Paper 2024/1253

FELIX (XGCD for FALCON): FPGA-based Scalable and Lightweight Accelerator for Large Integer Extended GCD

Sam Coulon
Tianyou Bao, Villanova University
Jiafeng Xie, Villanova University
Abstract

The Extended Greatest Common Divisor (XGCD) computation is a critical component in various cryptographic applications and algorithms, including both pre- and post-quantum cryptosystems. In addition to computing the greatest common divisor (GCD) of two integers, the XGCD also produces Bezout coefficients $b_a$ and $b_b$ which satisfy $\mathrm{GCD}(a,b) = a\times b_a + b\times b_b$. In particular, computing the XGCD for large integers is of significant interest. Most recently, XGCD computation between 6,479-bit integers is required for solving $N$-th degree Truncated polynomial Ring Unit (NTRU) trapdoors in Falcon, a National Institute of Standards and Technology (NIST)-selected Post-Quantum digital signature scheme. To this point, existing literature has primarily focused on exploring software-based implementations for XGCD. The few existing high-performance hardware architectures require significant hardware resources and may not be desirable for practical usage, and the lightweight architectures suffer from poor performance. To fill the research gap, this work proposes a novel FPGA-based scalablE and Lightweight accelerator for large Integer XGCD (FELIX). First, a new algorithm suitable for scalable and lightweight computation of XGCD is proposed. Next, a hardware accelerator (FELIX) is presented, including both constant- and variable-time versions. Finally, a thorough evaluation is carried out to showcase the efficiency of the proposed FELIX. In certain configurations, FELIX involves 81% less equivalent area-time product (eATP) than the state-of-the-art design for 1,024-bit integers, and achieves a 95% reduction in latency over the software for 6,479-bit integers (Falcon parameter set) with reasonable resource usage. Overall, the proposed FELIX is highly efficient, scalable, lightweight, and suitable for very large integer computation, making it the first such XGCD accelerator in the literature (to the best of our knowledge).

Note: NA

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. IEEE Trans. VLSI Systems
DOI
10.1109/TVLSI.2024.3417016
Keywords
Falconfield-programmable gate arrayhardware acceleratorlarge integer extended GCDcryptographic applications
Contact author(s)
scoulon @ villanova edu
tbao @ villanova edu
jiafeng xie @ villanova edu
History
2024-08-09: approved
2024-08-08: received
See all versions
Short URL
https://ia.cr/2024/1253
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1253,
      author = {Sam Coulon and Tianyou Bao and Jiafeng Xie},
      title = {{FELIX} ({XGCD} for {FALCON}): {FPGA}-based Scalable and Lightweight Accelerator for Large Integer Extended {GCD}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1253},
      year = {2024},
      doi = {10.1109/TVLSI.2024.3417016},
      url = {https://eprint.iacr.org/2024/1253}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.