Optimized Hardware-Software Co-Design for Kyber and Dilithium on RISC-V SoC FPGA

被引：0

作者：

Wang, Tengfei ^{[1
,3
]}

Zhang, Chi ^{[1
,3
]}

Zhang, Xiaolin ^{[1
,3
]}

Gu, Dawu ^{[1
,3
]}

Cao, Pei ^{[2
]}

机构：

[1] School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai

[2] Viewsource (Shanghai) Technology Company Limited, Shanghai

[3] State Key Laboratory of Cryptology, Beijing

来源：

IACR Transactions on Cryptographic Hardware and Embedded Systems | 2024年 / 2024卷 / 03期

基金：

中国国家自然科学基金;

关键词：

Dilithium; FPGA; Hardware-software co-design; Kyber; Post-quantum cryptography; RISC-V;

D O I：

10.46586/tches.v2024.i3.99-135

中图分类号：

学科分类号：

摘要：

Kyber and Dilithium are both lattice-based post-quantum cryptography (PQC) algorithms that have been selected for standardization by the American National Institute of Standards and Technology (NIST). NIST recommends them as two primary algorithms to be implemented for most use cases. As the applications of RISC-V processors move from specialized scenarios to general scenarios, efficient implementations of PQC algorithms on general-purpose RISC-V platforms are required. In this work, we present an optimized hardware-software co-design for Kyber and Dilithium on the industry’s first RISC-V System-on-Chip (SoC) Field Programmable Gate Array (FPGA) platform. The performance of both algorithms is enhanced through the utilization of hardware acceleration and software optimization, while a certain level of flexibility is still maintained. The polynomial arithmetic operations in Kyber and Dilithium are accelerated by the customized accelerators. We employ a unified high-level architecture to depict their shared characteristics and design dedicated underlying modular multipliers to explore their distinctive features. The hashing functions are optimized using RISC-V assembly instructions, resulting in improved performance and reduced code size without additional hardware resources. For other operations involving matrices and vectors, we present a multi-core acceleration scheme based on the multi-core RISC-V Microprocessor Sub-System (MSS). Combining these acceleration and optimization methods, experimental results show that the overall performance of Kyber and Dilithium across different security levels improves by 3 to 5 times, while the utilized FPGA resources account for less than 5% of the total resources provided by the platform. © 2024, Ruhr-University of Bochum. All rights reserved.

引用

页码：99 / 135

页数：36

共 50 条

[1] Asanovic Krste, Avizienis Rimas, Bachrach Jonathan, Beamer Scott, Biancolin David, Celio Christopher, Cook Henry, Dabbelt Daniel, Hauser John, Izraelevitz Adam, Karandikar Sagar, Keller Ben, Kim Donggyu, Koenig John, Lee Yunsup, Love Eric, Maas Martin, Magyar Albert, Mao Howard, Moreto Miquel, Ou Albert, Patterson David A., Richards Brian, Schmidt Colin, Twigg Stephen, Vo Huy, Waterman Andrew, The rocket chip generator, (2016)
[2] Alkim Erdem, Bilgin Yusuf Alper, Cenk Murat, Gerard Francois, Cortex-m4 optimizations for {R, M} LWE schemes, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2020, 3, pp. 336-357, (2020)
[3] Alkim Erdem, Bos Joppe W., Ducas Leo, Longa Patrick, Mironov Ilya, Naehrig Michael, Nikolaenko Valeria, Peikert Chris, Raghunathan Ananth, Stebila Douglas, Frodokem, algorithm specifications and supporting documentation
[4] Avanzi Roberto, Bos Joppe, Ducas Leo, Kiltz Eike, Lepoint Tancrede, Lyubashevsky Vadim, Schanck John M., Schwabe Peter, Seiler Gregor, Stehle Damien, Crystals-kyber, algorithm specifications and supporting documentation
[5] Alkim Erdem, Evkan Hulya, Lahr Norman, Niederhagen Ruben, Petri Richard, ISA extensions for finite field arithmetic accelerating kyber and newhope on RISC-V, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2020, 3, pp. 219-242, (2020)
[6] Akcay Latif, Yalcin Berna Ors, Analysing the potential of transport triggered architecture for lattice-based cryptography algorithms, Int. J. Embed. Syst, 15, 5, pp. 404-420, (2022)
[7] Bisheh-Niasar Mojtaba, Azarderakhsh Reza, Kermani Mehran Mozaffari, High-speed ntt-based polynomial multiplication accelerator for post-quantum cryptography, 28th IEEE Symposium on Computer Arithmetic, ARITH 2021, pp. 94-101, (2021)
[8] Barrett Paul, Implementing the rivest shamir and adleman public key encryption algorithm on a standard digital signal processor, Advances in Cryptology-CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, pp. 311-323, (1986)
[9] Bai Shi, Ducas Leo, Kiltz Eike, Lepoint Tancrede, Lyubashevsky Vadim, SchwabePeter Peter, Seiler Gregor, Stehle Damien, Crystals-dilithium, algorithm specifications and supporting documentation
[10] Bos Joppe W., Ducas Leo, Kiltz Eike, Lepoint Tancrede, Lyuba-shevsky Vadim, Schanck John M., Schwabe Peter, Seiler Gregor, Stehle Damien, CRYSTALS-kyber: A cca-secure module-lattice-based KEM, 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, pp. 353-367, (2018)

← 1 2 3 4 5 →