2021
DOI: 10.46586/tches.v2021.i2.328-356
|View full text |Cite
|
Sign up to set email alerts
|

A Compact Hardware Implementation of CCA-Secure Key Exchange Mechanism CRYSTALS-KYBER on FPGA

Abstract: Post-quantum cryptosystems should be prepared before the advent of powerful quantum computers to ensure information secure in our daily life. In 2016 a post-quantum standardization contest was launched by National Institute of Standards and Technology (NIST), and there have been lots of works concentrating on evaluation of these candidate protocols, mainly in pure software or through hardware-software co-design methodology on different platforms. As the contest progresses to third round in July 2020 with only … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
76
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 121 publications
(76 citation statements)
references
References 11 publications
0
76
0
Order By: Relevance
“…At the submission time of this paper, our architectures generated using HLS lead to comparable, and sometimes better, results compared to the best references from the state of the art using HDL (such as [20], [19], [31], [25]) but probably for a much smaller design effort. Recent HDL based solutions (such as [36], [35]) are faster and smaller than ours. We showed how HLS can be used effectively to parallelize implementations.…”
Section: Discussionmentioning
confidence: 83%
See 1 more Smart Citation
“…At the submission time of this paper, our architectures generated using HLS lead to comparable, and sometimes better, results compared to the best references from the state of the art using HDL (such as [20], [19], [31], [25]) but probably for a much smaller design effort. Recent HDL based solutions (such as [36], [35]) are faster and smaller than ours. We showed how HLS can be used effectively to parallelize implementations.…”
Section: Discussionmentioning
confidence: 83%
“…For MLWE-1024 on Artix-7 FPGAs, our solution is slower (116µs vs. 67.9µs) and larger (factor 5) than [35] (published after our initial submission). Using the same HLS code, we are able to get a much faster solution on a more efficient FPGA (UltraScale+).…”
Section: Comparison With Other Workmentioning
confidence: 91%
“…It reduces the computation complexity by merging the 2N -th primitive roots of unity and scale factor into every stage. [XL21] and [POG15] avoid the bit-reversed cost by changing the loop structure of decimation in time (DIT) and decimation in frequency (DIF) radix-2 NTT. This method is also adopted by the reference software implementation of Kyber published by NIST.…”
Section: Related Workmentioning
confidence: 99%
“…end for 15: end for 16: return A further removed by rearranging the loop structure [XL21]. The complete bit-reversed-free radix-2 iterative NTT with low complexity is presented in algorithm 1, where the twiddle factors ω can be precomputed and stored in the ROM.…”
Section: Ntt-based Multiplication Algorithmmentioning
confidence: 99%
“…3. Although altering q allowed other parametrizations, ring arithmetic over R q consistently represents a significant fraction of the effort involved in providing embedded implementations of Kyber [5,59]. Keeping the same ring R q as Kyber helps make Ilum512 fast and easy to deploy.…”
Section: New Parametrizationsmentioning
confidence: 99%