Performance and Communication Cost of Hardware Accelerators for Hashing in Post-Quantum Cryptography

IF 4.6 Q2 MATERIALS SCIENCE, BIOMATERIALS

ACS Applied Bio Materials Pub Date : 2024-07-09 DOI:10.1145/3676965

Patrick Karl, Jonas Schupp, Georg Sigl

{"title":"Performance and Communication Cost of Hardware Accelerators for Hashing in Post-Quantum Cryptography","authors":"Patrick Karl, Jonas Schupp, Georg Sigl","doi":"10.1145/3676965","DOIUrl":null,"url":null,"abstract":"SPHINCS+ is a signature scheme included in the first NIST post-quantum standard, that bases its security on the underlying hash primitive. As most of the runtime of SPHINCS+ is caused by the evaluation of several hash- and pseudo-random functions, offloading this computation to dedicated hardware accelerators is a natural step. In this work, we evaluate different architectures for hardware acceleration of such a hash primitive with respect to its use-case and evaluate them in the context of SPHINCS+. We attach hardware accelerators for different hash primitives (SHAKE128 and Ascon-Xof for both, full and round-reduced versions) to CPU interfaces having different transfer speeds. We show, that for most use-cases, data transfer determines the overall performance if accelerators are equipped with FIFOs and that reducing the number of rounds in the permutation does not necessarily lead to significant performance improvements when using hardware acceleration.\n This work extends on a conference paper accepted at COSADE’24, first published in [19], and written by the same authors, where different architectures for hardware accelerators of hash functions are benchmarked and evaluated for SPHINCS+ as a case study. In this paper, we provide results for additional parameter sets for SPHINCS+ and improve the performance of one of the accelerators by adding an additional RISC-V instruction for faster absorption. We then extend the performance benchmark by including the algorithms CRYSTALS-Kyber, CRYSTALS-Dilithium and Falcon. Finally we provide a power/energy comparison for the accelerators.","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":"40 7","pages":""},"PeriodicalIF":4.6000,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3676965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}

引用次数: 0

Abstract

SPHINCS+ is a signature scheme included in the first NIST post-quantum standard, that bases its security on the underlying hash primitive. As most of the runtime of SPHINCS+ is caused by the evaluation of several hash- and pseudo-random functions, offloading this computation to dedicated hardware accelerators is a natural step. In this work, we evaluate different architectures for hardware acceleration of such a hash primitive with respect to its use-case and evaluate them in the context of SPHINCS+. We attach hardware accelerators for different hash primitives (SHAKE128 and Ascon-Xof for both, full and round-reduced versions) to CPU interfaces having different transfer speeds. We show, that for most use-cases, data transfer determines the overall performance if accelerators are equipped with FIFOs and that reducing the number of rounds in the permutation does not necessarily lead to significant performance improvements when using hardware acceleration. This work extends on a conference paper accepted at COSADE’24, first published in [19], and written by the same authors, where different architectures for hardware accelerators of hash functions are benchmarked and evaluated for SPHINCS+ as a case study. In this paper, we provide results for additional parameter sets for SPHINCS+ and improve the performance of one of the accelerators by adding an additional RISC-V instruction for faster absorption. We then extend the performance benchmark by including the algorithms CRYSTALS-Kyber, CRYSTALS-Dilithium and Falcon. Finally we provide a power/energy comparison for the accelerators.

查看原文本刊更多论文

后量子密码学哈希算法硬件加速器的性能和通信成本

SPHINCS+ 是首个 NIST 后量子标准中的签名方案，其安全性基于底层散列原语。由于 SPHINCS+ 的大部分运行时间是由多个哈希和伪随机函数的评估造成的，因此将这种计算卸载到专用硬件加速器上是很自然的一步。在这项工作中，我们根据哈希基元的使用情况评估了硬件加速哈希基元的不同架构，并在 SPHINCS+ 的背景下对它们进行了评估。我们将不同散列原语（SHAKE128 和 Ascon-Xof，包括完整版和回合缩减版）的硬件加速器连接到具有不同传输速度的 CPU 接口上。我们的研究表明，对于大多数用例，如果加速器配备了先进先出设备，数据传输将决定整体性能，而且在使用硬件加速时，减少排列中的轮数并不一定能显著提高性能。这项工作是对 COSADE'24 会议接受的一篇会议论文的延伸，该论文首次发表于 [19]，由同一作者撰写，其中以 SPHINCS+ 为案例研究，对散列式函数硬件加速器的不同架构进行了基准测试和评估。在本文中，我们为 SPHINCS+ 提供了额外参数集的结果，并通过添加额外的 RISC-V 指令提高了其中一个加速器的性能，从而加快了吸收速度。然后，我们扩展了性能基准，纳入了 CRYSTALS-Kyber、CRYSTALS-Dilithium 和 Falcon 算法。最后，我们提供了加速器的功耗/能耗比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACS Applied Bio Materials Chemistry-Chemistry (all)

CiteScore

9.40

自引率

2.10%

发文量

464

期刊介绍： ACS Applied Bio Materials is an interdisciplinary journal publishing original research covering all aspects of biomaterials and biointerfaces including and beyond the traditional biosensing, biomedical and therapeutic applications. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important bio applications. The journal is specifically interested in work that addresses the relationship between structure and function and assesses the stability and degradation of materials under relevant environmental and biological conditions.