Falcon Takes Off - A Hardware Implementation of the Falcon Signature Scheme

Michael Schmid; Dorian Amiet; Jan Wendler; Paul Zbinden; Tao Wei

Paper 2023/1885

Falcon Takes Off - A Hardware Implementation of the Falcon Signature Scheme

Michael Schmid

, OST Eastern Switzerland University of Applied Sciences

Dorian Amiet

, OST Eastern Switzerland University of Applied Sciences

Jan Wendler, OST Eastern Switzerland University of Applied Sciences

Paul Zbinden, OST Eastern Switzerland University of Applied Sciences

Tao Wei

, University of Rhode Island

Abstract

Falcon is one out of three post-quantum signature schemes which have been selected for standardization by NIST in July 2022. To the best of our knowledge, Falcon is the only selected algorithm that does not yet have a publicly reported hardware description that performs signing or key generation. The reason might be that the Falcon signature and key generation algorithms do not fit well in hardware due to the use of floating-point numbers and recursive functions. This publication describes the first hardware implementation for Falcon signing and key generation. To overcome the complexity of the Falcon algorithms, High-Level Synthesis (HLS) was preferred over a hardware description language like Verilog or VHDL. Our HLS code is based on the C reference implementation available at NIST. We describe the required modifications in order to be compliant with HLS, such as rewriting recursive functions into iterative versions. The hardware core at security level 5 requires 45,223 LUTs, 41,370 FFs, 182 DSPs, and 37 BRAMs to calculate one signature in 8.7 ms on a Zynq UltraScale+ FPGA. Security level 5 key generation takes 320.3 ms and requires 100,649 LUTs, 91,029 FFs, 1,215 DSPs, and 69 BRAMs.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: High-Level-Synthesis FPGA Falcon Post-quantum cryptography
Contact author(s): michael schmid2 @ ost ch
dorian amiet @ ost ch
jan wendler @ ost ch
paul zbinden @ ost ch
tao_wei @ uri edu
History: 2023-12-21: revised; 2023-12-07: received; See all versions
Short URL: https://ia.cr/2023/1885
License: CC BY-NC

BibTeX

@misc{cryptoeprint:2023/1885,
      author = {Michael Schmid and Dorian Amiet and Jan Wendler and Paul Zbinden and Tao Wei},
      title = {Falcon Takes Off - A Hardware Implementation of the Falcon Signature Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1885},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1885}},
      url = {https://eprint.iacr.org/2023/1885}
}