RejSCore: Rejection Sampling Core for Multivariate-based Public key Cryptography

TL;DR

RejSCore is a lightweight hardware accelerator designed to efficiently perform rejection sampling for post-quantum multivariate cryptography, specifically targeting the QR-UOV scheme, with reduced resource use and suitable for resource-limited devices.

Contribution

This paper introduces RejSCore, a novel hardware architecture that accelerates rejection sampling in post-quantum cryptography, optimizing resource consumption and latency for the QR-UOV scheme.

Findings

Achieves low area and high frequency on FPGA and CMOS.

Completes rejection sampling in 8525 clock cycles for security parameters.

Demonstrates suitability for resource-constrained environments.

Abstract

Post-quantum multivariate public key cryptography (MPKC) schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling remains largely unexplored in such contexts. This paper presents RejSCore, a lightweight hardware accelerator for rejection sampling in post-quantum cryptography. It specifically targets the QR-UOV scheme, which is a prominent candidate under the second-round of the National Institute of Standards and Technology (NIST) additional digital signature standardization process. The architecture includes an AES-CTR-128-based pseudorandom number generator. Moreover, a lightweight iterative method is employed in rejection sampling, offering reduced resource consumption and area overhead while slightly increasing latency. The performance of RejSCore is comprehensively evaluated on Artix-7 FPGAs and 65 nm CMOS technology using the Area-Delay Product (ADP) and Power-Delay Product (PDP). On Artix-7 and 65 nm CMOS, RejSCore achieves an area of 2042 slices and 464,866~$\mu m^2$, with operating frequencies of 222 MHz and 565 MHz, respectively. Using the QR-UOV parameters for security level I ($q = 127$, $v = 156$, $m = 54$, $l = 3$), the core completes its operation in 8525 clock cycles. The ADP and PDP evaluations confirm RejSCore's suitability for deployment in resource-constrained and security-critical environments.