Cryptology ePrint Archive: Report 2021/1508

High-Speed Hardware Architectures and FPGA Benchmarking of CRYSTALS-Kyber, NTRU, and Saber

Viet Ba Dang and Kamyar Mohajerani and Kris Gaj

Abstract: Performance in hardware has typically played a significant role in differentiating among leading candidates in cryptographic standardization efforts. Winners of two past NIST cryptographic contests (Rijndael in case of AES and Keccak in case of SHA-3) were ranked consistently among the two fastest candidates when implemented using FPGAs and ASICs. Hardware implementations of cryptographic operations may quite easily outperform software implementations for at least a subset of major performance metrics, such as latency, number of operations per second, power consumption, and energy usage, as well as in terms of security against physical attacks, including side-channel analysis. Using hardware also permits much higher flexibility in trading one subset of these properties for another. This paper presents high-speed hardware architectures for four lattice-based CCA-secure Key Encapsulation Mechanisms (KEMs), representing three NIST PQC finalists: CRYSTALS-Kyber, NTRU (with two distinct variants, NTRU-HPS and NTRU-HRSS), and Saber. We rank these candidates among each other and compare them with all other Round 3 KEMs based on the data from the previously reported work.

Category / Keywords: implementation / public-key cryptography, Post-Quantum Cryptography, lattice-based, Key Encapsulation Mechanism, hardware implementations, FPGA

Date: received 14 Nov 2021

Contact author: vdang6 at gmu edu, mmohajer at gmu edu, kgaj at gmu edu

Available format(s): PDF | BibTeX Citation

Version: 20211115:125955 (All versions of this report)

Short URL: ia.cr/2021/1508


[ Cryptology ePrint archive ]