[New paper] Hardware implementations of CRYSTALS-Kyber, NTRU, and Saber

265 views
Skip to first unread message

Krzysztof M. Gaj

unread,
Nov 17, 2021, 9:15:13 AM11/17/21
to pqc-...@list.nist.gov
Hi,

It is our pleasure to announce the release of our new paper:

"High-Speed Hardware Architectures and FPGA Benchmarking of CRYSTALS-Kyber, NTRU, and Saber"
by Viet Ba Dang, Kamyar Mohajerani, and Kris Gaj
Cryptology ePrint Archive: Report 2021/1508

The major contributions of this paper are as follows:

1. We have proposed, documented, and designed the first complete hardware implementations of 
   two variants of NTRU (NTRU-HRSS and NTRU-HPS), as defined in the submissions to Rounds 2 and 3 
   of the NIST PQC standardization process.

2. We have developed four new implementations of Saber, including a design based on NTT.
   The remaining three implementations use the schoolbook-based multiplier with three different unrolling factors, u = 1, 2, and 4.
   For security level 3, two of these implementations outperform the best previous design in terms of speed and 
   remaining two in terms of resource utilization.

3. We have developed a new hardware implementation of CRYSTALS-KYBER outperforming the best previous design in terms of 
   latency, number of operations per second, and the product of latency x #LUTs.

4. We benchmarked all mentioned above designs using two FPGA families - Artix-7 and Zynq-Ultrascale+ -
   and where possible compared them with earlier reported designs for the same candidates 
   (see Table 11 for CRYSTALS-Kyber and Table 13 for Saber).

5. We generated a comprehensive set of two-dimensional graphs comparing all 9 Round 3 KEMs in terms of their performance in hardware.
   These graphs, included in the paper as Figs. 27-38, show
    * on Y-axis - performance in terms of the latency in microseconds and speed in operations per second, and 
    * on X-axis - resource utilization in terms of LUTs.
   These figures take into account all competitive results we are aware of, including the most recent ePrint reports on hardware implementations of
    * BIKE, released on October 6, 2021, last revised October 14, 2021: https://eprint.iacr.org/2021/1344, and
    * NTRU Prime, released on October 27, 2021: https://eprint.iacr.org/2021/1444.

We would be grateful for information about any other full hardware implementations of Round 3 KEMs and would be more than happy 
to update our ePrint report accordingly.

Any other comments and suggestions are very welcome!

Viet, Kamyar, and Kris
Cryptographic Engineering Research Group (CERG)
George Mason University

Reply all
Reply to author
Forward
0 new messages