Paper 2024/1192
Towards ML-KEM & ML-DSA on OpenTitan
Abstract
This paper presents extensions to the OpenTitan hardware root of trust that aim at enabling high-performance lattice-based cryptography. We start by carefully optimizing ML-KEM and ML-DSA - the two primary algorithms selected by NIST for standardization - in software targeting the OTBN accelerator. Based on profiling results of these implementations, we propose tightly integrated extensions to OTBN, specifically an interface from OTBN to OpenTitan's Keccak accelerator (KMAC core) and extensions to the OTBN ISA to support operations on 256-bit vectors. We implement these extensions in hardware and show that we achieve a speedup by a factor between 6 and 9 for different operations and parameter sets of ML-KEM and ML-DSA compared to our baseline implementation on unmodified OTBN. This speedup is achieved with an increase in cell count of less than 12% in OTBN, which corresponds to an increase of less than 2% for the full Earlgrey OpenTitan core.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Post-quantum cryptographyML-KEMML-DSAOpenTitaninstruction set extensionHW/SW co-design
- Contact author(s)
-
amin @ abdulrahman de
felix oberhansl @ aisec fraunhofer de
nguyenhien phamhoang @ gmail com
jadep @ opentitan org
peter @ cryptojedi org
tobias stelzer @ aisec fraunhofer de
andreas zankl @ aisec fraunhofer de - History
- 2024-07-25: approved
- 2024-07-24: received
- See all versions
- Short URL
- https://ia.cr/2024/1192
- License
-
CC0
BibTeX
@misc{cryptoeprint:2024/1192, author = {Amin Abdulrahman and Felix Oberhansl and Hoang Nguyen Hien Pham and Jade Philipoom and Peter Schwabe and Tobias Stelzer and Andreas Zankl}, title = {Towards {ML}-{KEM} & {ML}-{DSA} on {OpenTitan}}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1192}, year = {2024}, url = {https://eprint.iacr.org/2024/1192} }