AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

This work presents a multilevel approximation exploration undertaken on the Ring-Learning-with-Errors (R-LWE)-based public-key cryptographic (PKC) schemes that belong to quantum-resilient cryptography algorithms. Among the various quantum-resilient cryptography schemes proposed in the currently running NIST’s post-quantum cryptography (PQC) standardization plan, the lattice-based learning-with-error (LWE) schemes have emerged as the most viable and preferred class for the Internet of Things (IoT) applications due to their compact area and memory footprint compared to other alternatives. However, compared to the classical schemes used today, R-LWE is much harder a challenge to fit on embedded IoT (end-node) devices, due to their stricter resource constraints (lower area, memory, and energy budgets) as well as their limited computational capabilities. To the best of our knowledge, this is the first endeavor exploring the inherent approximate nature of the LWE problem to undertake a multilevel approximate R-LWE (AxRLWE) architecture with respective security estimates opt for lightweight IoT devices. Undertaking AxRLWE on field-programmable gate arrays (FPGAs), we benchmarked a 64% area reduction cost compared to earlier accurate R-LWE designs at the cost of reduced quantum security. For the application-specific integrated circuits (ASICs) with 45-nm CMOS technology, AxRLWE was benchmarked to fit well within the same area budget of a lightweight ECC processor and consume a third of energy compared to special class of R-Binary LWE (R-BLWE) designs being proposed for an IoT, with a better security level.