An Efficient and Unified RTL Accelerator Design for HQC-128, HQC-192, and HQC-256

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computers Pub Date : 2025-04-04 DOI:10.1109/TC.2025.3558044

Francesco Antognazza;Alessandro Barenghi;Gerardo Pelosi

{"title":"An Efficient and Unified RTL Accelerator Design for HQC-128, HQC-192, and HQC-256","authors":"Francesco Antognazza;Alessandro Barenghi;Gerardo Pelosi","doi":"10.1109/TC.2025.3558044","DOIUrl":null,"url":null,"abstract":"In the Post-Quantum Standardization (PQC) process held by the National Institute of Standards and Technology (NIST), the final round of evaluation of the asymmetric cryptographic schemes <monospace>Classic McEliece</monospace>, <monospace>BIKE</monospace> and <monospace>HQC</monospace> will elect the alternative Key Establishment Mechanism (KEM) to the FIPS <inline-formula><tex-math>$203$</tex-math></inline-formula> standard <monospace>CRYSTALS-Kyber</monospace>. In this work we present two configurations of a RTL hardware design of the <monospace>HQC</monospace> candidate, either optimized for devices exclusively working with client-server style protocols, or a unified accelerator compatible with all KEM operations, i.e. Key Generation, Encapsulation, and Decapsulation. Our designs are compatible with all the parameter sets defined by the <monospace>HQC</monospace> specification, providing security margins equivalent to the ones of <monospace>AES-128</monospace>, <monospace>AES-192</monospace>, and <monospace>AES-256</monospace> based on a selection made at runtime. We are providing an extensive comparison with the current state-of-the-art RTL hardware designs for Artix-<inline-formula><tex-math>$7$</tex-math></inline-formula> FPGAs of the schemes in the PQC process, introducing a new metric to evaluate the area utilization, historically a challenging task for such devices made of heterogeneous resources, and determining that <monospace>HQC</monospace> has by far the best figures among the code-based candidates in terms of latency, area occupied and efficiency, and even comparable with the lattice-based <monospace>CRYSTALS-Kyber</monospace> when using the parameters with lowest security margin.","PeriodicalId":13087,"journal":{"name":"IEEE Transactions on Computers","volume":"74 7","pages":"2306-2320"},"PeriodicalIF":3.8000,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computers","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10949843/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

In the Post-Quantum Standardization (PQC) process held by the National Institute of Standards and Technology (NIST), the final round of evaluation of the asymmetric cryptographic schemes Classic McEliece, BIKE and HQC will elect the alternative Key Establishment Mechanism (KEM) to the FIPS

$203$

standard CRYSTALS-Kyber. In this work we present two configurations of a RTL hardware design of the HQC candidate, either optimized for devices exclusively working with client-server style protocols, or a unified accelerator compatible with all KEM operations, i.e. Key Generation, Encapsulation, and Decapsulation. Our designs are compatible with all the parameter sets defined by the HQC specification, providing security margins equivalent to the ones of AES-128, AES-192, and AES-256 based on a selection made at runtime. We are providing an extensive comparison with the current state-of-the-art RTL hardware designs for Artix-

$7$

FPGAs of the schemes in the PQC process, introducing a new metric to evaluate the area utilization, historically a challenging task for such devices made of heterogeneous resources, and determining that HQC has by far the best figures among the code-based candidates in terms of latency, area occupied and efficiency, and even comparable with the lattice-based CRYSTALS-Kyber when using the parameters with lowest security margin.

查看原文本刊更多论文

HQC-128、HQC-192、HQC-256高效统一RTL加速器设计

在美国国家标准与技术研究院（NIST）举行的后量子标准化（PQC）过程中，对非对称加密方案Classic McEliece、BIKE和HQC的最后一轮评估将选出FIPS $203$标准CRYSTALS-Kyber的替代密钥建立机制（KEM）。在这项工作中，我们提出了HQC候选的RTL硬件设计的两种配置，要么是针对专门使用客户端-服务器风格协议的设备进行优化，要么是与所有KEM操作兼容的统一加速器，即密钥生成、封装和解封装。我们的设计与HQC规范定义的所有参数集兼容，根据运行时的选择提供相当于AES-128， AES-192和AES-256的安全余量。我们正在与PQC过程中方案的Artix-$7$ fpga的当前最先进的RTL硬件设计进行广泛的比较，引入一个新的指标来评估面积利用率，历史上这是由异构资源制成的此类设备的挑战性任务，并确定HQC在延迟，面积占用和效率方面迄今为止在基于代码的候选产品中具有最佳数据。当使用最低安全裕度的参数时，甚至可以与基于晶格的CRYSTALS-Kyber相媲美。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computers 工程技术-工程：电子与电气

CiteScore

6.60

自引率

5.40%

发文量

199

审稿时长

6.0 months

期刊介绍： The IEEE Transactions on Computers is a monthly publication with a wide distribution to researchers, developers, technical managers, and educators in the computer field. It publishes papers on research in areas of current interest to the readers. These areas include, but are not limited to, the following: a) computer organizations and architectures; b) operating systems, software systems, and communication protocols; c) real-time systems and embedded systems; d) digital devices, computer components, and interconnection networks; e) specification, design, prototyping, and testing methods and tools; f) performance, fault tolerance, reliability, security, and testability; g) case studies and experimental and theoretical evaluations; and h) new and important applications and trends.