Paper 2021/1461
A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange
Aikata and Ahmet Can Mert and David Jacquemin and Amitabh Das and Donald Matthews and Santosh Ghosh and Sujoy Sinha Roy
Abstract
In this paper, we propose a compact, unified and instruction-set cryptoprocessor architecture for performing both lattice-based digital signature and key exchange operations. As a case study, the cryptoprocessor architecture has been optimized targeting the signature scheme 'Crystals-Dilithium' and the key encapsulation mechanism 'Saber', both finalists in the NIST’s post-quantum cryptography standardization project. The implementation is entirely in hardware and leverages from algorithmic as well as structural synergies in the two schemes to realize a high-speed unified post-quantum key-exchange and digital signature engine within a compact area. The area consumption of the entire cryptoprocessor architecture is 18,040 LUTs, 9,101 flip-flops, 4 DSP units, and 14.5 BRAMs on the Xilinx Zynq Ultrascale+ ZCU102 FPGA. The FPGA implementation of the cryptoprocessor achieving 200 MHz clock frequency finishes the CCA-secure key generation, encapsulation, and decapsulation operations for Saber in 54.9, 72.5 and 94.7 $\mu$s, respectively. For Dilithium-II, the key generation, signature generation, and signature verification operations take 78.0, 164.8 and 88.5 $\mu$s, respectively, for the best-case scenario where a valid signature is generated after the first loop iteration. The cryptoprocessor is also synthesized for ASIC with the UMC 65nm library. It achieves 370 MHz clock frequency and consumes 0.301 mm$^2$ area ($\approx$200.6 kGE) excluding on-chip memory. The ASIC implementation can perform the key generation, encapsulation, and decapsulation operations for Saber in 29.6, 39.2, and 51.2 $\mu$s, respectively, while it can perform the key generation, signature generation, and signature verification operations for Dilithium-II in 42.2, 89.1, and 47.8 $\mu$s, respectively.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- DilithiumSaberHardware ImplementationLattice-based CryptographyPost-quantum cryptography
- Contact author(s)
- aikata @ iaik tugraz at,ahmet mert @ iaik tugraz at,sujoy sinharoy @ iaik tugraz at
- History
- 2022-10-13: last of 3 revisions
- 2021-11-06: received
- See all versions
- Short URL
- https://ia.cr/2021/1461
- License
-
CC BY