FELIX: FPGA-Based Scalable and Lightweight Accelerator for Large Integer Extended GCD

IF 2.8 2区工程技术 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE IEEE Transactions on Very Large Scale Integration (VLSI) Systems Pub Date : 2024-07-10 DOI:10.1109/TVLSI.2024.3417016

Samuel Coulon;Tianyou Bao;Jiafeng Xie

{"title":"FELIX: FPGA-Based Scalable and Lightweight Accelerator for Large Integer Extended GCD","authors":"Samuel Coulon;Tianyou Bao;Jiafeng Xie","doi":"10.1109/TVLSI.2024.3417016","DOIUrl":null,"url":null,"abstract":"The extended greatest common divisor (XGCD) computation is a critical component in various cryptographic applications and algorithms, including both pre- and postquantum cryptosystems. In addition to computing the greatest common divisor (GCD) of two integers, the XGCD also produces Bézout coefficients \n<inline-formula> <tex-math>$b_{a}$ </tex-math></inline-formula>\n and \n<inline-formula> <tex-math>$b_{b}$ </tex-math></inline-formula>\n which satisfy \n<inline-formula> <tex-math>$\\mathrm {GCD}(a,b) = a\\times b_{a} + b\\times b_{b}$ </tex-math></inline-formula>\n. In particular, computing the XGCD for large integers is of significant interest. Most recently, XGCD computation between 6479-bit integers is required for solving Nth-degree truncated polynomial ring unit (NTRU) trapdoors in Falcon, a National Institute of Standards and Technology (NIST)-selected postquantum digital signature scheme. To this point, existing literature has primarily focused on exploring software-based implementations for XGCD. The few existing high-performance hardware architectures require significant hardware resources and may not be desirable for practical usage, and the lightweight architectures suffer from poor performance. To fill the research gap, this work proposes a novel FPGA-based scalable and lightweight accelerator for large integer XGCD (FELIX). First, a new algorithm suitable for scalable and lightweight computation of XGCD is proposed. Next, a hardware accelerator (FELIX) is presented, including both constant- and variable-time versions. Finally, a thorough evaluation is carried out to showcase the efficiency of the proposed FELIX. In certain configurations, FELIX involves 81% less equivalent area-time product (eATP) than the state-of-the-art design for 1024-bit integers, and achieves a 95% reduction in latency over the software for 6479-bit integers (Falcon parameter set) with reasonable resource usage. Overall, the proposed FELIX is highly efficient, scalable, lightweight, and suitable for very large integer computation, making it the first such XGCD accelerator in the literature (to the best of our knowledge).","PeriodicalId":13425,"journal":{"name":"IEEE Transactions on Very Large Scale Integration (VLSI) Systems","volume":"32 9","pages":"1684-1695"},"PeriodicalIF":2.8000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10593812","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Very Large Scale Integration (VLSI) Systems","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10593812/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The extended greatest common divisor (XGCD) computation is a critical component in various cryptographic applications and algorithms, including both pre- and postquantum cryptosystems. In addition to computing the greatest common divisor (GCD) of two integers, the XGCD also produces Bézout coefficients

$b_{a}$

and

$b_{b}$

which satisfy

$\mathrm {GCD}(a,b) = a\times b_{a} + b\times b_{b}$

. In particular, computing the XGCD for large integers is of significant interest. Most recently, XGCD computation between 6479-bit integers is required for solving Nth-degree truncated polynomial ring unit (NTRU) trapdoors in Falcon, a National Institute of Standards and Technology (NIST)-selected postquantum digital signature scheme. To this point, existing literature has primarily focused on exploring software-based implementations for XGCD. The few existing high-performance hardware architectures require significant hardware resources and may not be desirable for practical usage, and the lightweight architectures suffer from poor performance. To fill the research gap, this work proposes a novel FPGA-based scalable and lightweight accelerator for large integer XGCD (FELIX). First, a new algorithm suitable for scalable and lightweight computation of XGCD is proposed. Next, a hardware accelerator (FELIX) is presented, including both constant- and variable-time versions. Finally, a thorough evaluation is carried out to showcase the efficiency of the proposed FELIX. In certain configurations, FELIX involves 81% less equivalent area-time product (eATP) than the state-of-the-art design for 1024-bit integers, and achieves a 95% reduction in latency over the software for 6479-bit integers (Falcon parameter set) with reasonable resource usage. Overall, the proposed FELIX is highly efficient, scalable, lightweight, and suitable for very large integer computation, making it the first such XGCD accelerator in the literature (to the best of our knowledge).

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

FELIX：基于 FPGA 的可扩展轻量级大整数扩展 GCD 加速器

扩展最大公约数（XGCD）计算是包括前量子和后量子密码系统在内的各种密码应用和算法的关键组成部分。除了计算两个整数的最大公约数（GCD）外，XGCD 还能产生满足 $\mathrm {GCD}(a,b) = a\times b_{a} + b\times b_{b}$ 条件的贝祖特系数 $b_{a}$ 和 $b_{b}$ 。特别是，计算大整数的 XGCD 具有重大意义。最近，在美国国家标准与技术研究院（NIST）选定的后量子数字签名方案 Falcon 中，需要计算 6479 位整数之间的 XGCD，以解决 Nth 度截断多项式环单元（NTRU）陷阱门。到目前为止，现有文献主要侧重于探索基于软件的 XGCD 实现。现有的少数高性能硬件架构需要大量硬件资源，在实际应用中可能并不理想，而轻量级架构的性能也很差。为了填补研究空白，本研究提出了一种基于 FPGA 的新型可扩展轻量级大整数 XGCD（FELIX）加速器。首先，提出了一种适用于 XGCD 可扩展轻量级计算的新算法。接着，介绍了硬件加速器（FELIX），包括恒时和变时版本。最后，进行了全面评估，以展示所提 FELIX 的效率。在某些配置下，对于 1024 位整数，FELIX 的等效面积-时间乘积（eATP）比最先进的设计少 81%；对于 6479 位整数（猎鹰参数集），FELIX 的延迟比软件减少 95%，而且资源使用合理。总之，所提出的 FELIX 高效、可扩展、轻量级，适用于超大整数计算，是文献中首个此类 XGCD 加速器（据我们所知）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Very Large Scale Integration (VLSI) Systems 工程技术-工程：电子与电气

CiteScore

6.40

自引率

7.10%

发文量

187

审稿时长

3.6 months

期刊介绍： The IEEE Transactions on VLSI Systems is published as a monthly journal under the co-sponsorship of the IEEE Circuits and Systems Society, the IEEE Computer Society, and the IEEE Solid-State Circuits Society. Design and realization of microelectronic systems using VLSI/ULSI technologies require close collaboration among scientists and engineers in the fields of systems architecture, logic and circuit design, chips and wafer fabrication, packaging, testing and systems applications. Generation of specifications, design and verification must be performed at all abstraction levels, including the system, register-transfer, logic, circuit, transistor and process levels. To address this critical area through a common forum, the IEEE Transactions on VLSI Systems have been founded. The editorial board, consisting of international experts, invites original papers which emphasize and merit the novel systems integration aspects of microelectronic systems including interactions among systems design and partitioning, logic and memory design, digital and analog circuit design, layout synthesis, CAD tools, chips and wafer fabrication, testing and packaging, and systems level qualification. Thus, the coverage of these Transactions will focus on VLSI/ULSI microelectronic systems integration.

期刊最新文献

Table of Contents IEEE Transactions on Very Large Scale Integration (VLSI) Systems Society Information IEEE Transactions on Very Large Scale Integration (VLSI) Systems Publication Information Table of Contents IEEE Transactions on Very Large Scale Integration (VLSI) Systems Publication Information