RePQC: A 3.4-uJ/Op 48-kOPS Post-Quantum Crypto-Processor for Multiple-Mathematical Problems

Post-quantum cryptography (PQC) is investigated to replace the classical public cryptography algorithms, which would be completely broken by large-scale quantum computers. However, current PQC schemes have completely different mathematical foundations and parameter sets, which makes the implementation of unified PQC processor extremely challenging. To address this issue, an agile PQC processor, RePQC, is proposed in this work to support schemes on multiple mathematical problems. First, the hierarchical calculation framework, ranging from algorithm level, task level, and coefficient level, is proposed to achieve desirable flexibility and energy efficiency. Second, a hybrid processing element array is built to support arithmetic and logical operations simultaneously, while algorithm-hardware co-design is utilized in task-level schedulers to further improve the algorithm-oriented energy efficiency. Finally, parallelism exploration and algorithm-level computation transformation is further utilized to optimize the configuration on RePQC for higher throughput. Fabricated in a 28-nm process, RePQC achieves the energy efficiency of 3.4 uJ/Op and the throughput of 48 kOPS, which is $2\times $ and $23\times $ higher than the state-of-the-art work, respectively. To the best of our knowledge, RePQC is the first silicon-proven PQC processor for different mathematical problems.

[1]  Kris Gaj,et al.  High-Speed Hardware Architectures and FPGA Benchmarking of CRYSTALS-Kyber, NTRU, and Saber , 2023, IEEE Transactions on Computers.

[2]  Gaëtan Cassiers,et al.  Bitslicing Arithmetic/Boolean Masking Conversions for Fun and Profit with Application to Lattice-Based KEMs , 2022, IACR Cryptol. ePrint Arch..

[3]  Leibo Liu,et al.  A 28nm 48KOPS 3.4µJ/Op Agile Crypto-Processor for Post-Quantum Cryptography on Multi-Mathematical Problems , 2022, 2022 IEEE International Solid- State Circuits Conference (ISSCC).

[4]  Amir Moradi,et al.  Low-Latency Keccak at any Arbitrary Order , 2021, IACR Cryptol. ePrint Arch..

[5]  Chenchen Deng,et al.  LWRpro: An Energy-Efficient Configurable Crypto-Processor for Module-LWR , 2021, IEEE Transactions on Circuits and Systems I: Regular Papers.

[6]  Jakub Szefer,et al.  ASIC Accelerator in 28 nm for the Post-Quantum Digital Signature Scheme XMSS , 2020, 2020 IEEE 38th International Conference on Computer Design (ICCD).

[7]  Andrea Basso,et al.  High-speed Instruction-set Coprocessor for Lattice-based Key Encapsulation Mechanism: Saber in Hardware , 2020, IACR Cryptol. ePrint Arch..

[8]  Martha Johanna Sepúlveda,et al.  RISQ-V: Tightly Coupled RISC-V Accelerators for Post-Quantum Cryptography , 2020, IACR Cryptol. ePrint Arch..

[9]  Xu Cheng,et al.  VPQC: A Domain-Specific Vector Processor for Post-Quantum Cryptography Based on RISC-V Architecture , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[10]  Chen Chen,et al.  Highly Efficient Architecture of NewHope-NIST on FPGA using Low-Complexity NTT/INTT , 2020, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[11]  Anantha P. Chandrakasan,et al.  Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[12]  Martha Johanna Sepúlveda,et al.  Efficient and Flexible Low-Power NTT for Lattice-Based Cryptography , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[13]  Shuguo Li,et al.  High-Speed ECC Processor Over NIST Prime Fields Applied With Toom–Cook Multiplication , 2019, IEEE Transactions on Circuits and Systems I: Regular Papers.

[14]  Cezar Reinbrecht,et al.  Towards Reliable and Secure Post-Quantum Co-Processors based on RISC-V , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  Tim Güneysu,et al.  Standard Lattice-Based Key Encapsulation on Embedded Devices , 2018, IACR Cryptol. ePrint Arch..

[16]  Jakub Szefer,et al.  FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes , 2018, IACR Cryptol. ePrint Arch..

[17]  David Blaauw,et al.  Recryptor: A Reconfigurable Cryptographic Cortex-M0 Processor With In-Memory and Near-Memory Computing for IoT Security , 2018, IEEE Journal of Solid-State Circuits.

[18]  Anantha Chandrakasan,et al.  An energy-efficient reconfigurable DTLS cryptographic engine for End-to-End security in iot applications , 2018, 2018 IEEE International Solid - State Circuits Conference - (ISSCC).

[19]  Jakub Szefer,et al.  FPGA-based Key Generator for the Niederreiter Cryptosystem Using Binary Goppa Codes , 2017, CHES.

[20]  Peter Schwabe,et al.  High-speed key encapsulation from NTRU , 2017, IACR Cryptol. ePrint Arch..

[21]  Trevor Mudge,et al.  A programmable Galois Field processor for the Internet of Things , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[22]  Jakub Szefer,et al.  Solving large systems of linear equations over GF(2) on FPGAs , 2016, 2016 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[23]  Chaohui Du,et al.  Towards efficient polynomial multiplication for lattice-based cryptography , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[24]  Peter Schwabe,et al.  NaCl's Crypto_box in Hardware , 2015, CHES.

[25]  Tim Güneysu,et al.  High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers , 2015, LATINCRYPT.

[26]  Morris Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[27]  Ingrid Verbauwhede,et al.  24.1 Circuit challenges from cryptography , 2015, 2015 IEEE International Solid-State Circuits Conference - (ISSCC) Digest of Technical Papers.

[28]  Frederik Vercauteren,et al.  Compact Ring-LWE Cryptoprocessor , 2014, CHES.

[29]  Ming-Der Shieh,et al.  A High-Performance Unified-Field Reconfigurable Cryptographic Processor , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[30]  D. Bernstein,et al.  Post-quantum cryptography , 2008, Nature.

[31]  Ingrid Verbauwhede,et al.  A Side-channel Attack Resistant Programmable PKC Coprocessor for Embedded Applications , 2007, 2007 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation.

[32]  Joos Vandewalle,et al.  Hardware architectures for public key cryptography , 2003, Integr..

[33]  A. P. Chandrakasan,et al.  An energy-efficient reconfigurable public-key cryptography processor , 2001, IEEE J. Solid State Circuits.

[34]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[35]  W. L. Rainbow , 1883, Science.

[36]  T. Güneysu,et al.  Efficiently Masking Polynomial Inversion at Arbitrary Order , 2022, IACR Cryptol. ePrint Arch..

[37]  Matthias J. Kannwischer,et al.  Faster Kyber and Dilithium on the Cortex-M4 , 2022, IACR Cryptol. ePrint Arch..

[38]  Ming-Shing Chen,et al.  Classic McEliece on the ARM Cortex-M4 , 2021, IACR Cryptol. ePrint Arch..

[39]  Peter Schwabe,et al.  pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4 , 2019, IACR Cryptol. ePrint Arch..

[40]  Ramesh Karri,et al.  NIST Post-Quantum Cryptography- A Hardware Evaluation Study , 2019, IACR Cryptol. ePrint Arch..

[41]  Nikil D. Dutt,et al.  Domain-specific Accelerators for Ideal Lattice-based Public Key Protocols , 2018, IACR Cryptol. ePrint Arch..

[42]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .