Abstract
This paper presents a hardware implementation of a Residue Polynomial Multiplier (RPM), designed to accelerate the full Residue Number System (RNS) variant of the Fan-Vercauteren scheme proposed by Bajard et al. [BEHZ16]. Our design speeds up polynomial multiplication via a Negative Wrapped Convolution (NWC) which locally computes the required RNS channel dependent twiddle factors. Compared to related works, this design is more versatile regarding the addressable parameter sets for the BFV scheme. This is mainly brought by our proposed twiddle factor generator that makes the design BRAM utilization independent of the RNS basis size, with a negligible communication bandwidth usage for non-payload data. Furthermore, the generalization of a DFT hardware generator is explored in order to generate RNS friendly NTT architectures. This approach helps us to validate our RPM design over parameter sets from the work of Halevi et al. [HPS18]. For the depth-20 setting, we achieve an estimated speed up for the residue polynomial multiplications greater than 76 during ciphertexts multiplication, and greater than 16 during relinearization. It thus results in a single-threaded Mult&Relin ciphertext operation in 109.4 ms (×3.19 faster than [HPS18]) with RPM counting for less than 15% of the new computation time. Our RPM design scales up with reasonable use of hardware resources and realistic bandwidth requirements. It can also be exploited for other RNS based implementations of RLWE cryptosystems.
Highlights
Since the first Fully Homomorphic Encryption (FHE) scheme presented by Gentry [G+09] in 2009, homomorphic cryptography has been an active research area
This paper focuses on the FV scheme [FV12] and its full Residue Number System (RNS) variant brought by Bajard et al [BEHZ16] and further improved by Halevi et al [HPS18]
Following the mainstream approach to improve homomorphic evaluations based on RNS and Negative Wrapped Convolution (NWC), this work explores the feasibility of a pipelined Residue Polynomial Multiplier (RPM) in a single flow
Summary
Since the first Fully Homomorphic Encryption (FHE) scheme presented by Gentry [G+09] in 2009, homomorphic cryptography has been an active research area. Following the mainstream approach to improve homomorphic evaluations based on RNS and NWC, this work explores the feasibility of a pipelined Residue Polynomial Multiplier (RPM) in a single flow. To design this RPM, we present a generalization of the DFT architectures generated by the SPIRAL hardware backend, presented in [MFHP12], in order to generate NTT architectures independent of a predefined finite field. The resulting streaming NTT design is finite-field independent by means of cyclic reprogramming of twiddle factors memories Another contribution is the design of a twiddle factor generator that makes our approach scalable over practical homomorphic encryption parameter sets. The conclusion highlights the main teachings of this work, and draws some perspectives
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
