Lattice-Based Post Quantum Cryptography Processor Boosts IoT Security

Researchers from Zhejiang University, BNU-HKBU United International College, and the City University of Hong Kong have proposed an efficient lattice-based Post Quantum cryptography (LBC) processor for Internet of Things (IoT) applications. LBC, a type of post-quantum cryptography, is crucial for IoT applications due to its efficiency, low power consumption, and flexibility.

However, implementing LBC in IoT devices is challenging due to power consumption and efficiency considerations. The proposed processor enhances performance by using a Single-Instruction Multiple-Data (SIMD) instruction and data shuffling hardware units. It outperforms existing solutions regarding performance, power, area, and product (PPAP), making it a promising solution for securing IoT communications and storage.

What is Lattice-Based Cryptography, and Why is it Important for IoT Applications?

Lattice-based cryptography (LBC) is a type of post-quantum cryptography based on the hardness of certain problems in lattice theory. LBC schemes like CRYSTALS-Kyber and CRYSTALS-Dilithium have been selected to be standardized in the NIST Post-Quantum Cryptography standard. This type of cryptography is particularly important for Internet of Things (IoT) applications, which are often resource-constrained and require efficient, low-power, and flexible cryptographic solutions.

However, implementing these LBC schemes in IoT devices is challenging due to considerations of efficiency, power consumption, area overhead, and the need to support various operations and parameter settings. Some existing ASIC designs prioritizing lower power and area cannot achieve optimal performance efficiency, making them impractical for battery-powered devices. In prior coprocessor and processor designs, custom hardware accelerators have limited applications and flexibility, resulting in significant area and power overheads for IoT devices.

To address these challenges, researchers from Zhejiang University, BNU-HKBU United International College, and City University of Hong Kong have proposed an efficient lattice-based cryptography processor with a customized Single-Instruction Multiple-Data (SIMD) instruction. This proposed SIMD architecture supports efficient parallel execution of various polynomial operations in 256-bit mode and acceleration of Keccak in 320-bit mode, utilizing efficiently reused resources.

How Does the Proposed Lattice-Based Cryptography Processor Work?

The proposed lattice-based cryptography processor introduces data shuffling hardware units to resolve data dependencies within SIMD data. To further enhance performance, the researchers designed a dual-issue path for memory accesses and corresponding software design methodologies to reduce the impact of data load/store blocking.

Through a hardware-software co-design approach, the proposed processor achieves high efficiency in supporting all operations in lattice-based cryptography schemes. Evaluations of Kyber and Dilithium show that the proposed processor achieves over 10-speedup compared with the baseline RISC-V processor and over 5-speedup versus ARM Cortex M4 implementations. This makes it a promising solution for securing IoT communications and storage.

Silicon synthesis results show that the design can run at 200 MHz with 201 mW for Kyber KEM 512 and 213 mW for Dilithium 2. This outperforms state-of-the-art works regarding Performance, Power, Area, and Product (PPAP).

What is the Significance of Post-Quantum Cryptography?

Post-Quantum Cryptography (PQC) is a type of cryptography that is believed to be secure against quantum computer attacks. Traditional Public Key Cryptography (PKC) schemes such as Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) algorithms are vulnerable to quantum computer threats. The IBM Quantum Development Roadmap predicts that a quantum computer with over 4000 qubits will be attainable by 2025. To defend against the potential attacks from quantum computers, the National Institute of Standards and Technology (NIST) has organized four rounds of competitions since 2017 to standardize PQC as an alternative to traditional PKC.

In 2022, NIST announced the standardization of four Round 3 candidates and introduced four candidates in Round 4 for further consideration. Among these, three algorithms – CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon – are LBC schemes which have better performance and smaller key sizes.

How Does Lattice-Based Cryptography Compare to Traditional PKC Schemes?

Lattice-based cryptography schemes offer the advantage of smaller key sizes in PQC candidates, but they are still about five times larger than traditional PKC schemes. For instance, the public key sizes of CRYSTALS-Kyber and CRYSTALS-Dilithium typically range from 800-1184 bytes and 1312-2592 bytes, respectively, while the public key sizes of RSA typically range from 128-512 bytes.

However, the demand for stringent security measures in IoT devices has made efficient solutions tailored to such devices increasingly critical. In the IoT domain, where many devices are interconnected and communicate with each other, they are more vulnerable to attacks. Consequently, protecting them against quantum computers attacks is challenging due to limited hardware resources, low power consumption requirements, and the need for flexibility in a wide range of applications.

What are the Limitations of Existing Cryptography Solutions for IoT Applications?

Low power consumption, high efficiency, small chip area, and a certain level of flexibility are the focuses for IoT applications. However, current state-of-the-art works, including FPGA, ASIC, coprocessor, processor designs, have not successfully combined all these aspects into a single design solution.

The limitation of existing FPGA and ASIC works lies in their large hardware consumption and lack of flexibility to accommodate diverse schemes. Although several FPGA and ASIC designs prioritize speed, they are typically limited to specific algorithms with high power and resource consumption. State-of-the-art coprocessor and processor designs accelerated LBC schemes by designing customized hardware accelerators for critical operations with highly parallel architectures and some specific parameter settings. However, these hardware accelerators usually have limited running frequency and large power consumption, posing significant overhead for battery-powered IoT devices.