Exploring the RISC-V Vector Extension for the Classic McEliece Post-Quantum Cryptosystem

The dawn of quantum computers threatens the security guarantees of classical public-key cryptography. This gave rise to a new class of so-called quantum-resistant cryptography algorithms and a need to efficiently implement them on embedded hardware platforms. This paper investigates how we can exploit the most recent RISC-V Vector Extension Version 0.9 (RVV0.9) to accelerate the quantum-resistant code-based Classic McEliece cryptosystem. We focused on the Gaussian Elimination Algorithm (GEA) that is essential for the key generation of the McEliece scheme. The GEA offers high potential for acceleration by vector instructions of the RVV extension. In order to evaluate the possible gains, we adopted a rapid prototyping approach based on an instruction set simulator (ISS). We extended the simulator ETISS with a SoftVector library, which allows to quickly model the instructions of RVV. Using the rapid prototyping environment, the GEA was re-implemented and verified for RVV0.9.The final performance gain heavily depends on the memory interface of the vector unit. For different configurations of the memory system, we could profile performance gains of 6 up to 18 for the GEA. This clearly shows the benefit of RVV for implementing quantum-resistant cryptosystems.

[1]  E. Karatsiolis,et al.  Classic McEliece Implementation with Low Memory Footprint , 2020, CARDIS.

[2]  Yuan Xie,et al.  Xuantie-910: A Commercial Multi-Core 12-Stage Pipeline Out-of-Order 64-bit High Performance RISC-V Processor with Vector Extension : Industrial Product , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[3]  Erdem Alkim,et al.  NewHope on ARM Cortex-M , 2016, SPACE.

[4]  Ulf Schlichtmann,et al.  The Extendable Translating Instruction Set Simulator (ETISS) Interlinked with an MDA Framework for Fast RISC Prototyping , 2017, 2017 International Symposium on Rapid System Prototyping (RSP).

[5]  Martha Johanna Sepúlveda,et al.  Analysis of Error-Correcting Codes for Lattice-Based Key Exchange , 2018, IACR Cryptol. ePrint Arch..

[6]  Patrick Schaumont,et al.  SIMD acceleration of modular arithmetic on contemporary embedded platforms , 2013, 2013 IEEE High Performance Extreme Computing Conference (HPEC).

[7]  Peter Schwabe,et al.  McBits: Fast Constant-Time Code-Based Cryptography , 2013, CHES.

[8]  Jakub Szefer,et al.  FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes , 2018, IACR Cryptol. ePrint Arch..

[9]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[11]  Luca Benini,et al.  Ara: A 1-GHz+ Scalable and Energy-Efficient RISC-V Vector Processor With Multiprecision Floating-Point Support in 22-nm FD-SOI , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[12]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[13]  Luca Benini,et al.  The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[14]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .