Cryptology ePrint Archive: Report 2020/321

Compact domain-specific co-processor for accelerating module lattice-based key encapsulation mechanism

Jose Maria Bermudo Mera and Furkan Turan and Angshuman Karmakar and Sujoy Sinha Roy and Ingrid Verbauwhede

Abstract: We present a domain-specific co-processor to speed up Saber, a post-quantum key encapsulation mechanism competing on the NIST Post-Quantum Cryptography standardization process. Contrary to most lattice-based schemes, Saber doesn’t use NTT-based polynomial multiplication. We follow a hardware-software co-design approach: the execution is performed on an ARM core and only the most computationally expensive operation, i.e., polynomial multiplication, is offloaded to the co-processor to obtain a compact design. We exploit the idea of distributed computing at micro-architectural level together with novel algorithmic optimizations to achieve approximately a 6 times speedup with respect to optimized software at a small area cost.

Category / Keywords: implementation / Domain-specific co-processor, post-quantum cryptography, lattice- based cryptography, Saber

Original Publication (with minor differences): DAC 2020 - 57th Design and Automation Conference

Date: received 15 Mar 2020, last revised 4 Apr 2020

Contact author: Jose Bermudo at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Note: Update with the acknowledgements and a missing reference

Version: 20200404:150250 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]