Post-Quantum Cryptography Coprocessor for RISC-V CPU Core

Abstract

The importance of PQC (Post-Quantum Cryptography) is highly emphasized according to the advancement of quantum computing technology and emergence of Shor's algorithm. Various PQC algorithms are developed but their high computational complexity makes implementation challenging. Dedicated hardware accelerator lacks flexibility to new algorithms and software implementation requires high execution time. We propose a PQC coprocessor with RISC-V ISA(Instruction Set Architecture) extension supporting not only round-3 candidates in NIST(National Institute of Standards and Technology) PQC standardization process including CRYSTALS-KYBER, CRYSTALS-DILITHIUM, FrodoKEM, SABER, NTRU and Falcon, but also upcoming new algorithms. Proposed architecture supports Keccak, NTT (Number Theoretic Transform), sampling and arithmetic operations including conditional addition and subtraction. The proposed PQC ISA extension includes RISC-V scalar cryptography and bit-manipulation extension. The coprocessor can be attached to baseline RISC-V CPU core through coprocessor interface. PQC instruction considered invalid by CPU core is offloaded through coprocessor interface.