An Efficient and Parallel R-LWE Cryptoprocessor

Zhang, Yuqing; Wang, Chenghua; Kundi, Dur E. Shahwar; Khalid, Ayesha; O’Neill, Máire; Liu, Weiqiang

doi:10.1109/tcsii.2020.2980387

Cited by 39 publications

(14 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The overall hardware implementation of R-LWE cryptographic processor [15] based on NTT can resist side-channel attack, yet its speed is quite slower and its execution time is longer as well as highest ATP. The efficient R-LWE design [9] based on the state-of-art fastest available schoolbook polynomial multiplication have the highest frequency; however, it consumes most cycles. The latest processor for Kyber on FPGA [16] only includes optimized NTT design for vector of polynomials.…”

Section: Implementation Results and Comaprisionsmentioning

confidence: 99%

“…Our proposed design has less number of cycles, i.e., 8,770 and smallest ATP value of 24.84 for encryption, while 2,680 cycles and 2.69 ATP for the decryption. Compared with the best design, our proposed separate M-LWE design have 1.3× Op/s than [6] and 2.1× better ATP trade-off than [9] at a cost of reasonable area consumption.…”

Section: Implementation Results and Comaprisionsmentioning

confidence: 99%

See 1 more Smart Citation

Towards CRYSTALS-Kyber: A M-LWE Cryptoprocessor with Area-Time Trade-Off

Yao

Kundi

Wang

et al. 2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

Self Cite

View full text Add to dashboard Cite

CRYSTALS-Kyber is a quantum-resistant and promising lattice-based cryptography (LBC) in the finalists of the third round post-quantum cryptography (PQC) standardization, which is based on the hardness of Module-Learning with Errors (M-LWE). The variadic parameters make M-LWE obtain a more flexible security-performance trade-off than Ring-LWE. In this paper, we propose a M-LWE cryptoprocessor targeting CRYSTALS-Kyber with area-time trade-off for the first time. This balanced design includes a fast and low-cost Binomial Sampler and vector-polynomials multiplication structure based on pipelined decimation-in-frequency (DIF) based Number Theoretic Transform (NTT) technique. The M-LWE cryptoprocessor achieve 27,708 encryption operations per second using only 690 slices and 106,716 decryption operations per second using only 571 slices. Our proposed design achieved the lowest area-time product (ATP) with at least 2× performance improvement than the state-of-the-art LBC designs with a similar security level and complexity of polynomials.

show abstract

Section: Implementation Results and Comaprisionsmentioning

confidence: 99%

Section: Implementation Results and Comaprisionsmentioning

confidence: 99%

Towards CRYSTALS-Kyber: A M-LWE Cryptoprocessor with Area-Time Trade-Off

Yao

Kundi

Wang

et al. 2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The µ-kσ and q-µ-kσ; where k=1,2,3... represents the positive and negative values respectively (in case of LWE with modulus-q). This fact has been exploited by many researchers to utilized the Signed-Magnitude Representation (SMR) for the Gaussian data instead of using a conventional unsigned representation [16], [36]. The modular polynomial multiplication with these negative values can easily be realized as follows: a×(-b) mod…”

Section: A Approximate Modular Multiplier (Axmm)mentioning

confidence: 99%

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

Kundi

Khalid

Bian

et al. 2022

IEEE Internet Things J.

Self Cite

View full text Add to dashboard Cite

This work presents a multi-level approximation exploration undertaken on the Ring-Learning-with-Errors (R-LWE) based Public-key Cryptographic (PKC) schemes that belong to quantum-resilient cryptography algorithms. Among the various quantum-resilient cryptography schemes proposed in the currently running NIST's Post-quantum Cryptography (PQC) standardization plan, the lattice based LWE schemes have emerged as the most viable and preferred class for the IoT applications due to their compact area and memory footprint compared to other alternatives. However, compared to the classical schemes used today, R-LWE is much harder a challenge to fit on embedded IoT (end-node) devices, due to their stricter resource constraints (lower area, memory, energy budgets) as well as their limited computational capabilities. To the best of our knowledge, this is the first endeavour exploring the inherent approximate nature of LWE problem to undertake a multi-level Approximate R-LWE (AxRLWE) architecture with respective security estimates opt for lightweight IoT devices. Undertaking AxRLWE on Field Programmable Gate Arrays (FPGAs), we bench-marked a 64% area reduction cost compared to earlier accurate R-LWE designs at the cost of reduced quantum-security. With 45nm CMOS technology, AxRLWE was bench-marked to fit well within the same area-budget of lightweight ECC processor and consume a third of energy compared to special class of R-Binary LWE (R-BLWE) designs being proposed for an IoT, with better security level.

show abstract

“…Later on [77] proposed a design of an area/power efficient approximate modular multiplier (so called AxMM) for complete RLWE hardware, by exploiting the statistics of Gaussian noise in addition to the technique of [78]; transforming the unsigned Gaussian data to signed format. Fig.…”

Section: Cryptography Homomorphicmentioning

confidence: 99%

Security in Approximate Computing and Approximate Computing for Security: Challenges and Opportunities

Liu

O’Neill

et al. 2020

Proc. IEEE

Self Cite

View full text Add to dashboard Cite

Approximate computing, an advanced computational technique which returns inaccurate but acceptable results instead of exact results, has emerged as a new preferable paradigm over traditional computing architectures for energy efficient system designs. It is crucial for nanoscale integrated circuits (ICs) to achieve high speed and low power, where some intrinsic errors are acceptable, such as (deep-) machine learning, image processing, communication and other error-tolerant and cognitive applications. However, approximate computing also introduces security vulnerabilities mainly due to the uncertainty and unpredictability of intrinsic errors during approximate execution which may be indistinguishable using malicious modification of the accurate result. On the other hand, interestingly, approximate computing can also provide new approaches for security. Existing literature in approximate computing covers threat models, countermeasures, and evaluations, but lacks a framework for analysis and comparison. In this paper, we provide a classification of the state of the art in this research field, including threat models in approximate computing and promising security approaches using approximate computing. Index Terms-Approximate computing, hardware security, cryptography I. INTRODUCTION N the last decade, various advanced computing systems, including supercomputers, ubiquitous computing centers, and servers, have been developed and widely deployed. Unfortunately, Moore's law is approaching its limitation [1], and conventional computing techniques are not able to provide higher computing performance under the restriction of power consumption. Therefore, new nanoscale computing paradigms are urgently required for low power and high performance computing systems. Hence, appropriate reduction of the computational accuracy could effectively improve the performance of computing systems without sacrificing functionality and perception.

show abstract

An Efficient and Parallel R-LWE Cryptoprocessor

Cited by 39 publications

References 15 publications

Towards CRYSTALS-Kyber: A M-LWE Cryptoprocessor with Area-Time Trade-Off

Towards CRYSTALS-Kyber: A M-LWE Cryptoprocessor with Area-Time Trade-Off

AxRLWE: A Multilevel Approximate Ring-LWE Co-Processor for Lightweight IoT Applications

Security in Approximate Computing and Approximate Computing for Security: Challenges and Opportunities

Contact Info

Product

Resources

About