Review of Post-Quantum Lattice-Based Crypto Processors

State-of-the-art public key cryptography protocols, such as RSA and elliptic curve cryptography, will be insecure by Shor’s algorithm when appropriate sized large-scale quantum computers will be developed. Hence, there has been a lot of attention on quantum-resistant algorithms, and lattice-based cryptography has emerged one of the prime solutions. However, the high computational complexity of lattice-cryptography protocol raises several challenges particularly from the perspective of low-power implementation.

Learning With Errors (LWE) based cryptosystems are popular post-quantum crypto solutions, but involve matrix operations with large key sizes that makes them computationally expensive. In order to address this challenge, the Ring-LWE problem was proposed, which uses ideal lattices.

While the protocols based on standard lattices (LWE) involve large matrix-vector operations, there are several efficient algorithms corresponding to Ring-LWE / Module-LWE and the Number Theoretic Transform (NTT) is one such effective technique. It has been shown that dedicated hardware for accelerating these operations could achieve 1–2 orders of magnitude lower energy as compared to software implementations, thus highlighting their importance for energy-constraint applications.

References:

[1] U. Banerjee, T. S. Ukyab, and A. P. Chandrakasan, “Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols”, TCHES, vol. 2019, no. 4, pp. 17–61, Aug. 2019. [Link: https://tches.iacr.org/index.php/TCHES/article/view/8344].