Paper 2021/1461

A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange

Aikata, Ahmet Can Mert, David Jacquemin, Amitabh Das, Donald Matthews, Santosh Ghosh, and Sujoy Sinha Roy


We propose design methodologies for building a compact, unified and programmable cryptoprocessor architecture that computes post-quantum key agreement and digital signature. Synergies in the two types of cryptographic primitives are used to make the cryptoprocessor compact. As a case study, the cryptoprocessor architecture has been optimized targeting the signature scheme ’CRYSTALS-Dilithium’ and the key encapsulation mechanism (KEM) ’Saber’, both finalists in the NIST’s post-quantum cryptography standardization project. The programmable cryptoprocessor executes key generations, encapsulations, decapsulations, signature generations, and signature verifications for all the security levels of Dilithium and Saber. On a Xilinx Ultrascale+ FPGA, the proposed cryptoprocessor consumes 18,406 LUTs, 9,323 FFs, 4 DSPs, and 24 BRAMs. It achieves 200 MHz clock frequency and finishes CCA-secure key-generation/encapsulation/decapsulation operations for LightSaber in 29.6/40.4/ 58.3 µs; for Saber in 54.9/69.7/94.9 µs; and for FireSaber in 87.6/108.0/139.4 µs, respectively. It finishes key-generation/sign/verify operations for Dilithium-2 in 70.9/151.6/75.2 µs; for Dilithium-3 in 114.7/237/127.6 µs; and for Dilithium-5 in 194.2/342.1/228.9 µs, respectively, for the best-case scenario. On UMC 65nm library for ASIC the latency is improved by a factor of two due to a 2× increase in clock frequency.

Available format(s)
Publication info
Preprint. MINOR revision.
CRYSTALS-DilithiumSaberHardware ImplementationLattice-based CryptographyPost-quantum cryptography
Contact author(s)
aikata @ iaik tugraz at
ahmet mert @ iaik tugraz at
sujoy sinharoy @ iaik tugraz at
2022-03-14: last of 2 revisions
2021-11-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aikata and Ahmet Can Mert and David Jacquemin and Amitabh Das and Donald Matthews and Santosh Ghosh and Sujoy Sinha Roy},
      title = {A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1461},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.