Abstract
Post-quantum cryptosystems should be prepared before the advent of powerful quantum computers to ensure information secure in our daily life. In 2016 a post-quantum standardization contest was launched by National Institute of Standards and Technology (NIST), and there have been lots of works concentrating on evaluation of these candidate protocols, mainly in pure software or through hardware-software co-design methodology on different platforms. As the contest progresses to third round in July 2020 with only 7 finalists and 8 alternate candidates remained, more dedicated and specific hardware designs should be considered to illustrate the intrinsic property of a certain protocol and achieve better performance. To this end, we present a standalone hardware design of CRYSTALS-KYBER, amodule learning-with-errors (MLWE) based key exchange mechanism (KEM) protocol within the 7 finalists on FPGA platform. Through elaborate scheduling of sampling and number theoretic transform (NTT) related calculations, decent performance is achieved with limited hardware resources. The way that Encode/Decode and the tweaked Fujisaki-Okamoto transform are implemented is demonstrated in detail. Analysis about minimizing memory footprint is also given out. In summary, we realize the adaptive chosen ciphertext attack (CCA) secure Kyber with all selectable module dimension k on the smallest Xilinx Artix-7 device. Our design computes key-generation, encapsulation (encryption) and decapsulation (decryption and reencryption) phase in 3768/5079/6668 cycles when k = 2, 6316/7925/10049 cycles when k = 3, and 9380/11321/13908 cycles when k = 4, consuming 7412/6785 LUTs, 4644/3981 FFs, 2126/1899 slices, 2/2 DSPs and 3/3 BRAMs in server/client with 6.2/6.0 ns critical path delay, outperforming corresponding high level synthesis (HLS) based designs or hardware-software co-designs to a large extent.
Highlights
Powerful quantum computers would render the public key cryptosystems currently used in our daily life insecure, with which the underlying mathematical hard problem integer factorization, discrete logarithm that considered to be infeasible to handle in classic computer architecture can be broken in polynomial time by Shor’s algorithm [Sho94]
The post-quantum cryptography (PQC), study of cryptosystems that would be secure against adversaries who have access to both classic and quantum computers, is under intensive research in academia and within industrial community
Detailed cycle counts corresponding to each procedure in server side when k takes 3 is listed in Table 8, where procedures conducted concurrently in number theoretic transform (NTT) core and hash module reside in the same line
Summary
Powerful quantum computers would render the public key cryptosystems currently used in our daily life insecure, with which the underlying mathematical hard problem integer factorization, discrete logarithm that considered to be infeasible to handle in classic computer architecture can be broken in polynomial time by Shor’s algorithm [Sho94]. In December 2016, NIST launched a contest of new post-quantum cryptographic schemes and called for proposals from all over the world, aiming to form public key cryptography standards before the upcoming quantum era. In total 15 out of 26 second round candidates get through, of which 7 have been selected as finalists and the other 8 as alternate candidates [AASA+20]. These schemes base their security on different mathematical hard problems, and the evaluation criteria used to compare schemes throughout standardization process mainly focuses on three aspects, namely security, cost & performance, and algorithm & implementation characteristics, in a decreasing order of importance
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
