Cryptology ePrint Archive: Report 2020/054

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA

Wen Wang and Shanquan Tian and Bernhard Jungk and Nina Bindel and Patrick Longa and Jakub Szefer

Abstract: This paper presents a set of efficient and parameterized hardware accelerators that target post-quantum lattice-based cryptographic schemes, including a versatile cSHAKE core, a binary-search CDT-based Gaussian sampler, and a pipelined NTT-based polynomial multiplier, among others. Unlike much of prior work, the accelerators are fully open-sourced, are designed to be constant-time, and can be parameterized at compile-time to support different parameters without the need for re-writing the hardware implementation. These flexible, publicly-available accelerators are leveraged to demonstrate the first hardware-software co-design using RISC-V of the post-quantum lattice-based signature scheme qTESLA with provably secure parameters. In particular, this work demonstrates that the NIST’s Round 2 level 1 and level 3 qTESLA variants achieve over a 40-100x speedup for key generation, about a 10x speedup for signing, and about a 16x speedup for verification, compared to the baseline RISC-V software-only implementation. For instance, this corresponds to execution in 7.7, 34.4, and 7.8 milliseconds for key generation, signing, and verification, respectively, for qTESLA’s level 1 parameter set on an Artix-7 FPGA, demonstrating the feasibility of the scheme for embedded applications.

Category / Keywords: implementation / Lattice-based cryptography, Post-quantum cryptography, qTESLA, Hardware accelerators, Hardware-software co-design, FPGA, RISC-V

Original Publication (in the same form): TCHES 2020 (Issue 3)

Date: received 17 Jan 2020, last revised 11 Apr 2020

Contact author: wen wang ww349 at yale edu, shanquan tian at yale edu, jakub szefer at yale edu, bernhard at projectstarfire de, nlbindel at uwaterloo ca, plonga at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20200411:165007 (All versions of this report)

Short URL: ia.cr/2020/054


[ Cryptology ePrint archive ]