Paper 2019/1368

Efficient FPGA Implementations of LowMC and Picnic

Daniel Kales, Sebastian Ramacher, Christian Rechberger, Roman Walch, and Mario Werner


Post-quantum cryptography has received increased attention in recent years, in particular, due to the standardization effort by NIST. One of the second-round candidates in the NIST post-quantum standardization project is Picnic, a post-quantum secure signature scheme based on efficient zero-knowledge proofs of knowledge. In this work, we present the first FPGA implementation of Picnic. We show how to efficiently calculate LowMC, the block cipher used as a one-way function in Picnic, in hardware despite the large number of constants needed during computation. We then combine our LowMC implementation and efficient instantiations of Keccak to build the full Picnic algorithm. Additionally, we conform to recently proposed hardware interfaces for post-quantum schemes to enable easier comparisons with other designs. We provide evaluations of our Picnic implementation for both, the standalone design and a version wrapped with a PCIe interface, and compare them to the state-of-the-art software implementations of Picnic and similar hardware designs. Concretely, signing messages on our FPGA takes 0.25 ms for the L1 security level and 1.24 ms for the L5 security level, beating existing optimized software implementations by a factor of 4.

Available format(s)
Publication info
Published elsewhere. CT-RSA 2020
LowMCFPGAdigital signaturesNIST PQCPicnic
Contact author(s)
daniel kales @ iaik tugraz at
sebastian ramacher @ ait ac at
christian rechberger @ iaik tugraz at
roman walch @ iaik tugraz at
mario werner @ iaik tugraz at
2019-11-28: received
Short URL
Creative Commons Attribution


      author = {Daniel Kales and Sebastian Ramacher and Christian Rechberger and Roman Walch and Mario Werner},
      title = {Efficient FPGA Implementations of LowMC and Picnic},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1368},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.