Paper 2021/479

Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography

Tim Fritzmann, Michiel Van Beirendonck, Debapriya Basu Roy, Patrick Karl, Thomas Schamberger, Ingrid Verbauwhede, and Georg Sigl

Abstract

Side-channel attacks can break mathematically secure cryptographic systems leading to a major concern in applied cryptography. While the cryptanalysis and security evaluation of Post-Quantum Cryptography (PQC) have already received an increasing research effort, a cost analysis of efficient side-channel countermeasures is still lacking. In this work, we propose a masked HW/SW codesign of the NIST PQC finalists Kyber and Saber, suitable for their different characteristics. Among others, we present a novel masked ciphertext compression algorithm for non-power-of-two moduli. To accelerate linear performance bottlenecks, we developed a generic Number Theoretic Transform (NTT) multiplier, which, in contrast to previously published accelerators, is also efficient and suitable for schemes not based on NTT. For the critical non-linear operations, masked HW accelerators were developed, allowing a secure execution using RISC-V instruction set extensions. With the proposed design, we achieved a cycle count of K:214k/E:298k/D:313k for Kyber and K:233k/E:312k/D:351k for Saber with NIST Level III parameter sets. For the same parameter sets, the masking overhead for the first-order secure decapsulation operation including randomness generation is a factor of 4.48 for Kyber (D:1403k) and 2.60 for Saber (D:915k).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in TCHES 2022
Keywords
Post-quantum cryptographyKyberSabermaskingRISC-Vacceleratorsinstruction set extensions
Contact author(s)
tim fritzmann @ tum de
History
2021-10-12: revised
2021-04-15: received
See all versions
Short URL
https://ia.cr/2021/479
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/479,
      author = {Tim Fritzmann and Michiel Van Beirendonck and Debapriya Basu Roy and Patrick Karl and Thomas Schamberger and Ingrid Verbauwhede and Georg Sigl},
      title = {Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/479},
      year = {2021},
      url = {https://eprint.iacr.org/2021/479}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.