Paper 2021/1648

A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for CRYSTALS-Kyber

Huimin Li, Delft University of Technology, The Netherlands
Nele Mentens, Leiden University, The Netherlands; KU Leuven, Belgium
Stjepan Picek, Radboud University and Delft University of Technology, The Netherlands
Abstract

This paper uses RISC-V vector extensions to speed up lattice-based operations in architectures based on HW/SW co-design. We analyze the structure of the number-theoretic transform (NTT), inverse NTT (INTT), and coefficient-wise multiplication (CWM) in CRYSTALS-Kyber, a lattice-based key encapsulation mechanism. We propose 12 vector extensions for CRYSTALS-Kyber multiplication and four for finite field operations in combination with two optimizations of the HW/SW interface. This results in a speed-up of 141.7, 168.7, and 245.5 times for NTT, INTT, and CWM, respectively, compared with the baseline implementation, and a speed-up of over four times compared with the state-of-the-art HW/SW co-design using RV32IMC.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Lattice-based Cryptography Polynomial Operation Vector Instruction SIMD Processor RISC-V ISA Extension
Contact author(s)
H Li-7 @ tudelft nl
nele mentens @ kuleuven be
s picek @ tudelft nl
History
2022-06-07: last of 3 revisions
2021-12-17: received
See all versions
Short URL
https://ia.cr/2021/1648
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1648,
      author = {Huimin Li and Nele Mentens and Stjepan Picek},
      title = {A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for CRYSTALS-Kyber},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1648},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1648}},
      url = {https://eprint.iacr.org/2021/1648}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.