格基密钥封装算法OSKR/OKAI硬件高效实现  被引量：1

作　　者：胡跃 赵旭阳 刘裕雄 赵运磊 HU Yue;ZHAO Xu-Yang;LIU Yu-Xiong;ZHAO Yun-Lei(School of Computer Science,Fudan University,Shanghai 200433;State Key Laboratory of Cryptology,Beijing 100878)

机构地区：[1]复旦大学计算机科学技术学院,上海200433 [2]密码科学技术国家重点实验室,北京100878

出　　处：《计算机学报》2023年第6期1156-1171,共16页Chinese Journal of Computers

基　　金：国家自然科学基金(61877011);国家重点研发计划基金(2022YFB270-1600);上海科技创新行动计划技术标准项目(21DZ2200500);山东省重点研发计划基金资助项目(2017CXG0701,2018CXGC0701)资助。

摘　　要：量子计算技术的快速发展为现有公钥密码体系(RSA、椭圆曲线密码等)带来了巨大的挑战,为了抵御量子计算的攻击,后量子密码技术受到了学术界和工业界的广泛研究.其中,格基密码方案具有良好的安全性与实现效率,成为后量子密码领域的主要研究方向之一.最近,美国标准与技术研究院公布了基于模格MLWE困难问题的Kyber算法作为密钥封装方案的标准,2019年我国举行的后量子密码算法竞赛的一等奖获奖算法Aigis也是基于同类困难问题.基于非对称密钥共识机制、混合数论变换、封装512比特密钥长度等技术,我国学者进一步提出了Kyber和Aigis的优化算法:OSKR和OKAI.针对算法设计高效、统一的硬件架构对我国推进后量子密码的标准化进程具有重要的借鉴意义.本文基于FPGA平台设计实现OSKR和OKAI两种算法的专用电路结构,主要工作如下:设计了一种四并行的多项式运算模块,可实现多种模值参数(3329和7681)下的数论变换、多项式乘法、多项式压缩等运算过程,从而提升了算法的整体运行效率;在此基础上设计了多功能采样模块、编解码模块和存储模块等,充分利用FPGA平台并行性的特点研究核心运算模块的优化设计.考虑到在密码实际应用中,往往需要在一个硬件平台上同时实现国际标准和国家标准两套算法,本文的设计可同时满足两套算法共六组参数的运算需求.本文的设计方案在Xilinx Artix-7开发板上进行了实际的部署和运行,并且和已有的同类型工作进行了对比,包括纯硬件设计、软硬协同设计和纯软件优化三种类型.结果表明,与最新的工作相比,本文的设计使得解封装的效率提升了30%左右;同时硬件资源消耗最高为12765个LUT、11434个FF、4个DSP和12.5个BRAM,略多于最新的工作,但本文的硬件设计可实现更多的算法和参数,有效提升了硬件资源的复用率.The rapid development of quantum computing technology has brought great challenges to the traditional public key cryptography(RSA,elliptic curve cryptography,etc),which will threaten the security of the existing encryption systems and applications.To defend against the possible attack of quantum computers,post-quantum cryptography(PQC)techniques have been widely studied by the academic community and industrial community in the past few years.Among which lattice-based cryptography scheme which has the excellent characteristic of strong security and highly effective implementation makes it an important research direction in the field of post-quantum cryptography.According to the newest statement,the National Institute of Standards and Technology(NIST)has published that the chosen ciphertext attack(CCA)secure CRYSTALS-KYBER will be the unique standard algorithm of lattice-based key encapsulation mechanism(KEM)protocol.Aigis is one of the KEM algorithms that won the first prize in the National Cryptographic Algorithm Design Competition which is held by the Chinese Association for Cryptologic Research in 2019.What’s more,Kyber and Aigis are all KEM algorithms which are based the module learning-with-errors(MLWE).OSKR and OKAI are the optimization algorithms of Kyber and Aigis respectively which are proposed by Chinese researchers.These two algorithms introduce some optimized technologies on the foundation of Kyber and Aigis,including asymmetric key consensus mechanism(AKC),hybrid number-theoretic transform(HNTT),new method about how to encapsulate 512 bits and so on,which optimize the original two algorithms in terms of security and error rate.Considering the unique and highly efficient hardware design ways of these lattice-based key encapsulation algorithms,including OSKR and OKAI,will have important referential significance with the progressing of Chinese post-quantum cryptography algorithm standard.In this paper,we present a dedicated and specific hardware design of OSKR/OKAI algorithm based on the FPGA platform,

关 键 词：后量子密码 格基密码 密钥封装 FPGA硬件实现 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]