Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs

Detalhes bibliográficos
Ano de defesa: 2024
Autor(a) principal: Gewehr, Carlos Gabriel de Araujo
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Pontifícia Universidade Católica do Rio Grande do Sul
Escola Politécnica
Brasil
PUCRS
Programa de Pós-Graduação em Ciência da Computação
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Post-Quantum Cryptography
Crystals-Kyber
Embedded Systems
Low Power
RISC-V
Ibex
CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO
Link de acesso: https://tede2.pucrs.br/tede2/handle/tede/11644
Resumo: The imminent rise of practical quantum computing threatens well-established cryptography algorithms for secret key exchange in use today, such as Diffie-Hellman, RSA and Elliptic Curve based schemes (ECC), via Shor´s algorithm. To answer this challenge, the National Institute for Standard and Technology (NIST) has launched a competition for Key Encapsulation Mechanism (KEM) algorithms showing resistance to classical and quantumbased attacks. In July 2022, NIST announced that the Crystals-Kyber algorithm was chosen as the competition´s winner, being standardized as ML-KEM. No works in literature sufficiently address the issue of efficient implementation of Kyber in resource-constrained embedded systems. This work aims to explore hardware acceleration through Instruction Set Extensions (ISEs) in a low-end 32-bit RISC-V core in a comprehensive evaluation comprising performance, energy consumption, memory footprint and die area costs, enabling an efficient implementation of a cryptosystem that can withstand attacks from the emergence of quantum computers and is compliant to current cryptographic standards and algorithm suites. In addition to Kyber, this work also explores several algorithms for authenticated encryption (AEAD) and hash functions at the 128 and 256 bit security levels, evaluating improvements due to the use of specialized instructions in each algorithm. In summary, the use of ISEs in hash functions provides gains of 32%, 38% and 16% in performance, energy consumption, and code size, respectively. Gains in authenticated encryption are of 58%, 61% and 35% in performance, energy consumption, and code size, respectively. Area costs are of at most 10% of the baseline Ibex processor with no ISEs, corresponding to 4K equivalent gates. Hardware acceleration of symmetric primitives (e.g. SHA-3) in Kyber show performance and energy gains of 32% each. Combining hardware acceleration via a novel XKyber ISE and of Kyber symmetric primitives, further gains of 46% and 44% in performance and energy consumption are observed, while also reducing code size by 15%. XKyber area costs are again of 10% of the baseline Ibex processor with no ISEs.
id P_RS_16ea617c9894f586e33ddb56ebf4b250
oai_identifier_str oai:tede2.pucrs.br:tede/11644
network_acronym_str P_RS
network_name_str Biblioteca Digital de Teses e Dissertações da PUC_RS
repository_id_str
spelling Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEsPost-Quantum CryptographyCrystals-KyberEmbedded SystemsLow PowerRISC-VIbexCIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAOThe imminent rise of practical quantum computing threatens well-established cryptography algorithms for secret key exchange in use today, such as Diffie-Hellman, RSA and Elliptic Curve based schemes (ECC), via Shor´s algorithm. To answer this challenge, the National Institute for Standard and Technology (NIST) has launched a competition for Key Encapsulation Mechanism (KEM) algorithms showing resistance to classical and quantumbased attacks. In July 2022, NIST announced that the Crystals-Kyber algorithm was chosen as the competition´s winner, being standardized as ML-KEM. No works in literature sufficiently address the issue of efficient implementation of Kyber in resource-constrained embedded systems. This work aims to explore hardware acceleration through Instruction Set Extensions (ISEs) in a low-end 32-bit RISC-V core in a comprehensive evaluation comprising performance, energy consumption, memory footprint and die area costs, enabling an efficient implementation of a cryptosystem that can withstand attacks from the emergence of quantum computers and is compliant to current cryptographic standards and algorithm suites. In addition to Kyber, this work also explores several algorithms for authenticated encryption (AEAD) and hash functions at the 128 and 256 bit security levels, evaluating improvements due to the use of specialized instructions in each algorithm. In summary, the use of ISEs in hash functions provides gains of 32%, 38% and 16% in performance, energy consumption, and code size, respectively. Gains in authenticated encryption are of 58%, 61% and 35% in performance, energy consumption, and code size, respectively. Area costs are of at most 10% of the baseline Ibex processor with no ISEs, corresponding to 4K equivalent gates. Hardware acceleration of symmetric primitives (e.g. SHA-3) in Kyber show performance and energy gains of 32% each. Combining hardware acceleration via a novel XKyber ISE and of Kyber symmetric primitives, further gains of 46% and 44% in performance and energy consumption are observed, while also reducing code size by 15%. XKyber area costs are again of 10% of the baseline Ibex processor with no ISEs.O iminente alvorecer da computação quântica apresenta ameaças a algoritmos criptográficos usados na atualidade para troca de chaves, como Diffie-Hellman, RSA e construções baseadas em Curvas Elípticas (ECC), por meio do algoritmo de Shor. Como resposta a estes desafios, o National Institute for Standard and Technology (NIST), órgão responsável pela padronização de algoritmos criptográficos nos Estados Unidos, iniciou uma competição para algoritmos de troca de chaves que apresentam resistência a ataques clássicos e quânticos. Em julho de 2022, o algoritmo Crystals-Kyber foi anunciado como vencedor dessa competição, sendo padronizado sob o nome ML-KEM. Implementações de tais algoritmos visando sistemas embarcados com poucos recursos computacionais são consideradas um problema em aberto, visto que há poucos trabalhos na literatura que exploram soluções os mesmos. Esse trabalho visa explorar aceleração em hardware por meio de instruções especializadas (ISEs) em um processador RISC-V de baixa complexidade em uma avaliação considerando desempenho, consumo de energia e memória, assim como custos em área, almejando obter uma implementação eficiente de um sistema criptográfico resistente a eventuais ataques ocasionados pela computação quântica, aderindo a padrões e algoritmos modernos. Além da exploração do algoritmo Kyber, também são avaliados al goritmos para funções resumo (hash functions) e criptografia simétrica autenticada (AEAD), sendo medidos os ganhos devido ao uso de ISEs para essas finalidades. Sucintamente, os ganhos medidos para funções resumo são de 32%, 38% e 16% em desempenho, gastos de energia e de memória, respectivamente. Para AEAD, os ganhos são de 58%, 61% e 35% em desempenho, gastos de energia e de memória, respectivamente. O custo em área é de 10% da área do processador Ibex base ou 4K portas lógicas equivalentes. A aceleração em hardware de primitivas simétricas (e.g. SHA-3) dentro do algoritmo Kyber implicam em ganhos de desempenho e energia de 32% cada. Combinando aceleração das primitivas simétricas e uma nova ISE proposta nesse trabalho chamada XKyber, ganhos adicionais de 46% and 44% em desempenho e gasto de energia são observados, além de uma redução no tamanho de código de 15%. O custos em área devido a ISE XKyber é novamente de 10% da área do processador base.Pontifícia Universidade Católica do Rio Grande do SulEscola PolitécnicaBrasilPUCRSPrograma de Pós-Graduação em Ciência da ComputaçãoMoraes, Fernando Gehmhttp://lattes.cnpq.br/2509301929350826Gewehr, Carlos Gabriel de Araujo2025-05-29T18:44:51Z2024-02-29info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://tede2.pucrs.br/tede2/handle/tede/11644enginfo:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da PUC_RSinstname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)instacron:PUC_RS2025-06-10T11:15:59Zoai:tede2.pucrs.br:tede/11644Biblioteca Digital de Teses e Dissertaçõeshttp://tede2.pucrs.br/tede2/PRIhttps://tede2.pucrs.br/oai/requestbiblioteca.central@pucrs.br||opendoar:2025-06-10T11:15:59Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)false
dc.title.none.fl_str_mv Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
title Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
spellingShingle Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
Gewehr, Carlos Gabriel de Araujo
Post-Quantum Cryptography
Crystals-Kyber
Embedded Systems
Low Power
RISC-V
Ibex
CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO
title_short Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
title_full Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
title_fullStr Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
title_full_unstemmed Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
title_sort Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs
author Gewehr, Carlos Gabriel de Araujo
author_facet Gewehr, Carlos Gabriel de Araujo
author_role author
dc.contributor.none.fl_str_mv Moraes, Fernando Gehm
http://lattes.cnpq.br/2509301929350826
dc.contributor.author.fl_str_mv Gewehr, Carlos Gabriel de Araujo
dc.subject.por.fl_str_mv Post-Quantum Cryptography
Crystals-Kyber
Embedded Systems
Low Power
RISC-V
Ibex
CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO
topic Post-Quantum Cryptography
Crystals-Kyber
Embedded Systems
Low Power
RISC-V
Ibex
CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO
description The imminent rise of practical quantum computing threatens well-established cryptography algorithms for secret key exchange in use today, such as Diffie-Hellman, RSA and Elliptic Curve based schemes (ECC), via Shor´s algorithm. To answer this challenge, the National Institute for Standard and Technology (NIST) has launched a competition for Key Encapsulation Mechanism (KEM) algorithms showing resistance to classical and quantumbased attacks. In July 2022, NIST announced that the Crystals-Kyber algorithm was chosen as the competition´s winner, being standardized as ML-KEM. No works in literature sufficiently address the issue of efficient implementation of Kyber in resource-constrained embedded systems. This work aims to explore hardware acceleration through Instruction Set Extensions (ISEs) in a low-end 32-bit RISC-V core in a comprehensive evaluation comprising performance, energy consumption, memory footprint and die area costs, enabling an efficient implementation of a cryptosystem that can withstand attacks from the emergence of quantum computers and is compliant to current cryptographic standards and algorithm suites. In addition to Kyber, this work also explores several algorithms for authenticated encryption (AEAD) and hash functions at the 128 and 256 bit security levels, evaluating improvements due to the use of specialized instructions in each algorithm. In summary, the use of ISEs in hash functions provides gains of 32%, 38% and 16% in performance, energy consumption, and code size, respectively. Gains in authenticated encryption are of 58%, 61% and 35% in performance, energy consumption, and code size, respectively. Area costs are of at most 10% of the baseline Ibex processor with no ISEs, corresponding to 4K equivalent gates. Hardware acceleration of symmetric primitives (e.g. SHA-3) in Kyber show performance and energy gains of 32% each. Combining hardware acceleration via a novel XKyber ISE and of Kyber symmetric primitives, further gains of 46% and 44% in performance and energy consumption are observed, while also reducing code size by 15%. XKyber area costs are again of 10% of the baseline Ibex processor with no ISEs.
publishDate 2024
dc.date.none.fl_str_mv 2024-02-29
2025-05-29T18:44:51Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://tede2.pucrs.br/tede2/handle/tede/11644
url https://tede2.pucrs.br/tede2/handle/tede/11644
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Pontifícia Universidade Católica do Rio Grande do Sul
Escola Politécnica
Brasil
PUCRS
Programa de Pós-Graduação em Ciência da Computação
publisher.none.fl_str_mv Pontifícia Universidade Católica do Rio Grande do Sul
Escola Politécnica
Brasil
PUCRS
Programa de Pós-Graduação em Ciência da Computação
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações da PUC_RS
instname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron:PUC_RS
instname_str Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron_str PUC_RS
institution PUC_RS
reponame_str Biblioteca Digital de Teses e Dissertações da PUC_RS
collection Biblioteca Digital de Teses e Dissertações da PUC_RS
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
repository.mail.fl_str_mv biblioteca.central@pucrs.br||
_version_ 1850041318918586368

Registros relacionados