The Ring Learning With Error (RLWE) algorithm plays a crucial role in Post Quantum Cryptography (PQC) and Homomorphic Encryption (HE). The security of existing classical crypto algorithms is reduced in quantum computers. The adversaries can store all encrypted data and once quantum computers become available, they can potentially expose this encrypted data. Researchers and cryptographers are actively developing and exploring quantum-resistant cryptographic algorithms like RLWE to address this emerging threat. On the other hand, the HE allows operations on encrypted data, which is appropriate for getting services from third parties without revealing confidential plain-texts. Field Programmable Gate Array (FPGA) based Post-Quantum Cryptography (PQC) and Homomorphic Encryption (HE) hardware accelerators, such as Ring Learning With Error (RLWE), offer a much cost-effective alternative to processorbased platforms and Application-Specific Integrated Circuits (ASIC). However, FPGA based hardware accelerators still consume more power compared to ASIC based design. Near Threshold Computation (NTC) may be a convenient solution for FPGA based RLWE implementation. This paper implements a low-power RLWE hardware accelerator in an FPGA, operating at near-threshold biasing voltage. Instead of applying uniform biasing voltage to all 14 subcomponents of RLWE, this paper applies different near-threshold biasing voltages to the different subcomponents of proposed RLWE. Based on the longest design path or critical path of the 14 subcomponents of the proposed RLWE, the entire RLWE is partitioned into different clusters where each cluster is implemented in an FPGA partition. All the subcomponents placed in the same FPGA partition use the same biasing voltage V ccint . The clusters that have higher critical paths use higher V ccint to avoid timing failure. The clusters that have lower critical paths use lower biasing voltage V ccint . The proposed RLWE uses a voltage calibration algorithm to calculate the biasing voltage V ccint required for a certain amount of average critical path of a FPGA partition. Any timing error caused by NTC can be detected by the Razor flip-flop used in each subcomponent of RLWE. This voltage scaled, partitioned RLWE can save ∼6% and ∼11% power in Vivado and VTR platforms, respectively. Although low-power RLWE is the primary focus, the resource usage and throughput of the implemented RLWE hardware accelerator are competitive with existing literature.
INDEX TERMSFPGA, Low Power, Post Quantum Cryptography, Ring Learning With Error I. INTRODUCTION Lattice-based cryptography is currently considered one of the most secure solutions compared to classical cryptography schemes. Classical schemes such as the discrete logarithm (used in Elliptic Curve Cryptography), RSA and ECDSA are employed to secure modern Internet communications. These asymmetric key crypto-systems are based on the hardness of the prime factor and discrete logarithm. However, asymmet-ric key crypto-systems are no longer secure under quantum attacks...