and secure against timing and simple power analysis side-channel attacks. We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware.

Cryptography and Security,Hardware Architecture

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Yihong Zhu,Wenping Zhu,Chongyang Li,Min Zhu,Chenchen Deng,Chen Chen,Shuying Yin,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2022.3216758

2022-12-31

Abstract:Post-quantum cryptography (PQC) is investigated to replace the classical public cryptography algorithms, which would be completely broken by large-scale quantum computers. However, current PQC schemes have completely different mathematical foundations and parameter sets, which makes the implementation of unified PQC processor extremely challenging. To address this issue, an agile PQC processor, RePQC, is proposed in this work to support schemes on multiple mathematical problems. First, the hierarchical calculation framework, ranging from algorithm level, task level, and coefficient level, is proposed to achieve desirable flexibility and energy efficiency. Second, a hybrid processing element array is built to support arithmetic and logical operations simultaneously, while algorithm-hardware co-design is utilized in task-level schedulers to further improve the algorithm-oriented energy efficiency. Finally, parallelism exploration and algorithm-level computation transformation is further utilized to optimize the configuration on RePQC for higher throughput. Fabricated in a 28-nm process, RePQC achieves the energy efficiency of 3.4 uJ/Op and the throughput of 48 kOPS, which is and higher than the state-of-the-art work, respectively. To the best of our knowledge, RePQC is the first silicon-proven PQC processor for different mathematical problems.

engineering, electrical & electronic

Yifan Zhao,Ruiqi Xie,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/tcsi.2022.3162593

2022-01-01

Abstract:The 5G edge computing infrastructure should be empowered with quantum attack resistance by implementing post-quantum cryptography (PQC). Among various PQC schemes, lattice-based cryptography (LBC) based on learning with error (LWE) has attracted much attention because of its performance efficiency and security guarantee. In LWE-based LBCs, the Module-LWE-based schemes gain advantage over the others benefiting from the unique polynomial matrix and vector structure. To provide a high-performance implementation of Module-LWE applications for the edge computing paradigm, we propose a domain-specific processor based on a matrix extension of RISC-V architecture. This custom extension encapsulates the matrix-based ring operations with a high-level functional abstraction. A 2-D systolic array with configurable functionality is proposed to perform matrix-based number theoretic transform (NTT) and other arithmetic operations, achieving high data-level parallelism with support for the variable-sized polynomial matrix and vector structure. As this structure of Module-LWE involves no data dependency between different inner elements, an out-of-order mechanism is further developed to exploit the instruction-level parallelism. We implement the proposed architecture under TSMC 28nm technology. The evaluation results show that our implementation can achieve up to and improvement in cycle count respectively in Kyber and Dilithium, compared to the state-of-the-art crypto-processor counterparts.

Jiahao Lu,Jiaming Zhang,Zhixiang Luo,Aobo Li,Tianze Huang,Dongsheng Liu,Chi Cheng

DOI: https://doi.org/10.1109/mwscas60917.2024.10658892

2024-01-01

Abstract:The globalized migration towards post-quantum cryptography (PQC) is accelerating to protect communications against the upcoming quantum threat. However, the resource-constrained IoT communication devices limits the deployment multiple PQC algorithms, which is hard to fulfill the various security requirements of IoT devices. In this paper, an efficient hardware architecture compatible with customized instruction format is proposed, which is compatible with CRYSTALS-Kyber and Dilithium. Following the methodology of maximize-reuse, a configurable polynomial modular arithmetic unit is presented to execute all the required modes of polynomial modular operations in pipeline. Implemented on UltraScale+ and Artix-7 platforms, the proposed architecture consumes 2310 and 4028 equivalent slices at a maximum frequency of 280MHz and 99MHz in two platforms. Compared to the state-of-the-art Kyber-only and Dilithium-only researches, this work supports two algorithms simultaneously and realizes the lowest area-time (AT) value for Dilithium and a competitive AT value for Kyber.