Paper 2021/1648
A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for CRYSTALS-Kyber
Abstract
SHA-3 is considered to be one of the most secure standardized hash functions. It relies on the Keccak-f[1,600] permutation, which operates on an internal state of 1,600 bits, mostly represented as a $5\times5\times64{-}bit$ matrix. While existing implementations process the state sequentially in chunks of typically 32 or 64 bits, the Keccak-f[1,600] permutation can benefit a lot from speedup through parallelization. This paper is the first to explore the full potential of parallelization of Keccak-f[1,600] in RISC-V based processors through custom vector extensions on 32-bit and 64-bit architectures. We analyze the Keccak-f[1,600] permutation, composed of five different step mappings, and propose ten custom vector instructions to speed up the computation. We realize these extensions in a SIMD processor described in SystemVerilog. We compare the performance of our designs to existing architectures based on vectorized application-specific instruction set processors (ASIP). We show that our designs outperform all related work thanks to our carefully selected custom vector instructions.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Lattice-based Cryptography Polynomial Operation Vector Instruction SIMD Processor RISC-V ISA Extension
- Contact author(s)
-
H Li-7 @ tudelft nl
nele mentens @ kuleuven be
s picek @ tudelft nl - History
- 2022-09-28: last of 4 revisions
- 2021-12-17: received
- See all versions
- Short URL
- https://ia.cr/2021/1648
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1648,
author = {Huimin Li and Nele Mentens and Stjepan Picek},
title = {A Scalable {SIMD} {RISC}-V based Processor with Customized Vector Extensions for {CRYSTALS}-Kyber},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/1648},
year = {2021},
url = {https://eprint.iacr.org/2021/1648}
}
