Compact Instruction Set Extensions for Kyber

Abstract

Kyber is the only post-quantum cryptography (PQC) key encapsulation mechanism in the National Institute of Standards and Technology PQC project. This brief investigates the design of compact instruction set extensions (ISEs) for Kyber. We focus on implementing number-theoretic transform (NTT) and propose a hardware design of the modular multiplication based on an optimized $k^{2}$ -reduction. Compared to other works, our design is more compact since the optimized $k^{2}$ -reduction comprises multiplications with significantly smaller multipliers than Montgomery reduction and Barrett reduction. Then, we integrate the $k^{2}$ -reduction into an instruction for the butterfly transformation. We also propose auxiliary instructions that can switch the half words between two registers to facilitate the rearranging coefficients in NTT. To showcase the advantage of the instructions, we implement the ISEs in a chip design for the Hummingbird E203 core. Compared to the software implementation on RISC-V with assembly code, our co-design implementations for NTT show a speedup by a factor of 2.6. Besides, the area overhead is 93 LUTs and 1 DSP without any additional resources of FFs and RAMs using Artix-7 FPGA, which is more compact than previous software–hardware co-designs of Kyber.