PQC-HA: A Framework for Prototyping and In-Hardware Evaluation of Post-Quantum Cryptography Hardware Accelerators

TL;DR

This paper presents PQC-HA, a framework that enables prototyping and in-hardware evaluation of post-quantum cryptography accelerators, demonstrating the feasibility and performance considerations on FPGA hardware using TaPaSco.

Contribution

It introduces PQC-HA, a novel framework utilizing TaPaSCo and high-level synthesis for hardware prototyping and evaluation of post-quantum cryptography schemes.

Findings

Communication overhead can dominate execution time on FPGA accelerators.

Hardware verification is feasible using the TaPaSco framework and NIST standard interfaces.

Performance of hardware accelerators is comparable to optimized software implementations.

Abstract

In the third round of the NIST Post-Quantum Cryptography standardization project, the focus is on optimizing software and hardware implementations of candidate schemes. The winning schemes are CRYSTALS Kyber and CRYSTALS Dilithium, which serve as a Key Encapsulation Mechanism (KEM) and Digital Signature Algorithm (DSA), respectively. This study utilizes the TaPaSCo open-source framework to create hardware building blocks for both schemes using High-level Synthesis (HLS) from minimally modified ANSI C software reference implementations across all security levels. Additionally, a generic TaPaSCo host runtime application is developed in Rust to verify their functionality through the standard NIST interface, utilizing the corresponding Known Answer Test mechanism on actual hardware. Building on this foundation, the communication overhead for TaPaSCo hardware accelerators on PCIe-connected FPGA devices is evaluated and compared with previous work and optimized AVX2 software reference implementations. The results demonstrate the feasibility of verifying and evaluating the performance of Post-Quantum Cryptography accelerators on real hardware using TaPaSCo. Furthermore, the off-chip accelerator communication overhead of the NIST standard interface is measured, which, on its own, outweighs the execution wall clock time of the optimized software reference implementation of Kyber at Security Level 1.