{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:00:25Z","timestamp":1769922025454,"version":"3.49.0"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2021,3,20]],"date-time":"2021-03-20T00:00:00Z","timestamp":1616198400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,3,20]],"date-time":"2021-03-20T00:00:00Z","timestamp":1616198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2021,11]]},"abstract":"Abstract<\/jats:title>FrodoKEM is a lattice-based key encapsulation mechanism, currently a semi-finalist in NIST\u2019s post-quantum standardisation effort. A condition for these candidates is to use NIST standards for sources of randomness (i.e. seed-expanding), and as such most candidates utilise SHAKE, an XOF defined in the SHA-3 standard. However, for many of the candidates, this module is a significant implementation bottleneck. Trivium is a lightweight, ISO standard stream cipher which performs well in hardware and has been used in previous hardware designs for lattice-based cryptography. This research proposes optimised designs for FrodoKEM, concentrating on high throughput by parallelising the matrix multiplication operations within the cryptographic scheme. This process is eased by the use of Trivium due to its higher throughput and lower area consumption. The parallelisations proposed also complement the addition of first-order masking to the decapsulation module. Overall, we significantly increase the throughput of FrodoKEM; for encapsulation we see a$$16\\times $$<\/jats:tex-math>16<\/mml:mn>\u00d7<\/mml:mo><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>speed-up, achieving 825 operations per second, and for decapsulation we see a$$14\\times $$<\/jats:tex-math>14<\/mml:mn>\u00d7<\/mml:mo><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>speed-up, achieving 763 operations per second, compared to the previous state of the art, whilst also maintaining a similar FPGA area footprint of less than 2000 slices.<\/jats:p>","DOI":"10.1007\/s13389-021-00258-7","type":"journal-article","created":{"date-parts":[[2021,3,20]],"date-time":"2021-03-20T12:02:54Z","timestamp":1616241774000},"page":"317-327","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Exploring Parallelism to Improve the Performance of FrodoKEM in Hardware"],"prefix":"10.1007","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6498-3099","authenticated-orcid":false,"given":"James","family":"Howe","sequence":"first","affiliation":[]},{"given":"Marco","family":"Martinoli","sequence":"additional","affiliation":[]},{"given":"Elisabeth","family":"Oswald","sequence":"additional","affiliation":[]},{"given":"Francesco","family":"Regazzoni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,3,20]]},"reference":[{"issue":"3","key":"258_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3384446","volume":"19","author":"E Aerabi","year":"2020","unstructured":"Aerabi, E., Bohlouli, M., Livany, M.H.A., Fazeli, M., Papadimitriou, A., Hely, D.: Design space exploration for ultra-low-energy and secure iot mcus. ACM Trans. Embed. Comput. Syst. (TECS) 19(3), 1\u201334 (2020)","journal-title":"ACM Trans. Embed. Comput. Syst. (TECS)"},{"key":"258_CR2","doi-asserted-by":"crossref","unstructured":"Alagic, G., Alperin-Sheriff, J., Apon, D., Cooper, D., Dang, Q., Kelsey, J., Liu, Y.K., Miller, C., Moody, D., Peralta, R., et al.: Status report on the second round of the NIST post-quantum cryptography standardization process. Tech. Rep, July, NIST (2020)","DOI":"10.6028\/NIST.IR.8240"},{"key":"258_CR3","doi-asserted-by":"crossref","unstructured":"Amiet, D., Curiger, A., Zbinden, P.: FPGA-based Accelerator for post-quantum signature scheme SPHINCS-256. IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 18\u201339 (2018)","DOI":"10.46586\/tches.v2018.i1.18-39"},{"key":"258_CR4","doi-asserted-by":"crossref","unstructured":"Aysu, A., Tobah, Y., Tiwari, M., Gerstlauer, A., Orshansky, M.: Horizontal side-channel vulnerabilities of post-quantum key exchange protocols. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 81\u201388. IEEE (2018)","DOI":"10.1109\/HST.2018.8383894"},{"key":"258_CR5","unstructured":"Bernstein, D.J., H\u00fclsing, A., K\u00f6lbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS+ Signature Framework. Cryptology ePrint Archive, Report 2019\/1086 (2019). https:\/\/eprint.iacr.org\/2019\/1086"},{"key":"258_CR6","doi-asserted-by":"crossref","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van\u00a0Assche, G., Van\u00a0Keer, R.: Keccak implementation overview. http:\/\/keccak.neokeon. org\/Keccak-implementation-3.2.pdf (2012)","DOI":"10.1007\/978-3-642-38348-9_19"},{"key":"258_CR7","doi-asserted-by":"crossref","unstructured":"Bos, J.W., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: Take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24\u201328, 2016, pp. 1006\u20131018 (2016)","DOI":"10.1145\/2976749.2978425"},{"key":"258_CR8","doi-asserted-by":"crossref","unstructured":"Bos, J.W., Friedberger, S., Martinoli, M., Oswald, E., Stam, M.: Assessing the Feasibility of Single Trace Power Analysis of Frodo. In: International Conference on Selected Areas in Cryptography, pp. 216\u2013234. Springer (2018)","DOI":"10.1007\/978-3-030-10970-7_10"},{"key":"258_CR9","unstructured":"Bos, J.W., Friedberger, S., Martinoli, M., Oswald, E., Stam, M.: Fly, you fool! Faster Frodo for the ARM Cortex-M4. Cryptology ePrint Archive, Report 2018\/1116 (2018), https:\/\/eprint.iacr.org\/2018\/1116"},{"key":"258_CR10","doi-asserted-by":"crossref","unstructured":"De\u00a0Canniere, C., Preneel, B.: Trivium. In: New Stream Cipher Designs, pp. 244\u2013266. Springer (2008)","DOI":"10.1007\/978-3-540-68351-3_18"},{"issue":"3","key":"258_CR11","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1109\/TC.2016.2642962","volume":"67","author":"J Howe","year":"2018","unstructured":"Howe, J., Khalid, A., Rafferty, C., Regazzoni, F., O\u2019Neill, M.: On practical discrete Gaussian samplers for lattice-based cryptography. IEEE Trans. Comput. 67(3), 322\u2013334 (2018)","journal-title":"IEEE Trans. Comput."},{"key":"258_CR12","doi-asserted-by":"crossref","unstructured":"Howe, J., Oder, T., Krausz, M., G\u00fcneysu, T.: Standard lattice-based key encapsulation on embedded devices. IACR Trans. Cryptogr. Hardw. Embed. Syst, pp 372\u2013393 (2018)","DOI":"10.46586\/tches.v2018.i3.372-393"},{"key":"258_CR13","unstructured":"Information technology - Security techniques - Lightweight cryptography\u2014Part 3: Stream ciphers. Standard, International Organization for Standardization, Geneva, CH (2012)"},{"key":"258_CR14","unstructured":"Jang, J.W., Choi, S., Prasanna, V.: Area and time efficient implementations of matrix multiplication on fpgas. In: 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings, pp. 93\u2013100. IEEE (2002)"},{"key":"258_CR15","doi-asserted-by":"crossref","unstructured":"Kales, D., Ramacher, S., Rechberger, C., Walch, R., Werner, M.: Efficient FPGA Implementations of LowMC and Picnic. In: Cryptographers\u2019 Track at the RSA Conference, pp. 417\u2013441. Springer (2020)","DOI":"10.1007\/978-3-030-40186-3_18"},{"key":"258_CR16","unstructured":"Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4. NIST\u2019s Second PQC Standardization Conference (2019), https:\/\/eprint.iacr.org\/2019\/844"},{"issue":"11","key":"258_CR17","doi-asserted-by":"publisher","first-page":"1594","DOI":"10.1109\/TC.2018.2815605","volume":"67","author":"B Koziel","year":"2018","unstructured":"Koziel, B., Azarderakhsh, R., Kermani, M.M.: A high-performance and scalable hardware architecture for isogeny-based cryptography. IEEE Trans. Comput. 67(11), 1594\u20131609 (2018)","journal-title":"IEEE Trans. Comput."},{"key":"258_CR18","unstructured":"Kuo, P.C., Li, W.D., Chen, Y.W., Hsu, Y.C., Peng, B.Y., Cheng, C.M., Yang, B.Y.: High performance post-quantum key exchange on FPGAs. Cryptology ePrint Archive, Report 2017\/690 (2017), https:\/\/eprint.iacr.org\/2017\/690"},{"key":"258_CR19","unstructured":"Naehrig, M., Alkim, E., Bos, J., Ducas, L., Easterbrook, K., LaMacchia, B., Longa, P., Mironov, I., Nikolaenko, V., Peikert, C., Raghunathan, A., Stebila, D.: Frodokem. Tech. rep., National Institute of Standards and Technology (2017), available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"258_CR20","unstructured":"NIST: Post-quantum crypto project. http:\/\/csrc.nist.gov\/groups\/ST\/post-quantum-crypto\/ (2016)"},{"key":"258_CR21","unstructured":"NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. https:\/\/csrc.nist.gov\/csrc\/media\/projects\/post-quantum-cryptography\/documents\/call-for-proposals-final-dec-2016.pdf (2016)"},{"key":"258_CR22","unstructured":"Oder, T., G\u00fcneysu, T.: Implementing the NewHope-simple key exchange on low-cost FPGAs. Progress in Cryptology-LATINCRYPT 2017, (2017)"},{"key":"258_CR23","doi-asserted-by":"crossref","unstructured":"P\u00f6ppelmann, T., G\u00fcneysu, T.: Towards practical lattice-based public-key encryption on reconfigurable hardware. In: International Conference on Selected Areas in Cryptography, pp. 68\u201385. Springer (2013)","DOI":"10.1007\/978-3-662-43414-7_4"},{"key":"258_CR24","doi-asserted-by":"crossref","unstructured":"Qasim, S.M., Abbasi, S.A., Almashary, B.: A proposed fpga-based parallel architecture for matrix multiplication. In: APCCAS 2008-2008 IEEE Asia Pacific Conference on Circuits and Systems, pp. 1763\u20131766. IEEE (2008)","DOI":"10.1109\/APCCAS.2008.4746382"},{"key":"258_CR25","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22\u201324, 2005, pp. 84\u201393 (2005). 10.1145\/1060590.1060603, http:\/\/doi.acm.org\/10.1145\/1060590.1060603"},{"key":"258_CR26","unstructured":"Roy, D.B., Mukhopadhyay, D.: Post Quantum ECC on FPGA Platform. Cryptology ePrint Archive, Report 2019\/568 (2019), https:\/\/eprint.iacr.org\/2019\/568"},{"key":"258_CR27","unstructured":"Saarinen, M.J.O.: Exploring NIST LWC\/PQC Synergy with R5Sneik: How SNEIK 1.1 Algorithms were Designed to Support Round5. Cryptology ePrint Archive, Report 2019\/685 (2019), https:\/\/eprint.iacr.org\/2019\/685"},{"key":"258_CR28","doi-asserted-by":"crossref","unstructured":"Schwabe, P., Stoffelen, K.: All the aes you need on cortex-m3 and m4. In: Avanzi, R., Heys, H. (eds.) Selected Areas in Cryptology\u2014SAC 2016. Lecture Notes in Computer Science, vol. 10532, pp. 180\u2013194. Springer, Berlin (2017), document ID: 9fc0b970660e40c264e50ca389dacd49, https:\/\/cryptojedi.org\/papers\/#aesarm","DOI":"10.1007\/978-3-319-69453-5_10"},{"issue":"5","key":"258_CR29","doi-asserted-by":"publisher","first-page":"1484","DOI":"10.1137\/S0097539795293172","volume":"26","author":"PW Shor","year":"1997","unstructured":"Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484\u20131509 (1997)","journal-title":"SIAM J. Comput."},{"key":"258_CR30","doi-asserted-by":"crossref","unstructured":"Wang, W., Szefer, J., Niederhagen, R.: FPGA-based Niederreiter cryptosystem using binary Goppa codes. In: International Conference on Post-Quantum Cryptography, pp. 77\u201398. Springer (2018)","DOI":"10.1007\/978-3-319-79063-3_4"}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-021-00258-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13389-021-00258-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-021-00258-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,26]],"date-time":"2024-08-26T12:30:39Z","timestamp":1724675439000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13389-021-00258-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,20]]},"references-count":30,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,11]]}},"alternative-id":["258"],"URL":"https:\/\/doi.org\/10.1007\/s13389-021-00258-7","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,20]]},"assertion":[{"value":"2 April 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 February 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}