Near Threshold Computation of Partitioned Ring Learning With Error (RLWE) Post Quantum Cryptography on Reconfigurable Architecture
Paresh Baidya, Swagata Mondal, Rourab Paul
TL;DR
This work targets energy-efficient RLWE hardware for post-quantum cryptography on FPGAs by applying near-threshold computation through voltage islanding. It introduces a 14-component RLWE accelerator partitioned into FPGA regions with distinct $V_{ccint}$ guided by four clustering methods, coupled with offline voltage calibration and Razor-based timing-error detection. The main contributions are the first application of near-threshold computation to RLWE on FPGA/ASIC platforms, a comparative study of clustering algorithms for partitioning, and empirical power savings of around $6\%$ (Vivado) to $11\%$ (VTR) without sacrificing throughput. This approach enhances the practicality of PQC/HE implementations by reducing dynamic power while preserving accuracy and performance in real hardware environments.
Abstract
Ring Learning With Error (RLWE) algorithm is used in Post Quantum Cryptography (PQC) and Homomorphic Encryption (HE) algorithm. The existing classical crypto algorithms may be broken in quantum computers. The adversaries can store all encrypted data. While the quantum computer will be available, these encrypted data can be exposed by the quantum computer. Therefore, the PQC algorithms are an essential solution in recent applications. On the other hand, the HE allows operations on encrypted data which is appropriate for getting services from third parties without revealing confidential plain-texts. The FPGA based PQC and HE hardware accelerators like RLWE is much cost-effective than processor based platform and Application Specific Integrated Circuit (ASIC). FPGA based hardware accelerators still consume more power compare to ASIC based design. Near Threshold Computation (NTC) may be a convenient solution for FPGA based RLWE implementation. In this paper, we have implemented RLWE hardware accelerator which has 14 subcomponents. This paper creates clusters based on the critical path of all 14 subcomponents. Each cluster is implemented in an FPGA partition which has the same biasing voltage $V_{ccint}$. The clusters that have higher critical paths use higher Vccint to avoid timing failure. The clusters have lower critical paths use lower biasing voltage Vccint. This voltage scaled, partitioned RLWE can save ~6% and ~11% power in Vivado and VTR platform respectively. The resource usage and throughput of the implemented RLWE hardware accelerator is comparatively better than existing literature.