Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA

  • Wen Wang Yale University, USA
  • Shanquan Tian Yale University, USA
  • Bernhard Jungk MAN Truck & Bus SE, Germany
  • Nina Bindel University of Waterloo, Canada
  • Patrick Longa Microsoft Research, USA
  • Jakub Szefer Yale University, USA
Keywords: Lattice-based cryptography, Post-quantum cryptography, qTESLA, Hardware accelerators, Hardware-software co-design, FPGA, RISC-V

Abstract

This paper presents a set of efficient and parameterized hardware accelerators that target post-quantum lattice-based cryptographic schemes, including a versatile cSHAKE core, a binary-search CDT-based Gaussian sampler, and a pipelined NTT-based polynomial multiplier, among others. Unlike much of prior work, the accelerators are fully open-sourced, are designed to be constant-time, and can be parameterized at compile-time to support different parameters without the need for re-writing the hardware implementation. These flexible, publicly-available accelerators are leveraged to demonstrate the first hardware-software co-design using RISC-V of the post-quantum lattice-based signature scheme qTESLA with provably secure parameters. In particular, this work demonstrates that the NIST’s Round 2 level 1 and level 3 qTESLA variants achieve over a 40-100x speedup for key generation, about a 10x speedup for signing, and about a 16x speedup for verification, compared to the baseline RISC-V software-only implementation. For instance, this corresponds to execution in 7.7, 34.4, and 7.8 milliseconds for key generation, signing, and verification, respectively, for qTESLA’s level 1 parameter set on an Artix-7 FPGA, demonstrating the feasibility of the scheme for embedded applications.

Published
2020-06-19
How to Cite
Wang, W., Tian, S., Jungk, B., Bindel, N., Longa, P., & Szefer, J. (2020). Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(3), 269-306. https://doi.org/10.13154/tches.v2020.i3.269-306
Section
Articles