{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:27:53Z","timestamp":1750220873268,"version":"3.41.0"},"reference-count":37,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2020,3,11]],"date-time":"2020-03-11T00:00:00Z","timestamp":1583884800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Union Horizon 2020 research and innovation programme under SAFEcrypto project","award":["644729"],"award-info":[{"award-number":["644729"]}]},{"DOI":"10.13039\/501100001711","name":"Swiss National Science Foundation","doi-asserted-by":"crossref","award":["P1TIP2_181305"],"award-info":[{"award-number":["P1TIP2_181305"]}],"id":[{"id":"10.13039\/501100001711","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Swiss National Science Foundation project","award":["PZ00P2_179921"],"award-info":[{"award-number":["PZ00P2_179921"]}]},{"name":"Qualcomm Technology Inc."}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2020,3,31]]},"abstract":"<jats:p>The advent of the quantum computer makes current public-key infrastructure insecure. Cryptography community is addressing this problem by designing, efficiently implementing, and evaluating novel public-key algorithms capable of withstanding quantum computational power. Governmental agencies, such as NIST, are promoting standardization of quantum-resistant algorithms that is expected to run for 7 years. Several modern applications must maintain permanent data secrecy; therefore, they ultimately require the use of quantum-resistant algorithms. Because algorithms are still under scrutiny for eventual standardization, the deployment of the hardware implementation of quantum-resistant algorithms is still in early stages.<\/jats:p>\n          <jats:p>\n            In this article, we propose a methodology to design programmable hardware accelerators for lattice-based algorithms, and we use the proposed methodology to implement flexible and energy efficient post-quantum cache-based accelerators for\n            <jats:italic>NewHope<\/jats:italic>\n            ,\n            <jats:italic>Kyber<\/jats:italic>\n            ,\n            <jats:italic>Dilithium<\/jats:italic>\n            , Key Consensus from Lattice (\n            <jats:italic>KCL<\/jats:italic>\n            ), and\n            <jats:italic>R.EMBLEM<\/jats:italic>\n            submissions to the NIST standardization contest.\n          <\/jats:p>\n          <jats:p>To the best of our knowledge, we propose the first efficient domain-specific, programmable cache-based accelerators for lattice-based algorithms. We design a single accelerator for a common kernel among various schemes with different kernel sizes, i.e., loop count, and data types. This is in contrast to the traditional approach of designing one special purpose accelerators for each scheme.<\/jats:p>\n          <jats:p>We validate our methodology by integrating our accelerators into an HLS-based SoC infrastructure based on the X86 processor and evaluate overall performance. Our experiments demonstrate the suitability of the approach and allow us to collect insightful information about the performance bottlenecks and the energy efficiency of the explored algorithms. Our results provide guidelines for hardware designers, highlighting the optimization points to address for achieving the highest energy minimization and performance increase. At the same time, our proposed design allows us to specify and execute new variants of lattice-based schemes with superior energy efficiency compared to the main application processor without changing the hardware acceleration platform. For example, we manage to reduce the energy consumption up to 2.1\u00d7 and energy-delay product (EDP) up to 5.2\u00d7 and improve the speedup up to 2.5\u00d7.<\/jats:p>","DOI":"10.1145\/3378164","type":"journal-article","created":{"date-parts":[[2020,3,11]],"date-time":"2020-03-11T12:08:17Z","timestamp":1583928497000},"page":"1-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Synthesis of Flexible Accelerators for Early Adoption of Ring-LWE Post-quantum Cryptography"],"prefix":"10.1145","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5886-2290","authenticated-orcid":false,"given":"Hamid","family":"Nejatollahi","sequence":"first","affiliation":[{"name":"University of California Irvine, Irvine, California"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Felipe","family":"Valencia","sequence":"additional","affiliation":[{"name":"ALaRI"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Subhadeep","family":"Banik","sequence":"additional","affiliation":[{"name":"EPFL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Francesco","family":"Regazzoni","sequence":"additional","affiliation":[{"name":"ALaRi"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rosario","family":"Cammarota","sequence":"additional","affiliation":[{"name":"Intel AI Research"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nikil","family":"Dutt","sequence":"additional","affiliation":[{"name":"University of California Irvine, Irvine, California"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,3,11]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Report 2018\/425.","author":"Albrecht M. R.","year":"2018","unstructured":"M. R. Albrecht 2018 . Implementing RLWE-based Schemes Using an RSA Co-Processor. Cryptology ePrint Archive , Report 2018\/425. Retrieved from https:\/\/eprint.iacr.org\/2018\/425. M. R. Albrecht et al. 2018. Implementing RLWE-based Schemes Using an RSA Co-Processor. Cryptology ePrint Archive, Report 2018\/425. Retrieved from https:\/\/eprint.iacr.org\/2018\/425."},{"key":"e_1_2_1_2_1","unstructured":"E. Alkim etal 2016. NewHope Without Reconciliation. Cryptology ePrint Archive Report 2016\/1157.  E. Alkim et al. 2016. NewHope Without Reconciliation. Cryptology ePrint Archive Report 2016\/1157."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/CADS.2015.7377788"},{"key":"e_1_2_1_4_1","unstructured":"R. Avanzi etal 2017. CRYSTALS-KYBER. Technical Report. NIST.  R. Avanzi et al. 2017. CRYSTALS-KYBER. Technical Report. NIST."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2014.6888686"},{"key":"e_1_2_1_6_1","volume-title":"Sapphire: A configurable crypto-processor for Post-QuantumLattice-based protocols. IACR Trans. Cryptogr. Hardw. Embed. Syst.","author":"Banerjee U.","year":"2019","unstructured":"U. Banerjee 2019 . Sapphire: A configurable crypto-processor for Post-QuantumLattice-based protocols. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2019). U. Banerjee et al. 2019. Sapphire: A configurable crypto-processor for Post-QuantumLattice-based protocols. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2019)."},{"key":"e_1_2_1_7_1","unstructured":"K. Basu etal 2019. NIST Post-Quantum Cryptography- A Hardware Evaluation Study. Cryptology ePrint Archive Report 2019\/047.  K. Basu et al. 2019. NIST Post-Quantum Cryptography- A Hardware Evaluation Study. Cryptology ePrint Archive Report 2019\/047."},{"key":"e_1_2_1_8_1","unstructured":"G. Bertoni etal 2011. The Keccak reference.  G. Bertoni et al. 2011. The Keccak reference."},{"key":"e_1_2_1_9_1","doi-asserted-by":"crossref","unstructured":"N. Binkert etal 2011. The Gem5 simulator. SIGARCH (2011).  N. Binkert et al. 2011. The Gem5 simulator. SIGARCH (2011).","DOI":"10.1145\/2024716.2024718"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"J. Cooley etal 1965. An algorithm for the machine calculation of complex fourier series. Math. Comp. (1965).  J. Cooley et al. 1965. An algorithm for the machine calculation of complex fourier series. Math. Comp. (1965).","DOI":"10.1090\/S0025-5718-1965-0178586-1"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the International Conference in Central Asia on Internet.","author":"Doomun M. R.","year":"2007","unstructured":"M. R. Doomun 2007 . Energy consumption and computational analysis of rijndael-AES . In Proceedings of the International Conference in Central Asia on Internet. M. R. Doomun et al. 2007. Energy consumption and computational analysis of rijndael-AES. In Proceedings of the International Conference in Central Asia on Internet."},{"key":"e_1_2_1_12_1","unstructured":"L. Ducas etal 2017. CRYSTALS-Dilithium. Technical Report. National Institute of Standards and Technology.  L. Ducas et al. 2017. CRYSTALS-Dilithium. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02650179"},{"key":"e_1_2_1_15_1","unstructured":"E. Fujisaki etal 2013. Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. (2013).  E. Fujisaki et al. 2013. Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. (2013)."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1464291.1464352"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISQED.2017.7918335"},{"key":"e_1_2_1_18_1","volume-title":"Report 2017\/690.","author":"Kuo P.","year":"2017","unstructured":"P. Kuo 2017 . High Performance Post-Quantum Key Exchange on FPGAs. Cryptology ePrint Archive , Report 2017\/690. Retrieved from https:\/\/eprint.iacr.org\/2017\/690. P. Kuo et al. 2017. High Performance Post-Quantum Key Exchange on FPGAs. Cryptology ePrint Archive, Report 2017\/690. Retrieved from https:\/\/eprint.iacr.org\/2017\/690."},{"key":"e_1_2_1_19_1","unstructured":"A. Langlois etal 2012. Worst-Case to Average-Case Reductions for Module Lattices. Cryptology ePrint Archive.  A. Langlois et al. 2012. Worst-Case to Average-Case Reductions for Module Lattices. Cryptology ePrint Archive."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_35"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_1"},{"key":"e_1_2_1_22_1","unstructured":"M. Naehrig etal 2017. FrodoKEM. Technical Report. National Institute of Standards and Technology.  M. Naehrig et al. 2017. FrodoKEM. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3125502.3125559"},{"key":"e_1_2_1_24_1","unstructured":"H. Nejatollahi etal 2018. Domain-specific Accelerators for Ideal Lattice-based Public Key Protocols. Cryptology ePrint Archive Report 2018\/608.  H. Nejatollahi et al. 2018. Domain-specific Accelerators for Ideal Lattice-based Public Key Protocols. Cryptology ePrint Archive Report 2018\/608."},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","unstructured":"H. Nejatollahi etal 2019. Exploring Energy Efficient Quantum-resistant Signal Processing Using Array Processors. Cryptology ePrint Archive.  H. Nejatollahi et al. 2019. Exploring Energy Efficient Quantum-resistant Signal Processing Using Array Processors. Cryptology ePrint Archive.","DOI":"10.1109\/ICASSP40776.2020.9053653"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD46524.2019.00052"},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"H. Nejatollahi etal 2019. Post-quantum lattice-based cryptography implementations: A survey. ACM Comput. Surv. (2019).  H. Nejatollahi et al. 2019. Post-quantum lattice-based cryptography implementations: A survey. ACM Comput. Surv. (2019).","DOI":"10.1145\/3292548"},{"key":"e_1_2_1_28_1","unstructured":"NTTCorporation. 2008. PSEC-KEM Specification.  NTTCorporation. 2008. PSEC-KEM Specification."},{"key":"e_1_2_1_29_1","unstructured":"J. Olson etal 2017. Quantum information and computation for chemistry. arXiv preprint arXiv:1706.05413 (2017).  J. Olson et al. 2017. Quantum information and computation for chemistry. arXiv preprint arXiv:1706.05413 (2017)."},{"key":"e_1_2_1_30_1","unstructured":"T. Poppelmann etal 2017. NewHope. Technical Report. NIST.  T. Poppelmann et al. 2017. NewHope. Technical Report. NIST."},{"key":"e_1_2_1_31_1","doi-asserted-by":"crossref","unstructured":"O. Regev. 2005. On lattices learning with errors random linear codes and cryptography. (2005).  O. Regev. 2005. On lattices learning with errors random linear codes and cryptography. (2005).","DOI":"10.1145\/1060590.1060603"},{"key":"e_1_2_1_32_1","unstructured":"M. Seo etal 2017. EMBLEM and R.EMBLEM. Technical Report. National Institute of Standards and Technology.  M. Seo et al. 2017. EMBLEM and R.EMBLEM. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2016.7783751"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795293172"},{"key":"e_1_2_1_35_1","doi-asserted-by":"crossref","unstructured":"E. E. Targhi etal 2016. Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In Theory of Cryptography.  E. E. Targhi et al. 2016. Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In Theory of Cryptography.","DOI":"10.1007\/978-3-662-53644-5_8"},{"key":"e_1_2_1_36_1","unstructured":"J. Toldinas etal 2011. Energy efficiency comparison with cipher strength of AES and Rijndael cryptographic algorithms in mobile devices. (2011).  J. Toldinas et al. 2011. Energy efficiency comparison with cipher strength of AES and Rijndael cryptographic algorithms in mobile devices. (2011)."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/PERCOM.2005.18"},{"key":"e_1_2_1_38_1","unstructured":"Y. Zhao etal 2017. A Modular and Systematic Approach to Key Establishment and Public-Key Encryption Based on LWE and Its Variants. Technical Report. National Institute of Standards and Technology. Retrieved from https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions.  Y. Zhao et al. 2017. A Modular and Systematic Approach to Key Establishment and Public-Key Encryption Based on LWE and Its Variants. Technical Report. National Institute of Standards and Technology. Retrieved from https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions."}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3378164","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3378164","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:24:00Z","timestamp":1750202640000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3378164"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,11]]},"references-count":37,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,3,31]]}},"alternative-id":["10.1145\/3378164"],"URL":"https:\/\/doi.org\/10.1145\/3378164","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"type":"print","value":"1539-9087"},{"type":"electronic","value":"1558-3465"}],"subject":[],"published":{"date-parts":[[2020,3,11]]},"assertion":[{"value":"2019-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-03-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}