Professional Documents
Culture Documents
The super singular isogeny key encapsulation (SIKE) protocol has entered the
second round of competition for post quantum cryptography (PQC) launched by
the National Institute of Standards and Technology (NIST). As an improved
version of the super singular isogeny Diffifie-Hellman (SIDH) key exchange
protocol, SIKE inherits SIDH’s advantages of
the smallest size of keys the ability to resist the attack from the powerful
quantum computer. Meanwhile, it can also defend from other side channel
attacks. These features make
it a promising candidate in the competition. However, the considerable
computations make the protocol difficult to be applied in practical applications.
The SIDH was first proposed by Jao and Feo in 2011, and up to the present,
researchers have proposed many optimizations to accelerate it, where the
modular multiplication, as one of the most complicated operations, usually
becomes the focus. As the major computations in SIDH are the same as those in
SIKE, the optimizations of the modular multiplication for SIDH are also
appropriate for SIKE protocol. We propose a lower-complexity infinite Fifield
multiplication algorithm for the n-fold prime of p = 2nxl ny B + 1 = Rn + 1,
named IFFMn, for isogeny-based elliptic curves cryptography (ECC). In this
new algorithm, the modulo-p operation is replaced by n modulo-R operations.
We introduce a general Barrett reduction algorithm allowing negative inputs for
those small modulo operations. This new Barrett reduction algorithm can also
achieve lower complexity than previous ones, Moreover, we devise an efficient
hardware architecture for the IFFMn and implement it on FPGA. According to
the FPGA implementation results, our design achieves the fastest clock speed
with small resources consumption compared with the state-of-the-art works.
WORKING BLOCKDIAGRAM
1)Top mul: - This module occupies the most hardware resources. By using the
Karatsuba decomposition referred in , n2 multiplications are reduced to
n(n+1) 2 multiplications, including n aibi and n(n−1) 2 (ai + aj) (bi + bj)
multiplications (i = j). This module applies m multipliers to calculate the n(n+1)
2 multiplications, consuming (n(n+1))/2 m iterations. The architecture of the
multiplier is depicted in Fig. 2. In Kr mul module, we calculate the
multiplication of two 32-bit numbers. Because by using Karatsuba
decomposition, the 32 × 32 multiplication can be dividing into two 16 × 16
and one 17 × 17 multiplication which achieves the highest hardware utilization
with only 3 DSPs. If N is big, we can divide the N-bit number into many
numbers and the numbers’ bit width is multiple of 32, then the Kr mul module
calculates the multiplication with more DSPs.
By using the method proposed in, we find a SIDH friendly prime p = 24083224
+1 = R8 + 1 where R = 251328, targeting the level-5 post-quantum security
level and implement the proposed architecture on FPGA for this prime. The
Xilinx Viv ado 2018.2 EDA platform is applied and the Virtex-
7xc7vx690tffg1157-3 board is selected. Since the maximum latency lies in the
top mul module or the two GBR module, either of which consumes 36 CCs, this
design can be processed within 36 CCs for one pair of inputs with a latency of
89 CCs. The comparisons of implementations on FPGA with previous
algorithms which also adopted the unconventional radix are listed in Table II. It
can be seen that our design achieves the highest frequency (193MHz) among
the state-of-the-arts. As for hardware resources, our work uses much fewer
resources especially the number of DSPs than the previous works except
the EFFM. However, with much faster clock speed, our design offers a more
reasonable choice for the SIKE implementation.
CONCLUSION