一种面积高效的双态可配置NTT硬件加速器  

作　　者：朱敏 肖昊 ZHU Min;XIAO Hao(School of Microelectronics,Hefei University of Technology,Hefei 230601,China)

机构地区：[1]合肥工业大学微电子学院,合肥230601

出　　处：《信息网络安全》2024年第6期959-967,共9页Netinfo Security

基　　金：国家自然科学基金[61974039]。

摘　　要：矩阵向量乘法是基于格的后量子密码(Post-Quantum Cryptography,PQC)方案的主要计算瓶颈。利用数论变换(Number Theoretic Transform,NTT)能将矩阵向量乘法的计算复杂度从O(N^(2))降到O(Nlog_(2)N),从而可以进一步提高后量子密码方案的计算速度。文章基于现场可编程门阵列(Field Programmable Gate Array,FPGA)提出了一种面积高效的双态可配置NTT硬件加速器,能高效地执行Kyber和Dilithium算法中的NTT运算。文章所提方案使用的模乘器通过查找表(Look Up Table,LUT)技术压缩数据位宽降低取模成本后,利用KRED算法对结果约简。此外,结合优化后的无冲突NTT数据流,文章所提出的双态可配置NTT加速器可以高效完成计算。文章所提出的NTT硬件加速器在Xilinx Artix-7平台上进行了验证。相较于参考文献方案,文章所提出的双态可配置NTT硬件加速器在保持对Kyber和Dilithium算法通用性的同时,在计算性能和硬件开销等方面表现更好。Matrix-vector multiplication is the main computational bottleneck of latticebased Post-Quantum Cryptography(PQC)schemes.Utilizing the number theoretic transform(NTT)can reduce the computational complexity of matrix-vector multiplication from O(N^(2))to O(Nlog_(2)N),thereby further improving the computational speed of post-quantum cryptographic schemes.This article proposed an area-efficient dual-mode configurable NTT hardware accelerator based on field programmable gate array(FPGA),capable of efficiently executing NTT operations in the Kyber and Dilithium algorithms.The multiplier used in the proposed design compresses data bit width and reduced modulo costs using table lookup techniques,followed by reduction of results using the KRED algorithm.Furthermore,by combining optimized non-conflicting NTT data streams,the proposed dual-mode configurable NTT accelerator can efficiently complete computations.The NTT hardware accelerator proposed in this article is validated on the Xilinx Artix-7 platform.Compared to the reference work,the proposed dual-mode configurable NTT hardware accelerator performs better in terms of computational performance and hardware overhead while maintaining generality for Kyber and Dilithium algorithms.

关 键 词：后量子密码 快速数论变换 模乘 硬件加速 现场可编程门阵列 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]