Khalifa University Team Proposes Efficient Hardware for FALCON Post-Quantum Cryptography

Researchers from Khalifa University have proposed an architecture for generating twiddle factors on the fly for FALCON-oriented Number Theoretic Transform (NTT), a key algorithm in post-quantum cryptography (PQC). This approach significantly reduces on-chip memory requirements, making it more efficient and accessible. The ASIC implementation results show a 99% reduction in on-chip memory requirements, 95% less area, and 87.4% less power consumption compared to traditional ROM-based implementation. This could be a game-changer in the field of PQC, which is designed to be secure against quantum computer attacks.

What is the Importance of Efficient Hardware Implementations in Post-Quantum Cryptography?

Post-quantum cryptography (PQC) is a field of cryptography that is designed to be secure against quantum computer attacks. One of the key algorithms in PQC is FALCON, a quantum-secure digital signature algorithm that offers efficiency and security characterized by compact signatures, smaller public keys, and faster verification. FALCON holds promise for various applications in the quantum era. However, efficient hardware implementations are crucial for the widespread adoption of PQC algorithms like FALCON.

One of the main operations in FALCON is the Number Theoretic Transform (NTT), which needs to be performed with many prime numbers. This operation requires the calculation of different sets of twiddle factors (TFs) for each prime modulus. The most challenging part of designing a powerful FALCON-oriented NTT accelerator is designing a customized twiddle factor generator (TFG) that generates the required TFs for a specific prime and specific NTT size on the fly efficiently.

The common approach to incorporating TFs in an NTT accelerator involves precomputing and storing these TFs typically in a ROM. This ROM-based method is efficient when the NTT is intended to work for only a few prime moduli. However, storing all the required twiddle factors for every FALCON modulus requires significant on-chip memory, resulting in a costly hardware expense.

How Can We Improve the Efficiency of Twiddle Factor Generation?

In a recent paper, a team of researchers from the Department of Computer and Communication Engineering, System-on-Chip Center, Khalifa University, proposed an architecture for generating TFs on the fly for FALCON-oriented NTT designed for area and power efficiency. Their approach dynamically generates TFs during NTT computations, significantly reducing on-chip memory requirements.

The ASIC implementation results demonstrate significant improvements with the proposed design, reducing on-chip memory requirements by 99%, occupying 95% less area, and consuming 87.4% less power compared to the traditional ROM-based implementation. Furthermore, their design achieved a much higher maximum clock frequency, indicating superior performance in accessing twiddle factors.

These findings highlight the potential of the proposed architecture for efficient hardware implementations of FALCON-based cryptographic systems. This approach could be a game-changer in the field of post-quantum cryptography, making it more accessible and efficient.

What are the Challenges in Implementing FALCON?

Despite its potential, a full hardware implementation of FALCON is yet to be realized due to several significant challenges that need to be addressed. One of these challenges is the need for massive polynomial multiplications using NTT, which account for 18% and 65% of the total clock cycles in the key generation and verification processes, respectively.

Another challenge is that FALCON-oriented NTT is executed for many prime moduli, thus requiring the calculation of different sets of twiddle factors (TFs) for each prime modulus. The key generation of FALCON1024, for example, executes NTT for 308 prime numbers.

The third challenge is designing a customized twiddle factor generator (TFG) that generates the required TFs for a specific prime and specific NTT size on the fly efficiently. The common approach to incorporating TFs in an NTT accelerator involves precomputing and storing these TFs typically in a ROM. However, storing all the required twiddle factors for every FALCON modulus requires significant on-chip memory, resulting in a costly hardware expense.

What is the Future of Post-Quantum Cryptography?

The emergence of quantum algorithms like Shor’s and Grover’s poses a significant threat to conventional asymmetric key cryptographic schemes such as RSA. As a result, there is a growing interest in post-quantum cryptography (PQC), which is designed to be secure against quantum computer attacks.

FALCON, a quantum-secure digital signature algorithm, is one of the key algorithms in PQC. It offers efficiency and security characterized by compact signatures, smaller public keys, and faster verification. FALCON holds promise for various applications in the quantum era. However, efficient hardware implementations are crucial for the widespread adoption of PQC algorithms like FALCON.

The recent research by the team from Khalifa University is a significant step towards efficient hardware implementations of FALCON-based cryptographic systems. Their proposed architecture for generating twiddle factors on the fly for FALCON-oriented NTT could be a game-changer in the field of post-quantum cryptography, making it more accessible and efficient.

How Can We Overcome the Challenges in Implementing FALCON?

Overcoming the challenges in implementing FALCON requires innovative solutions. One such solution is the architecture proposed by the team from Khalifa University for generating twiddle factors on the fly for FALCON-oriented NTT. This approach dynamically generates twiddle factors during NTT computations, significantly reducing on-chip memory requirements.

The ASIC implementation results demonstrate significant improvements with the proposed design, reducing on-chip memory requirements by 99%, occupying 95% less area, and consuming 87.4% less power compared to the traditional ROM-based implementation. Furthermore, their design achieved a much higher maximum clock frequency, indicating superior performance in accessing twiddle factors.

These findings highlight the potential of the proposed architecture for efficient hardware implementations of FALCON-based cryptographic systems. This approach could be a game-changer in the field of post-quantum cryptography, making it more accessible and efficient.