Benchmarking RISC-V for Post-Quantum Security π
Explore how RISC-V performs with Post-Quantum Cryptography in this comprehensive benchmarking by Markku-Juhani Saarinen from PQShield. Discover insights into future-proof security solutions.
RISC-V International
375 views β’ Nov 29, 2023
About this video
Benchmarking RISC-V Post-Quantum - Markku-Juhani Saarinen, PQShield
The PQC Task Group aims to provide a ratifiable candidate ISA extension for Post-Quantum Cryptography (PQC). Since we target general-purpose processors rather than custom acceleration, these instructions are designed to align with RISC-V architectural principles, existing ISA extensions, and common processor design patterns in application-class CPUs. The main PQC algorithms intended to replace RSA and Elliptic Curve cryptography in mainstream applications (e.g., TLS/Web) are Kyber and Dilithium. Both are lattice-based schemes. While the older algorithms used mainly "big integer" arithmetic, the instruction mix of Kyber (key establishment) and Dilithium (digital signatures) contains a lot of vectorizable small-integer modular arithmetic operations and SHA3/SHAKE computation. There are also important use cases for hash-based signature schemes SPHINCS+, LMS/HSS, and XMSS, which benefit from SHA2 and SHA3 acceleration. We describe the PQC extensions under consideration and offer quantitative analysis to support them: Instruction count reduction (in end-to-end algorithm testing with and without the ISA extension), Implementation area/power, and vector unit critical path/speed.
The PQC Task Group aims to provide a ratifiable candidate ISA extension for Post-Quantum Cryptography (PQC). Since we target general-purpose processors rather than custom acceleration, these instructions are designed to align with RISC-V architectural principles, existing ISA extensions, and common processor design patterns in application-class CPUs. The main PQC algorithms intended to replace RSA and Elliptic Curve cryptography in mainstream applications (e.g., TLS/Web) are Kyber and Dilithium. Both are lattice-based schemes. While the older algorithms used mainly "big integer" arithmetic, the instruction mix of Kyber (key establishment) and Dilithium (digital signatures) contains a lot of vectorizable small-integer modular arithmetic operations and SHA3/SHAKE computation. There are also important use cases for hash-based signature schemes SPHINCS+, LMS/HSS, and XMSS, which benefit from SHA2 and SHA3 acceleration. We describe the PQC extensions under consideration and offer quantitative analysis to support them: Instruction count reduction (in end-to-end algorithm testing with and without the ISA extension), Implementation area/power, and vector unit critical path/speed.
Video Information
Views
375
Likes
2
Duration
19:59
Published
Nov 29, 2023
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.