Abstract
We present and evaluate a custom extension to the RISC-V instruction set for finite field arithmetic. The result serves as a very compact approach to software-hardware co-design of PQC implementations in the context of small embedded processors such as smartcards. The extension provides instructions that implement finite field operations with subsequent reduction of the result. As small finite fields are used in various PQC schemes, such instructions can provide a considerable speedup for an otherwise software-based implementation. Furthermore, we create a prototype implementation of the presented instructions for the extendable VexRiscv core, integrate the result into a chip design, and evaluate the design on two different FPGA platforms. The effectiveness of the extension is evaluated by using the instructions to optimize the Kyber and NewHope key-encapsulation schemes. To that end, we also present an optimized software implementation for the standard RISC-V instruction set for the polynomial arithmetic underlying those schemes, which serves as basis for comparison. Both variants are tuned on an assembler level to optimally use the processor pipelines of contemporary RISC-V CPUs. The result shows a speedup for the polynomial arithmetic of up to 85% over the basic software implementation. Using the custom instructions drastically reduces the code and data size of the implementation without introducing runtime-performance penalties at a small cost in circuit size. When used in the selected schemes, the custom instructions can be used to replace a full general purpose multiplier to achieve very compact implementations.
Highlights
Since the beginning of the 21st century, the developments in quantum computing have been building up momentum
We investigate the impact of providing finite field extensions to an Instruction Set Architecture (ISA) on the performance of Post-Quantum Cryptography (PQC) schemes with the example of the lattice-based key-encapsulation mechanisms Kyber and NewHope
This paper offers two contributions: First, we present optimized reduced instruction set computing (RISC)-V implementations of the polynomial arithmetic used by the Kyber and NewHope schemes
Summary
Since the beginning of the 21st century, the developments in quantum computing have been building up momentum. The authors in [ABCG20] presented an optimized software implementation of Kyber and NewHope for an ARM Cortex-M4 platform with a small memory footprint For the RISC-V there already exist a few software-hardware co-designs for PQC schemes: In [FSM+19] the authors present an implementation of the lattice-based scheme NewHopeCPA-KEM They are using the RISC-V processor-core variant from the Pulpino distribution (RI5CY, RV32I ISA with RV32M multiplier, four stage in-order pipeline) and accelerate the NTT and the hash operations with distinct co-processors. 5https://github.com/SpinalHDL/VexRiscv 6https://riscv.org/2018/07/risc-v-foundation-announces-security-standing-committeecalls-industry-to-join-in-efforts/ 7https://github.com/scarv/xcrypto knowledge, there is no previous work providing instruction set extensions for finite field arithmetic or other operations required for lattice-based cryptography.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
