Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography

Side-channel attacks can break mathematically secure cryptographic systems leading to a major concern in applied cryptography. While the cryptanalysis and security evaluation of Post-Quantum Cryptography (PQC) have already received an increasing research effort, cost analysis efficient side-channel countermeasures is still lacking. In this work, we propose masked HW/SW codesign NIST PQC finalists Kyber Saber, suitable for their different characteristics. Among others, present novel ciphertext compression algorithm non-power-of-two moduli. To accelerate linear performance bottlenecks, developed generic Number Theoretic Transform (NTT) multiplier, which, contrast previously published accelerators, also schemes not based on NTT. For critical non-linear operations, HW accelerators were developed, allowing execution using RISC-V instruction set extensions. With proposed design, achieved cycle count K:214k/E:298k/D:313k K:233k/E:312k/D:351k Saber with Level III parameter sets. same sets, masking overhead first-order decapsulation operation including randomness generation factor 4.48 (D:1403k)and 2.60 (D:915k).