Efficient Lattice-Based Post-Quantum Cryptography for IoT and Edge Devices

Post-quantum cryptography (PQC) is emerging as a critical field for securing future communication systems against quantum computing threats. Within PQC, lattice-based cryptographic schemes are prominent due to their reliance on the Number Theoretic Transform (NTT), which is essential for efficient polynomial ring operations. However, current software-based NTT implementations face challenges in meeting the performance and energy efficiency demands of IoT and edge devices.

To address these issues, researchers from Tsinghua University, Peking University, and the Chinese University of Hong Kong have developed GDNTT, an innovative parallel NTT accelerator. This solution integrates glitch-driven near-memory computing to reduce latency in butterfly operations and employs reconfigurable 10T SRAM for flexible data access, enhancing both performance and efficiency. The study addresses inefficiencies in current NTT implementations for IoT and edge devices by introducing GDNTT, an accelerator integrating 10T SRAM and glitch generators. This design enhances butterfly operation efficiency, achieving a 1.5~28 times improvement in throughput-per-area compared to existing solutions.

The paper, titled GDNTT: An Area-Efficient Parallel NTT Accelerator Using Glitch-Driven Near-Memory Computing and Reconfigurable 10T SRAM, presents a significant advancement in cryptographic hardware design, offering improved throughput-per-area compared to existing solutions.

GD-NTT optimizes NTT for post-quantum cryptography.

The rise of quantum computing poses a significant threat to traditional encryption methods, necessitating the development of post-quantum cryptographic solutions. Lattice-based cryptography has emerged as a promising candidate for secure communication in a post-quantum world. However, its efficiency is hindered by challenges in polynomial multiplication, which are critical for lattice operations. To address these computational bottlenecks, the Number Theoretic Transform (NTT) and its inverse (INTT) have been widely adopted to accelerate polynomial multiplications. Despite their effectiveness, NTT and INTT remain computationally intensive, particularly in hardware implementations, making them a focal point for optimization efforts.

Current NTT accelerator architectures are primarily categorized into two types: Von Neumann-based systems and in-memory/near-memory computing approaches. The Von Neumann architecture separates compute and memory units, leading to significant data movement overheads that limit performance and efficiency. In contrast, in-memory/near-memory computing accelerators offer highly parallelized processing but at the cost of increased memory usage. For instance, a 1024-point NTT using Von Neumann architecture requires minimal RAM, whereas an in-memory design demands substantially more SRAM, highlighting the trade-offs between performance and resource utilization.

This paper introduces GD-NTT (Glitch-Driven NTT), a novel accelerator architecture designed to optimize both memory usage and computational throughput. The architecture leverages 10T SRAM for efficient data storage and access, enabling flexible row-column operations that streamline circuit mapping strategies. A key innovation in GD-NTT is the integration of a glitch generator within the near-memory unit, which significantly reduces latency during butterfly operations—a critical component of NTT computations. This approach enhances processing speed while maintaining low memory overhead.

Experimental evaluations demonstrate that GD-NTT achieves superior performance metrics compared to existing solutions. The accelerator delivers a throughput of 67.1 kNTT/s at 256-point with minimal area usage, showcasing its efficiency and scalability for real-world applications. In summary, GD-NTT represents a significant advancement in NTT acceleration, offering a balanced approach that enhances performance while minimizing resource consumption. Its innovative use of glitch-driven clock division and efficient memory management sets it apart as a leading solution in post-quantum cryptography.

Optimizing NTTs with bit-reversed addressing and pipelining.

The G-NTT accelerator represents a significant leap forward in optimizing Number-Theoretic Transforms (NTTs) for lattice-based cryptography, crucial for post-quantum security. Designed to enhance efficiency, G-NTT addresses the challenges faced by current NTT implementations, particularly in real-time performance and low-power requirements essential for IoT and edge devices.

At its core, G-NTT employs bit-reversed addressing, a technique similar to fast Fourier Transform (fft) algorithms, which organises data like books on a shelf for quick access. This method optimizes data retrieval patterns, reducing latency and enhancing efficiency. Additionally, pipelining is utilized to process multiple stages of computation simultaneously, boosting throughput without necessitating more resources. The performance gains are substantial: G-NTT surpasses existing architectures regarding latency, energy efficiency, and area usage. These improvements are vital for high-throughput applications, especially in constrained environments where power consumption is a concern. The abstract highlights that GDNTT achieves a remarkable 1.5~28x improvement in throughput-per-area compared to state-of-the-art designs.

Design considerations include a generalized architecture capable of supporting various NTT sizes efficiently and optimizing memory access through bit-reversed addressing, thereby mitigating bottlenecks. This efficiency is crucial for high-performance computing tasks that rely on data transformation optimizations beyond cryptography. The potential impact of G-NTT extends beyond securing systems against quantum threats. Its design could benefit broader applications requiring efficient data processing, such as signal processing or machine learning, where speed and power efficiency are paramount. Implementation challenges involve balancing pipeline stages to optimize latency and complexity. This trade-off is critical for practical adoption, ensuring that pipelining enhances performance without introducing inefficiencies or increased power consumption.

The BP-NTT achieves lower latency and energy consumption.

The BP-NTT accelerator is an innovative solution designed to enhance lattice-based cryptography for post-quantum security. It addresses the challenges faced by current software-based Number Theoretic Transform (NTT) implementations, which struggle to meet performance and power requirements in IoT and edge devices.

The accelerator employs a bit-parallel modular multiplication approach within SRAM, significantly reducing data movement and latency. This design allows simultaneous handling of multiple bits, leading to improved speed compared to serial methods. By integrating a 10T SRAM for data storage, the BP-NTT enables flexible row/column access and streamlines circuit mapping strategies. Compared with existing methods such as RM-NTT and MBSNTT, the BP-NTT demonstrates superior latency and energy consumption performance. The incorporation of a glitch generator into the near-memory unit further reduces butterfly operation latency, contributing to its efficiency gains.

Implemented in 40nm CMOS technology, the BP-NTT is well-suited for resource-constrained environments like IoT devices. Its design offers flexibility in handling different lattice-based parameters, making it valuable to cryptographic hardware design. This accelerator’s innovative approach improves speed and optimizes energy usage, marking a significant advancement in post-quantum cryptographic systems.

G-NTT enhances post-quantum cryptographic efficiency.

The article presents G-NTT, an innovative Number-Theoretic Transform (NTT) accelerator tailored for post-quantum cryptography, addressing critical challenges in lattice-based cryptographic schemes. By supporting multiple NTT sizes and moduli through a flexible architecture, G-NTT enhances efficiency and adaptability across various cryptographic applications. Its implementation leverages bit-reversed addressing to optimise data permutation, reducing latency and improving throughput, while pipelining enables overlapping of computation stages for faster processing.

The accelerator demonstrates significant performance improvements, achieving up to 3.17 times higher throughput than existing solutions when implemented on an FPGA. This makes it particularly suitable for real-world applications requiring low latency and energy efficiency. G-NTT targets lattice-based cryptographic schemes such as Kyber and Dilithium, which have been selected by NIST for post-quantum standards, and offers potential scalability for future quantum threats. While the article highlights G-NTT’s advantages in flexibility and performance, further insights into its power consumption, area efficiency, and resource utilisation would provide a more comprehensive evaluation. Additionally, exploring its scalability for larger NTT parameters as quantum computing advances remains an important consideration. The design also shows promise beyond traditional cryptography, with potential applications in signal processing tasks.

In conclusion, G-NTT represents a significant advancement in NTT accelerators, balancing performance, flexibility, and efficiency. Future work could focus on detailed analysis of its implementation specifics, real-world applications, and scalability to larger parameters, further enhancing its impact in the post-quantum era.