一种低延迟同态加密电路设计  

作　　者：徐鹏飞 李桢旻 王晓蕾 杜高明[1] XU Pengfei;LI Zhenmin;WANG Xiaolei;DU Gaoming(School of Electronic Science and Applied Physics,Hefei University of Technology,Hefei 230601,China)

机构地区：[1]合肥工业大学电子科学与应用物理学院,安徽合肥230601

出　　处：《合肥工业大学学报（自然科学版）》2022年第8期1046-1050,共5页Journal of Hefei University of Technology：Natural Science

基　　金：国家重点研发计划资助项目(2018YFB2202604);安徽省高校协同创新资助项目(GXXT-2019-030)。

摘　　要：为了解决同态加密方案加密所需时间太长的问题,文章基于改进的脉动阵列技术提出一种优化的硬件架构对GSW(Gentry-Sahai-Waters)全同态加密算法中的加密部分进行硬件加速。GSW全同态加密算法在不同的安全等级下选取的安全参数不同,若安全等级越高,则安全参数数值越大,对于所需的硬件资源开销也会越大。为了能够在有限的硬件资源中完成硬件设计,选取安全等级为20位,分别对位宽为2、4、8、10 bit明文数据进行加密,并将硬件设计所需加密时间与CPU加速该算法时间进行对比。另外,为了降低由于访问存储器带来的额外功耗以及提高数据利用率,提出一种数据拼接及复用方法,最终基于现场可编程逻辑门阵列(field programmable gate array, FPGA)硬件实现GSW全同态加密算法。实验结果表明,相比于软件实现,该设计方法可以缩短97.26%的加密时间。In order to solve the problem that the homomorphic encryption scheme is time-consuming,an optimized hardware architecture based on the improved systolic array(SA)technology is proposed to implement hardware acceleration for the Gentry-Sahai-Waters(GSW)homomorphic encryption scheme.The GSW algorithm will select different parameters under different security levels.However,the higher the security level is,the larger the value of security parameters are,and so are the hardware resources.In order to complete the hardware design with limited hardware resources,the security level is set as 20-bit and the 2,4,8,10 bit plaintext data are encrypted respectively.The encryption time is compared between the CPU and the hardware design.Moreover,in order to reduce the dynamic power consumption caused by the memory access and improve the data utilization,a method of data splicing is proposed.Finally,the GSW homomorphic encryption is implemented based on the field programmable gate array(FPGA).The experimental results show that the proposed design method can reduce the encryption time by 97.26%on average compared with software implementation.

关 键 词：同态加密 脉动阵列 访存优化 数据拼接及复用 低延迟 

分 类 号：TN47[电子电信—微电子学与固体电子学]