Abstract
This paper presents a set of efficient and parameterized hardware accelerators that target post-quantum lattice-based cryptographic schemes, including a versatile cSHAKE core, a binary-search CDT-based Gaussian sampler, and a pipelined NTT-based polynomial multiplier, among others. Unlike much of prior work, the accelerators are fully open-sourced, are designed to be constant-time, and can be parameterized at compile-time to support different parameters without the need for re-writing the hardware implementation. These flexible, publicly-available accelerators are leveraged to demonstrate the first hardware-software co-design using RISC-V of the post-quantum lattice-based signature scheme qTESLA with provably secure parameters. In particular, this work demonstrates that the NIST’s Round 2 level 1 and level 3 qTESLA variants achieve over a 40-100x speedup for key generation, about a 10x speedup for signing, and about a 16x speedup for verification, compared to the baseline RISC-V software-only implementation. For instance, this corresponds to execution in 7.7, 34.4, and 7.8 milliseconds for key generation, signing, and verification, respectively, for qTESLA’s level 1 parameter set on an Artix-7 FPGA, demonstrating the feasibility of the scheme for embedded applications.
Highlights
Most common cryptographic protocols such as RSA and ECC will become insecure once a sufficiently large and fault-tolerant quantum computer is built with the capability to run Shor’s algorithm [Sho94] and its variants
The initial phase of this process, which ended with the selection of 17 key encapsulation mechanisms (KEMs) and 9 digital signature schemes, mainly focused on aspects related to security and cryptanalysis, and gave much less emphasis to efficiency characteristics
We focus on the development of efficient and flexible lattice-based cryptography accelerators and their application to realize the first hardware-software co-design of provablysecure instances of qTESLA using a RISC-V core1
Summary
Most common cryptographic protocols such as RSA and ECC will become insecure once a sufficiently large and fault-tolerant quantum computer is built with the capability to run Shor’s algorithm [Sho94] and its variants. We focus on the development of efficient and flexible lattice-based cryptography accelerators and their application to realize the first hardware-software co-design of provablysecure instances of qTESLA using a RISC-V core. We provide a lightweight Hmax-Sum hardware module for qTESLA These flexible accelerators are used to realize the first RISC-V based hardwaresoftware co-design of qTESLA with the provably-secure parameter sets. A relevant feature of our design is the use of a simple and standard 32-bit interconnect to the microcontroller This design feature aims at providing platform flexibility and showing that hardware accelerators can achieve good performance even with this conservative choice.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
