NIST recently decided upon a set of cryptographic algorithms for future standardization. These algorithms are built upon hard problems which are believed to be resistant to quantum cryptanalysis, unlike RSA and ECC which are trivially broken by a quantum computer running Shor’s algorithm. Cryptographic operations are computationally intense, and therefore are often offloaded to dedicated hardware in order to improve performance and reduce energy usage. However, different applications have different needs for performance and cost trade-offs, so it is beneficial to have a variety of performance options for hardware acceleration. In this work we present a flexible hardware architecture for selected algorithms, Kyber and Dilithium. Our architecture includes separate instances optimized for either Kyber and Dilithium as well as a combined architecture which support both algorithms in one design. Further, the design can be instantiated at three levels of performance: lightweight, mid-range, and high performance. We also present a masked implementation for the Kyber-only implementation which protects against first order differential power analysis attacks and timing attacks. The masked implementation requires 2.5× more LUTs and 6.5× more clock cycles for decapsulation.
Fourth PQC Standardization Conference
Starts: November 29, 2022Virtual
Security and Privacy: post-quantum cryptography