A Systematic Study of Lattice-based NIST PQC Algorithms: from Reference Implementations to Hardware Accelerators

TL;DR

This paper systematically evaluates lattice-based NIST PQC algorithms for hardware acceleration, analyzing their implementation characteristics, resource requirements, and performance metrics to guide ASIC design choices.

Contribution

It provides a detailed assessment of reference implementations of NIST PQC algorithms as hardware accelerators, focusing on area, power, and resource usage in a 65nm ASIC context.

Findings

Area and power metrics are comparable to state-of-the-art despite higher frequency and security levels.

Memory and logic resource requirements vary significantly among algorithms.

The study offers practical guidance for ASIC designers selecting PQC algorithms.

Abstract

Security of currently deployed public key cryptography algorithms is foreseen to be vulnerable against quantum computer attacks. Hence, a community effort exists to develop post-quantum cryptography (PQC) algorithms, i.e., algorithms that are resistant to quantum attacks. In this work, we have investigated how lattice-based candidate algorithms from the NIST PQC standardization competition fare when conceived as hardware accelerators. To achieve this, we have assessed the reference implementations of selected algorithms with the goal of identifying what are their basic building blocks. We assume the hardware accelerators will be implemented in application specific integrated circuit (ASIC) and the targeted technology in our experiments is a commercial 65nm node. In order to estimate the characteristics of each algorithm, we have assessed their memory requirements, use of multipliers, and how each algorithm employs hashing functions. Furthermore, for these building blocks, we have collected area and power figures for 12 candidate algorithms. For memories, we make use of a commercial memory compiler. For logic, we make use of a standard cell library. In order to compare the candidate algorithms fairly, we select a reference frequency of operation of 500MHz. Our results reveal that our area and power numbers are comparable to the state of the art, despite targeting a higher frequency of operation and a higher security level in our experiments. The comprehensive investigation of lattice-based NIST PQC algorithms performed in this paper can be used for guiding ASIC designers when selecting an appropriate algorithm while respecting requirements and design constraints.