Towards ML-KEM & ML-DSA on OpenTitan

Amin Abdulrahman; Felix Oberhansl; Hoang Nguyen Hien Pham; Jade Philipoom; Peter Schwabe; Tobias Stelzer; Andreas Zankl

Paper 2024/1192

Towards ML-KEM & ML-DSA on OpenTitan

Amin Abdulrahman

, Max Planck Institute for Security and Privacy (MPI-SP), Bochum, Germany

Felix Oberhansl

, Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany

Hoang Nguyen Hien Pham

, BULL SAS, Les Clayes-sous-Bois, France, Université Grenoble Alpes, CNRS, IF, Grenoble, France

Jade Philipoom

, zeroRISC, Boston, USA

Peter Schwabe

, Max Planck Institute for Security and Privacy (MPI-SP), Bochum, Germany, Radboud University, Nijmegen, The Netherlands

Tobias Stelzer

, Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany

Andreas Zankl

, Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany, Technical University of Munich (TUM), Munich, Germany

Abstract

This paper presents extensions to the OpenTitan hardware root of trust that aim at enabling high-performance lattice-based cryptography. We start by carefully optimizing ML-KEM and ML-DSA - the two primary algorithms selected by NIST for standardization - in software targeting the OTBN accelerator. Based on profiling results of these implementations, we propose tightly integrated extensions to OTBN, specifically an interface from OTBN to OpenTitan's Keccak accelerator (KMAC core) and extensions to the OTBN ISA to support operations on 256-bit vectors. We implement these extensions in hardware and show that we achieve a speedup by a factor between 6 and 9 for different operations and parameter sets of ML-KEM and ML-DSA compared to our baseline implementation on unmodified OTBN. This speedup is achieved with an increase in cell count of less than 12% in OTBN, which corresponds to an increase of less than 2% for the full Earlgrey OpenTitan core.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: Post-quantum cryptography ML-KEM ML-DSA OpenTitan instruction set extension HW/SW co-design
Contact author(s): amin @ abdulrahman de
felix oberhansl @ aisec fraunhofer de
nguyenhien phamhoang @ gmail com
jadep @ opentitan org
peter @ cryptojedi org
tobias stelzer @ aisec fraunhofer de
andreas zankl @ aisec fraunhofer de
History: 2024-07-25: approved; 2024-07-24: received; See all versions
Short URL: https://ia.cr/2024/1192
License: CC0

BibTeX

@misc{cryptoeprint:2024/1192,
      author = {Amin Abdulrahman and Felix Oberhansl and Hoang Nguyen Hien Pham and Jade Philipoom and Peter Schwabe and Tobias Stelzer and Andreas Zankl},
      title = {Towards {ML}-{KEM} & {ML}-{DSA} on {OpenTitan}},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1192},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1192}},
      url = {https://eprint.iacr.org/2024/1192}
}