Cryptology ePrint Archive: Report 2021/1648

A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for CRYSTALS-Kyber

Huimin Li and Nele Mentens and Stjepan Picek

Abstract: This paper uses RISC-V vector extensions to speed up lattice-based operations in architectures based on HW/SW co-design. We analyze the structure of the number-theoretic transform (NTT), inverse NTT (INTT), and coefficient-wise multiplication (CWM) in CRYSTALS-Kyber, a lattice-based key encapsulation mechanism. We propose 12 vector extensions for CRYSTALS-Kyber multiplication and four for finite field operations in combination with two optimizations of the HW/SW interface. This results in a speed-up of 141.7, 168.7, and 245.5 times for NTT, INTT, and CWM, respectively, compared with the baseline implementation, and a speed-up of over four times compared with the state-of-the-art HW/SW co-design using RV32IMC.

Category / Keywords: implementation / Lattice-based Cryptography, Polynomial Operation, Vector Instruction, SIMD Processor, RISC-V, ISA Extension

Date: received 16 Dec 2021, last revised 17 Dec 2021

Contact author: H Li-7 at tudelft nl, nele mentens at kuleuven be, s picek at tudelft nl

Available format(s): PDF | BibTeX Citation

Version: 20211217:162302 (All versions of this report)

Short URL: ia.cr/2021/1648