• hardware for cybersecurity
• fpga
• post-quantum cryptography
• lattice-based algorithms

Asymmetric cryptographic schemes such Rivest-Shamir-Adleman encryption, the Diffie-Hellman key exchange or Elliptic Curve Cryptography rely their security on hard mathematical problems like integer factorization, discrete logarithms over finite fields and discrete logarithms over elliptic curve groups, which are intractable for conventional computers. Currently most of the communications protected by asymmetric cryptography use Rivest-Shamir-Adleman, Diffie-Hellman or Elliptic Curve Cryptography to guarantee security services as confidentiality and authentication. In the year 1994, Peter Williston Shor announced the discovery of a quantum algorithm that could break most of the currently used asymmetric cryptographic schemes, including Diffie-Hellman and those based on Rivest-Shamir-Adleman and Elliptic Curve Cryptography. Even though large-scale quantum computers are still not available right now, in the future they would seriously compromise the security of digital communications on Internet and elsewhere. National Institute of Standards and Technology, in 2016 formally started a standardization process for Post-Quantum cryptography with the first round in 2017 and then the second round in 2019. Lattice-based cryptography is considered one of the most promising scheme, due to its efficiency for the Public Key Ecryption, Key Encapsulation Mechanism and the signature schemes. In Lattice-based class, Learning With Errors, especially its variants Ring Learning With Errors and Module Learning With Errors, are the most recognized Lattice-based cryptographic schemes.
This thesis introduces the design of a hardware accelerator for Post-Quantum Cryptographic primitives which supports the National Institute of Standards and Technology Round2 Lattice-based candidate algorithms CRYSTALS Kyber (Module Learning With Errors), NewHope (Ring Learning With Errors) for Public Key Ecryption, and CRYSTALS DIlithium (Module Learning With Errors), qTESLA (Ring Learning With Errors) for Digital Signature. The design has been divided in three sub-blocks: Arithmetic Logic Unit and Memories, Noise Sampler, Secure Hash. The first module is the computational core of the entire system, integrating the logic for the configurable arithmetics with the memory resources, performing all the operations required by Lattice-based schemes. The second module, named Noise Sampler, provides stream of data belonging to different noise distributions. In fact Lattice-based algorithms require noise samples from Discrete Gaussian Distribution and Discrete Uniform Distribution. Starting from the Keccak core compliant to National Institute of Standards and Technology Standard for SHA-3 and developed by the Cybersecurity Team of the Departement of Information Engineering, a hardware module for SHAKE128/256 functions has been implemented, required as hash function for Lattice-based algorithms and as Cryptographically Secure Pseudo Random Number Generator.
The implemented hardware blocks (i.e. Arithmetic Logic Unit and Memories, Noise Sampler and SHAKE128/256) have been connected to each other, and a Control Unit has been designed in order to execute the key generation, encryption and decryption functions of the NewHope 1024 algorithm. Thus, the design has been verified with the NewHope1024-CPA-KEM test vectors. The proposed hardware accelerator performs Key Generation/Encryption/Decryption of the NewHope1024-CPA-KEM scheme in 19585/32949/11399 cycles. The designed cryptosystem has been synthesized on both the FPGA Zynq-Ultrascale+ by Xilinx and Stratix IV by Intel: on Zynq-Ultrascale+ uses 16950 CLBs logic units and 27.5 BRAMs with 12 DSPs with a maximum frequency of 310 MHz, and on Stratix IV uses 13627 of the available ALMs logic units together with 72 BRAMs and 40 DSPs reaching a maximum frequency of 125 MHz.
The hardware module has been synthetized also on a 45nm ASIC Standard-Cell technology, consuming 215.85 kGE at 600 MHz with 860KB of memory consumption. The results in terms of latency, frequency and resource consumptions are conform with the state-of-the-art FPGA NewHope 1024 implementations.