Tengfei Wang
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, China; State Key Laboratory of Cryptology, Beijing, China

Chi Zhang
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, China; State Key Laboratory of Cryptology, Beijing, China

Xiaolin Zhang
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, China; State Key Laboratory of Cryptology, Beijing, China

Dawu Gu
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, China; State Key Laboratory of Cryptology, Beijing, China

Pei Cao
Viewsource (Shanghai) Technology Company Limited, Shanghai, China

Keywords: Post-quantum cryptography, RISC-V, Kyber, Dilithium, Hardwaresoftware co-design, FPGA

Abstract

Kyber and Dilithium are both lattice-based post-quantum cryptography (PQC) algorithms that have been selected for standardization by the American National Institute of Standards and Technology (NIST). NIST recommends them as two primary algorithms to be implemented for most use cases. As the applications of RISC-V processors move from specialized scenarios to general scenarios, efficient implementations of PQC algorithms on general-purpose RISC-V platforms are required. In this work, we present an optimized hardware-software co-design for Kyber and Dilithium on the industry’s first RISC-V System-on-Chip (SoC) Field Programmable Gate Array (FPGA) platform. The performance of both algorithms is enhanced through the utilization of hardware acceleration and software optimization, while a certain level of flexibility is still maintained. The polynomial arithmetic operations in Kyber and Dilithium are accelerated by the customized accelerators. We employ a unified high-level architecture to depict their shared characteristics and design dedicated underlying modular multipliers to explore their distinctive features. The hashing functions are optimized using RISC-V assembly instructions, resulting in improved performance and reduced code size without additional hardware resources. For other operations involving matrices and vectors, we present a multi-core acceleration scheme based on the multi-core RISC-V Microprocessor Sub-System (MSS). Combining these acceleration and optimization methods, experimental results show that the overall performance of Kyber and Dilithium across different security levels improves by 3 to 5 times, while the utilized FPGA resources account for less than 5% of the total resources provided by the platform.