We are happy to share with you the 1st silicon ASIC [1] for Saber, including a Striding Toom Cook Multiplier for significant improvement in the memory, area, power efficiency. Earlier, a common architecture for PQC algorithm has been silicon verified [2]. The common architecture in [2] mostly targeted NTT based multiplier and demonstrated significant improvement over software implementation for LWE based PQC finalists. This paper [1] on a contrary focus on accelerating Saber dedicatedly. The paper is uploaded to arxiv (
https://arxiv.org/pdf/2201.07375.pdf) and would be presented in CICC (Custom Integrated Circuit Conference) 2022.
This work presents a Saber ASIC which provides 1.37X power-efficient, 1.75X lower area, and 4X less memory implementation w.r.t. other State-of-the-art PQC ASIC. The energy-hungry multiplier block is 1.5X energy-efficient than State-of-the-art by adopting Striding Toom Cook multiplier architecture. The IC consumes an average power of only 334uW and has a memory footprint of 10.1875KB and an area of 0.158mm2
Key highlights of the publication:
- Use of striding Toom-Cook multiplier in hardware and lazy interpolation to achieve latency like similar complexity NTT.
- Lazy interpolation helps in reducing memory footprint.
- A highly pipelined architecture to achieve higher frequency.
Post-silicon Results:
- This IC consumes 333.9uW power at 10MHz and 0.7V
- It can operate at a frequency range 40-160MHz at 0.7-1.1V
- It consumes the lowest energy at 40MHz and 0.7V VDD. Key generation, encapsulation, and decapsulation consume 444.1, 579.4 & 724.5 uJ energy for the entire operation in the above-mentioned (10MHz, 0.7V) operating point.
- Point multiplication takes 1298 multiplier cycles including interpolation and consumes 40.21nJ energy.
Reference:
[1] Archisman Ghosh , J.M.B. Mera , Angshuman Karmakar , Debayan Das , Santosh Ghosh, Ingrid Verbauwhede and Shreyas Sen, "A 334uW 0.158mm2 Saber Learning with Rounding based Post-Quantum Crypto Accelerator," 2022 IEEE Custom Integrated Circuit Conference (CICC- Accepted), 2022,
https://arxiv.org/pdf/2201.07375.pdf [2] U. Banerjee, A. Pathak and A. P. Chandrakasan, "2.3 An Energy-Efficient Configurable Lattice Cryptography Processor for the Quantum-Secure Internet of Things," 2019 IEEE International Solid-State Circuits Conference - (ISSCC), 2019, pp. 46-48, doi: 10.1109/ISSCC.2019.8662528.