Flexible NTT Accelerators for RLWE Lattice-based Cryptography

In this work, we propose methods to design flexible and energy-efficient hardware accelerators for ring learning with error (RLWE) lattice-based cryptographic protocols, such as key agreement and digital signature. We apply the proposed methods to design the first programmable DMA-based family of accelerators for the Number Theoretic Transform (NTT), a commonly used kernel inside variants of RLWE protocols NewHope and Kyber. We validate our methods by integrating the accelerators into an HLS-based System on Chip (SoC) simulator. Experiments confirm the suitability of the flexible DMA-based accelerators for their use as part of lattice-based schemes. Our proposed designs are capable of executing new variants of lattice-based schemes with superior energy efficiency compared to executing the scheme entirely on the main processor, but without modifying the hardware acceleration platform. Performance improvements are up to 2x, energy consumption improves up to 1.9x, and energy-delay product (EDP) improves up to 3.9x. Together with such improved energy efficiency and performance, the flexibility inherent in our accelerators provides insights for, while reducing the risk of early adoption of lattice-based PQC cryptographic protocols in hardware products.