Ultra High-Speed Polynomial Multiplications for Lattice-Based Cryptography on FPGAs

Abstract

Lattice-based cryptography (LBC) has emerged as the most viable substitutes to the classical cryptographic schemes as 5 out of 7 finalist schemes in the 3rd round of the NIST post-quantum cryptography (PQC) standardization process are lattice based in construction. This work explores novel architectural optimizations in the FPGA-based hardware implementation of polynomial multiplication, which is a bottleneck in every LBC construction. To target ultra-high throughput, both schoolbook polynomial multiplication (SPM) and number theoretic transform (NTT) are explored: a completely parallel architecture of an SPM is undertaken while for NTT, radix-2 and radix- <inline-formula><tex-math notation="LaTeX">$2^2$</tex-math></inline-formula> multi-path delay commutator (MDC) based pipelined architectures are adopted. Our proposed high-speed SPM (HSPM) structure on latest Xilinx UltraScale+ FPGA is 5× faster than the state-of-the-art LBC designs. Whereas, the proposed high-speed NTT (HNTT) structure (i.e., R <inline-formula><tex-math notation="LaTeX">$2^2$</tex-math></inline-formula> MDC) takes only 0.63 <inline-formula><tex-math notation="LaTeX">$\mu$</tex-math></inline-formula> s for the encryption, hence achieving the highest throughput of 408 Mbps. Moreover, all of the proposed designs achieve highest design efficiencies (i.e., throughput per slice (TPS)) in comparison to available LBC designs.