Hardware implementation of Post-Quantum Cryptography

Research Overview

The realization of quantum computers poses the risk of efficiently solving currently widely used public key and digital signature algorithms. To address this issue, we research the realization and safety evaluation of hardware capable of quickly executing Post-Quantum Cryptography (PQC).

CRYSTALS-Kyber / CRYSTALS-Dilithium

CRYSTALS-Kyber (Kyber) is a PQC key encapsulation mechanism selected by NIST, and CRYSTALS-Dilithium (Dilithium) is a PQC digital signature also chosen by NIST. Both are based on module lattice cryptography, using the Module-LWE problem for security, and involve numerous matrix calculations and polynomial multiplications, which require more CPU execution cycles compared to traditional cryptography. Ikeda Laboratory is researching to achieve fast execution of these cryptographic systems on hardware and evaluate their safety.

Additionally, we are integrating the completed accelerator with RISC-V processors to incorporate it into real-world applications and researching toward the practical implementation of PQC.

SPHINICS+

Current standardized digital signatures are mainly divided into hash-based and lattice-based, but SPHINICS+, a kind of the former, has the problem of being slower. Our research aims to achieve a computation speed equivalent to lattice-based digital signatures by designing dedicated hardware for SPHINICS+. We first determine the number of hash operators that can be efficiently parallelized, and then estimate and improve the delay time and area of the circuit implemented using hardware description language.

SIKE

Focusing on isogeny-based quantum-resistant cryptographic algorithms, which are garnering attention as quantum-resistant cryptographic technologies, we are researching hardware acceleration of cryptographic computations. We are developing high-parallelism, low-operation-count computational strategies and designing hardware to execute these strategies efficiently, aiming for low latency. Additionally, it’s crucial to minimize the circuit area and power consumption that change depending on the amount of memory needed by the computational strategy. We are striving for an optimal hardware accelerator design, considering the balance between latency and hardware resources.