[New Paper] Post-silicon verification results of Saber

[Archisman Ghosh]

Hello PQC community, 

We are happy to share with you the 1st silicon ASIC [1] for Saber, including a Striding Toom Cook Multiplier for significant improvement in the memory, area, power efficiency. Earlier, a common architecture for PQC algorithm has been silicon verified [2]. The common architecture in [2] mostly targeted NTT based multiplier and demonstrated significant improvement over software implementation for LWE based PQC finalists. This paper [1] on a contrary focus on accelerating Saber dedicatedly. The paper is uploaded to arxiv (https://arxiv.org/pdf/2201.07375.pdf)  and would be presented in CICC (Custom Integrated Circuit Conference) 2022.

This work presents a Saber ASIC which provides 1.37X power-efficient, 1.75X lower area, and 4X less memory implementation w.r.t. other State-of-the-art PQC ASIC. The energy-hungry multiplier block is 1.5X energy-efficient than State-of-the-art by adopting Striding Toom Cook multiplier architecture. The IC consumes an average power of only 334uW and has a memory footprint of 10.1875KB and an area of 0.158mm2   

Key highlights of the publication: 

1. Use of striding Toom-Cook multiplier in hardware and lazy interpolation to achieve latency like similar complexity NTT. 
2. Lazy interpolation helps in reducing memory footprint. 
3. A highly pipelined architecture to achieve higher frequency. 

Post-silicon Results: 

1. This IC consumes 333.9uW power at 10MHz and 0.7V
2. It can operate at a frequency range 40-160MHz at 0.7-1.1V
3. It consumes the lowest energy at 40MHz and 0.7V VDD.  Key generation, encapsulation, and decapsulation consume 444.1, 579.4 & 724.5 uJ energy for the entire operation in the above-mentioned (10MHz, 0.7V) operating point.
   
4. Point multiplication takes 1298 multiplier cycles including interpolation and consumes 40.21nJ energy. 

Reference:

[1] Archisman Ghosh , J.M.B. Mera , Angshuman Karmakar , Debayan Das , Santosh Ghosh, Ingrid Verbauwhede and Shreyas Sen, "A 334uW 0.158mm2 Saber Learning with Rounding based Post-Quantum Crypto Accelerator," 2022 IEEE Custom Integrated Circuit Conference (CICC- Accepted), 2022, https://arxiv.org/pdf/2201.07375.pdf 

[2] U. Banerjee, A. Pathak and A. P. Chandrakasan, "2.3 An Energy-Efficient Configurable Lattice Cryptography Processor for the Quantum-Secure Internet of Things," 2019 IEEE International Solid-State Circuits Conference - (ISSCC), 2019, pp. 46-48, doi: 10.1109/ISSCC.2019.8662528. 

Thanks and Best regards,

Archisman and team, 

SparcLab (Prof. Shreyas Sen) and COSIC (Prof. Ingrid Verbauwhede) ​

Group Links: 

SparcLab: https://engineering.purdue.edu/~shreyas/SparcLab/ 

COSIC: COSIC | Computer Security and Industrial Cryptography (kuleuven.be)