Compact ring-LWE cryptoprocessor

被引：193

作者：

Roy, Sujoy Sinha ^{[1
]}

Vercauteren, Frederik ^{[1
]}

Mentens, Nele ^{[1
]}

Donglong, Donald ^{[2
]}

Verbauwhede, Ingrid ^{[1
]}

机构：

[1] ESAT/COSIC and iMinds, KU Leuven, Kasteelpark Arenberg 10, Leuven-Heverlee

[2] Department of Electronic Engineering, City University of Hong Kong, Tat Chee Avenue, Kowloon

来源：

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 2014年 / 8731卷

基金：

英国工程与自然科学研究理事会;

关键词：

Hardware implementation; Lattice-based cryptography; Number theoretic transform; Polynomial multiplication; Ring-LWE;

D O I：

10.1007/978-3-662-44709-3_21

中图分类号：

O1 [数学];

学科分类号：

0701 ; 070101 ;

摘要：

In this paper we propose an efficient and compact processor for a ring-LWE based encryption scheme. We present three optimizations for the Number Theoretic Transform (NTT) used for polynomial multiplication: we avoid pre-processing in the negative wrapped convolution by merging it with the main algorithm, we reduce the fixed computation cost of the twiddle factors and propose an advanced memory access scheme. These optimization techniques reduce both the cycle and memory requirements. Finally, we also propose an optimization of the ring-LWE encryption system that reduces the number of NTT operations from five to four resulting in a 20% speed-up. We use these computational optimizations along with several architectural optimizations to design an instruction-set ring-LWE cryptoprocessor. For dimension 256, our processor performs encryption/decryption operations in 20/9 μs on a Virtex 6 FPGA and only requires 1349 LUTs, 860 FFs, 1 DSP-MULT and 2 BRAMs. Similarly for dimension 512, the processor takes 48/21 μs for performing encryption/decryption operations and only requires 1536 LUTs, 953 FFs, 1 DSP-MULT and 3 BRAMs. Our processors are therefore more than three times smaller than the current state of the art hardware implementations, whilst running somewhat faster. © International Association for Cryptologic Research 2014.

引用

页码：371 / 391

页数：20

共 29 条

[1]

Aysu A., Patterson C., Schaumont P., Low-cost and Area-efficient FPGA Implementations of Lattice-based Cryptography, HOST, pp. 81-86, (2013)

[2]

Bernstein D., Fast Multiplication and its Applications, Algorithmic Number Theory, 44, pp. 325-384, (2008)

[3]

Rebeiro C., Roy S.S., Mukhopadhyay D., Pushing the Limits of High-Speed GF(2m) Elliptic Curve Scalar Multiplication on FPGAs, CHES 2012. LNCS, 7428, pp. 494-511, (2012)

[4]

Cormen T., Leiserson C., Rivest R., Introduction to Algorithms

[5]

Devroye L., Non-Uniform Random Variate Generation, (1986)

[6]

Dichtl M., Golic J.D., High-Speed True Random Number Generation with Logic Gates Only, CHES 2007. LNCS, 4727, pp. 45-62, (2007)

[7]

Frederiksen T., A Practical Implementation of Regev, (2010)

[8]

Golic J.D., New Methods for Digital Generation and Postprocessing of Random Data, IEEE Transactions on Computers, 55, 10, pp. 1217-1229, (2006)

[9]

Gottert N., Feller T., Schneider M., Buchmann J., Huss S., On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes, CHES 2012. LNCS, 7428, pp. 512-529, (2012)

[10]

Hirschhorn P., Hoffstein J., Howgrave-Graham N., Whyte W., Choosing NTRUEncrypt parameters in light of combined lattice reduction and MITM approaches, ACNS 2009. LNCS,, 5536, pp. 437-455, (2009)

← 1 2 3 →