Paper 2021/1461

A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange

Aikata Aikata
Ahmet Can Mert
David Jacquemin
Amitabh Das
Donald Matthews
Santosh Ghosh
Sujoy Sinha Roy

We propose design methodologies for building a compact, unified and programmable cryptoprocessor architecture that computes post-quantum key agreement and digital signature. Synergies in the two types of cryptographic primitives are used to make the cryptoprocessor compact. As a case study, the cryptoprocessor architecture has been optimized targeting the signature scheme 'CRYSTALS-Dilithium' and the key encapsulation mechanism (KEM) 'Saber', both finalists in the NIST’s post-quantum cryptography standardization project. The programmable cryptoprocessor executes key generations, encapsulations, decapsulations, signature generations, and signature verifications for all the security levels of Dilithium and Saber. On a Xilinx Ultrascale+ FPGA, the proposed cryptoprocessor consumes 18,406 LUTs, 9,323 FFs, 4 DSPs, and 24 BRAMs. It achieves 200 MHz clock frequency and finishes CCA-secure key-generation/encapsulation/decapsulation operations for LightSaber in 29.6/40.4/ 58.3$\mu$s; for Saber in 54.9/69.7/94.9$\mu$s; and for FireSaber in 87.6/108.0/139.4$\mu$s, respectively. It finishes key-generation/sign/verify operations for Dilithium-2 in 70.9/151.6/75.2$\mu$s; for Dilithium-3 in 114.7/237/127.6$\mu$s; and for Dilithium-5 in 194.2/342.1/228.9$\mu$s, respectively, for the best-case scenario. On UMC 65nm library for ASIC the latency is improved by a factor of two due to a 2$\times$ increase in clock frequency.

Available format(s)
Publication info
Published elsewhere. IEEE Transactions on Computers
CRYSTALS-Dilithium Saber Hardware Implementation Lattice-based Cryptography Post-quantum cryptography
Contact author(s)
aikata @ iaik tugraz at
ahmet mert @ iaik tugraz at
david jacquemin @ iaik tugraz at
2022-10-13: last of 3 revisions
2021-11-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aikata Aikata and Ahmet Can Mert and David Jacquemin and Amitabh Das and Donald Matthews and Santosh Ghosh and Sujoy Sinha Roy},
      title = {A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1461},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.