Development of application specific transport triggered processors for post-quantum cryptography algorithms

Abstract

Although initially only at the level of theoretical studies, many quantum computer development projects have been carried out in recent years. The promising results so far and the competition among companies indicate that number of such studies will increase even more. Quantum computers are not yet close to becoming a part of our daily lives in the near future. However, it is most likely that they will be used much more widely in certain areas. In particular, search, optimization and factorization problems can be solved by quantum computers much more faster than classical computers. Thus, operations such as big data analysis, machine learning or multivariate simulations can be performed in reasonable time. This is a valuable process for the advancement of science and technology. On the other hand, public key cryptography is under serious threat against quantum computer attacks. Because most of the commonly used algorithms are based on the hardness of the factorization problem. However, this may not be the case for quantum computers. Therefore, NIST initiated Post-Quantum Cryptography Standardization Process to develop quantum-resistant algorithms. Currently, this process has reached the final stage and there are four key encapsulation mechanisms and three digital signature methods. Just as important as the security of an algorithm is that it can be implemented and run efficiently. Especially in embedded systems, low power consumption and small chip area are fundamental requirements that must be met for a sufficient performance level. Application-specific processor designs are often needed to accomplish such demands. This study proposes suitable processor architectures for quantum-resistant Lattice-based Cryptography algorithms in the final stage of the NIST standardization process. For this purpose, it compares widely used Reduced Instruction Set Computing methodology with Transport-Triggered Architecture. Strengths and weaknesses of the both techniques are analyzed through test results of open source sample designs. This work also suggests application-specific cores with various custom operations. In addition, the difficulties in processor development process and possible solutions are evaluated. In the introduction, the mathematical background of the lattice-based algorithms and the principal computation approaches of the both architectures are presented. Several comparisons for various cores are shared in the next sections. After that, the design methodology of custom operations and obtained FPGA and ASIC results are given. Finally, possible future improvements are evaluated.