Compact domain-specific co-processor for accelerating module lattice-based KEM

Compact domain-specific co-processor for accelerating module lattice-based KEM

연구 분야: Cryptography

학회: DAC '20: Proceedings of the 57th ACM/EDAC/IEEE Design Automation Conference

We present a domain-specific co-processor to speed up Saber, a post-quantum key encapsulation mechanism competing on the NIST Post-Quantum Cryptography standardization process. Contrary to most lattice-based schemes, Saber doesn't use NTT-based polynomial multiplication. We follow a hardware-software co-design approach: the execution is performed on an ARM core and only the most computationally expensive operation, i.e., the polynomial multiplication, is offloaded to the co-processor to obtain a compact design. We exploit the idea of distributed computing at micro-architectural level together with novel algorithmic optimizations to achieve approximately a 6 times speedup with respect to optimized software at a small area cost, which we demonstrate on a Zynq-7000 ARM/FPGA SoC.