Crystals-Dilithium数字签名技术硬件实现综述
A Survey of Hardware Implementation for Crystals-Dilithium Digital Signature in the Post Quantum Cryptography
- 电子学报 2025年53卷第7期 页码:2558-2578
- 作者机构:
南京航空航天大学集成电路学院,江苏南京 210016
- 作者简介:
[ "崔益军 男,1988年8月出生于江苏省海安市.现为南京航空航天大学集成电路学院副院长、副研究员、博士生导师.研究方向为集成电路设计,包括基于物理不可克隆函数的安全认证技术、面向未来信息系统的后量子密码安全通信技术、硬件木马、新兴计算等.中国电子学会会员编号:E190036763M.E-mail: yijun.cui@nuaa.edu.cn" ]
[ "李梦雪 女,2001年11月出生于浙江省温州市.现为南京航空航天大学集成电路学院硕士研究生.研究方向为后量子密码算法中核心算子的硬件设计与优化.E-mail: limengxue@nuaa.edu.cn" ]
[ "王辈 女,1991年2月出生于安徽省宿州市.现为南京航空航天大学集成电路学院讲师.研究方向为量子计算对公钥密码算法的安全性分析和后量子密码算法的软硬件加速研究.发表SCI和EI论文10余篇.E-mail: wangbei91@nuaa.edu.cn" ]
[ "王成华 男,1963年10月出生于江苏省扬中市.现为南京航空航天大学集成电路学院教授、博士生导师.研究方向为集成电路设计.E-mail: chwang@nuaa.edu.cn" ]
[ "刘伟强 男,1983年3月出生于山东省东营市.现为南京航空航天大学集成电路学院执行院长、教授、国家自然科学基金杰出青年基金项目入选者.研究方向为高能效高安全新兴计算芯片.中国电子学会会员编号:E190011136S.E-mail: chwang@nuaa.edu.cn" ]
- 基金信息:国家自然科学基金(62134002;62104107;62371226)
DOI:10.12263/DZXB.20240505
中图分类号: TP393;收稿:2024-06-02,
修回:2025-04-23,
纸质出版:2025-07-25
- 稿件说明:
移动端阅览
崔益军, 李梦雪, 王辈, 等. Crystals-Dilithium数字签名技术硬件实现综述[J]. 电子学报, 2025, 53(07): 2558-2578.
CUI Yi-jun, LI Meng-xue, WANG Bei, et al. A Survey of Hardware Implementation for Crystals-Dilithium Digital Signature in the Post Quantum Cryptography[J]. Acta Electronica Sinica, 2025, 53(07): 2558-2578.
崔益军, 李梦雪, 王辈, 等. Crystals-Dilithium数字签名技术硬件实现综述[J]. 电子学报, 2025, 53(07): 2558-2578. DOI:10.12263/DZXB.20240505
CUI Yi-jun, LI Meng-xue, WANG Bei, et al. A Survey of Hardware Implementation for Crystals-Dilithium Digital Signature in the Post Quantum Cryptography[J]. Acta Electronica Sinica, 2025, 53(07): 2558-2578. DOI:10.12263/DZXB.20240505
摘要
随着量子计算技术的不断发展,依赖传统公钥密码体制三大功能(密钥协商/数字签名/公钥加密)的各种应用系统将不再安全.为应对量子威胁,以美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)为首的国际标准组织积极征集与部署后量子密码(Post Quantum Cryptography,PQC)算法的标准化工作,致力于在真正实用型量子计算机问世之前,提前完成传统公钥密码算法到PQC算法的迁移过渡.Crystals-Dilithium是NIST-PQC标准中的一种基于格的数字签名算法,其安全性高,运算速度快,是实现抵抗量子攻击数字签名算法的重要路径之一.本文从主流Crystals-Dilithium数字签名算法的理论基础出发,从底层关键组件的优化方法和整体硬件构架设计方法着手,围绕硬件资源优化和性能优化等现有方法和成果对比展开分析介绍,为研究者们后续研究探明方向,希望为设计性能与硬件资源均衡的后量子数字签名密码芯片提供有力参考.
Abstract
With the continuous development of quantum computing technology
various application systems relying on the three major functions of traditional public key cryptography (key agreement/digital signatures/public key encryption) will no longer be secure. In response to the quantum threat
international standardization organizations led by the United States NIST (National Institute of Standards and Technology) are actively soliciting and deploying the standardization work of post-quantum cryptography (PQC) algorithms
aiming to complete the migration from traditional public key cryptography algorithms to PQC algorithms before truly practical quantum computers emerge. Crystals-Dilithium is one of the lattice-based digital signature algorithms in the NIST-PQC standard
which features high security and fast computation speed
making it an important path to implement digital signature algorithms resistant to quantum attacks. This paper commences with the theoretical foundations of the mainstream Crystals-Dilithium digital signature algorithm. It delves into optimization methods for underlying key components and overall hardware architecture design
focusing on hardware resource optimization and performance enhancement. The paper contrasts and analyzes existing methods and outcomes
aiming to clarify the direction for subsequent research. It aspires to provide a robust reference for the design of post-quantum digital signature cryptographic chips that balance performance with hardware resource efficiency.
关键词
Keywords
references
RIVEST R L , SHAMIR A , ADLEMAN L . A method for obtaining digital signatures and public-key cryptosystems [J ] . Communications of the ACM , 1978 , 21 ( 2 ): 120 - 126 .
DAN B . The decision Diffie-Hellman problem [M ] // Algorithmic Number Theory . Berlin, Heidelberg : Springer , 1998 : 48 - 63 .
ELGAMAL T . A public key cryptosystem and a signature scheme based on discrete logarithms [J ] . IEEE Transactions on Information Theory , 1985 , 31 ( 4 ): 469 - 472 .
KOBLITZ N . Elliptic curve cryptosystems [J ] . Mathematics of Computation , 1987 , 48 ( 177 ): 203 - 209 .
GALBRAITH S D . Mathematics of Public Key Cryptography [M ] . Cambridge : Cambridge University Press , 2012 .
SHOR P W . Algorithms for quantum computation: Discrete logarithms and factoring [C ] // Proceedings 35th Annual Symposium on Foundations of Computer Science . Piscataway : IEEE , 1994 : 124 - 134 .
CHEN L , JORDAN S , et al . Report on Post-Quantum Cryptography [M ] . Gaithersburg : US Department of Commerce, National Institute of Standards and Technology , 2016 .
MICCIANCIO D , REGEV O . Lattice-Based Cryptography [M ] // Post-Quantum Cryptography . Berlin, Heidelberg : Springer , 2009 : 147 - 191 .
BUCHMANN J , DAHMEN E , SZYDLO M . Hash-based digital signature schemes [M ] // Post-Quantum Cryptography . Berlin, Heidelberg : Springer , 2009 : 35 - 93 .
OVERBECK R , SENDRIER N . Code-based cryptography [M ] // Post-Quantum Cryptography . Berlin, Heidelberg : Springer , 2009 : 95 - 145 .
PETZOLDT A , BULYGIN S , BUCHMANN J . A multivariate based threshold ring signature scheme [J ] . Applicable Algebra in Engineering, Communication and Computing , 2013 , 24 ( 3 ): 255 - 275 .
FEO L D . Mathematics of isogeny based cryptography [EB/OL ] . ( 2017-11-11 )[ 2025-03-19 ] . https://arxiv.org/abs/1711.04062 https://arxiv.org/abs/1711.04062 .
BEULLENS W . Breaking rainbow takes a weekend on a laptop [M ] // Advances in Cryptology-CRYPTO 2022 . Cham : Springer Nature Switzerland , 2022 : 464 - 479 .
MAILLARD B . Implementing the Dual Approaches for Solving LWE [D ] . Lund : Lund University , 2023 .
MAINO L , MARTINDALE C , PANNY L , et al . A Direct key recovery attack on SIDH [M ] // Advances in Cryptology-EUROCRYPT 2023 . Cham : Springer Nature Switzerland , 2023 : 448 - 471 .
DUCAS L , KILTZ E , LEPOINT T , et al . CRYSTALS-dilithium: A lattice-based digital signature scheme [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2018 , 2018 : 238 - 268 .
LANGLOIS A , STEHLÉ D . Worst-case to average-case reductions for module lattices [J ] . Designs, Codes and Cryptography , 2015 , 75 ( 3 ): 565 - 599 .
LIU W Q , FAN S L , KHALID A , et al . Optimized schoolbook polynomial multiplication for compact lattice-based cryptography on FPGA [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2019 , 27 ( 10 ): 2459 - 2463 .
SINHA ROY S , BASSO A . High-speed instruction-set coprocessor for lattice-based key encapsulation mechanism: Saber in hardware [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2020 : 443 - 466 .
BERNSTEIN D J . Fast multiplication and its applications [J ] . Algorithmic Number Theory , 2008 , 44 ( 1 ): 325 - 384 .
WEIMERSKIRCH A , PAAR C . Generalizations of the Karatsuba algorithm for efficient implementations [EB/OL ] . ( 2006-07-03 )[ 2025-03-19 ] . https://eprint.iacr.org/2006/224 https://eprint.iacr.org/2006/224 .
ZHAO C K , ZHANG N , WANG H N , et al . A compact and high-performance hardware architecture for CRYSTALS-dilithium [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2021 , 2021 : 270 - 295 .
芮康康 , 王成华 , 范赛龙 , 等 . 一种高性能R-LWE格加密算法的电路结构及其FPGA实现 [J ] . 数据采集与处理 , 2019 , 34 ( 4 ): 689 - 696 .
RUI K K , WANG C H , FAN S L , et al . High performance hardware architecture of lattice-based cryptography and its FPGA implementation [J ] . Journal of Data Acquisition and Processing , 2019 , 34 ( 4 ): 689 - 696 . (in Chinese)
MCIVOR C , MCLOONE M , MCCANNY J V . Modified Montgomery modular multiplication and RSA exponentiation techniques [J ] . IEE Proceedings - Computers and Digital Techniques , 2004 , 151 ( 6 ): 402 - 408 .
LI X , LU J H , LIU D S , et al . A high speed post-quantum crypto-processor for crystals-dilithium [J ] . IEEE Transactions on Circuits and Systems II: Express Briefs , 2024 , 71 ( 1 ): 435 - 439 .
PLANTARD T . Efficient word size modular arithmetic [J ] . IEEE Transactions on Emerging Topics in Computing , 2021 , 9 ( 3 ): 1506 - 1518 .
LAND G , SASDRICH P , GÜNEYSU T . A hard crystal-implementing dilithium on reconfigurable hardware [M ] // Smart Card Research and Advanced Applications . Cham : Springer International Publishing , 2022 : 210 - 230 .
GUPTA N , JATI A , CHATTOPADHYAY A , et al . Lightweight hardware accelerator for post-quantum digital signature CRYSTALS-dilithium [J ] . IEEE Transactions on Circuits and Systems I: Regular Papers , 2023 , 70 ( 8 ): 3234 - 3243 .
HARTLEY R I . Subexpression sharing in filters using canonic signed digit multipliers [J ] . IEEE Transactions on Circuits and Systems II: Analog and Digital Signal Processing , 1996 , 43 ( 10 ): 677 - 688 .
HWANG V , KIM Y , SEO S C . Barrett multiplication for dilithium on embedded devices [EB/OL ] . ( 2023-12-25 )[ 2025-03-19 ] . https://eprint.iacr.org/2023/1955 https://eprint.iacr.org/2023/1955 .
PHAM T X , DUONG-NGOC P , LEE H . An efficient unified polynomial arithmetic unit for CRYSTALS-dilithium [J ] . IEEE Transactions on Circuits and Systems I: Regular Papers , 2023 , 70 ( 12 ): 4854 - 4864 .
WANG T F , ZHANG C , CAO P , et al . Efficient implementation of dilithium signature scheme on FPGA SoC platform [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2022 , 30 ( 9 ): 1158 - 1171 .
MALAL A . Designing efficient and flexible NTT accelerators [EB/OL ] . ( 2024-09-15 )[ 2025-03-19 ] . https://eprint.iacr.org/2023/1617 https://eprint.iacr.org/2023/1617 .
FRITZMANN T , SEPULVEDA J . Efficient and flexible low-power NTT for lattice-based cryptography [C ] // 2019 IEEE International Symposium on Hardware Oriented Security and Trust . Piscataway : IEEE , 2019 : 141 - 150 .
JATI A , GUPTA N , CHATTOPADHYAY A , et al . SPQCop: Side-channel protected post-quantum cryptoprocessor [C ] // IACR Cryptology ePrint Archive . Trier : DBLP , 2019 : 765 .
FRITZMANN T , SHARIF U , MÜLLER-GRITSCHNEDER D , et al . Towards reliable and secure post-quantum co-processors based on RISC-V [C ] // 2019 Design , Automation & Test in Europe Conference & Exhibition . Piscataway : IEEE , 2019 : 1148 - 1153 .
RICCI S , MALINA L , JEDLICKA P , et al . Implementing CRYSTALS-dilithium signature scheme on FPGAs [C ] // Proceedings of the 16th International Conference on Availability, Reliability and Security . New York : ACM , 2021 : 1 - 11 .
BECKWITH L , NGUYEN D T , GAJ K . High-performance hardware implementation of lattice-based digital signatures [EB/OL ] . ( 2022-02-25 )[ 2025-03-19 ] . https://eprint.iacr.org/2022/217 https://eprint.iacr.org/2022/217 .
MERT A C , OZTURK E , SAVAS E . Design and implementation of a fast and scalable NTT-based polynomial multiplier architecture [C ] // 2019 22nd Euromicro Conference on Digital System Design . Piscataway : IEEE , 2019 : 253 - 260 .
ZHANG N , YANG B H , CHEN C , et al . Highly efficient architecture of NewHope-NIST on FPGA using low-complexity NTT/INTT [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2020 , 2020( 2 ): 49 - 72 .
FRITZMANN T , SIGL G , SEPÚLVEDA J . RISQ-V: Tightly coupled RISC-V accelerators for post-quantum cryptography [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2020 , 2020( 4 ): 239 - 280 .
LI H Q , CHEN T , WU A Q , et al . High efficient architecture of polynomial multiplier with variable parameter based on 2KNTT [C ] // 2022 IEEE Asia Pacific Conference on Circuits and Systems . Piscataway : IEEE , 2022 : 606 - 610 .
BASSO A , AYDIN F , DINU D , et al . Where star wars meets star trek: Saber and dilithium on the same polynomial multiplier [EB/OL ] . ( 2022-03-08 )[ 2025-03-19 ] . https://eprint.iacr.org/2021/1697 https://eprint.iacr.org/2021/1697 .
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY . SHA-3 Standard: Permutation-based hash and extendable-output functions [S/OL ] . Gaithersburg : NIST , 2015 ( 2015-08-04 )[ 2025-03-19 ] . https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions?pub_id=919061 https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions?pub_id=919061 .
CARRIL X , KARDARIS C , RIBES-GONZÁLEZ J , et al . Hardware acceleration for high-volume operations of CRYSTALS-kyber and CRYSTALS-dilithium [J ] . ACM Transactions on Reconfigurable Technology and Systems , 2024 , 17 ( 3 ): 1 - 26 .
BERTONI G , DAEMEN J , PEETERS M , et al . Keccak [C ] // Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin, Heidelberg : Springer , 2013 : 313 - 314 .
JUNGK B , APFELBECK J . Area-efficient FPGA implementations of the SHA-3 finalists [C ] // 2011 International Conference on Reconfigurable Computing and FPGAs . Piscataway : IEEE , 2011 : 235 - 241 .
SUNDAL M , CHAVES R . Efficient FPGA implementation of the SHA-3 hash function [C ] // 2017 IEEE Computer Society Annual Symposium on VLSI . Piscataway : IEEE , 2017 : 86 - 91 .
WONG M M , HAJ-YAHYA J , SAU S , et al . A new high throughput and area efficient SHA-3 implementation [C ] // 2018 IEEE International Symposium on Circuits and Systems . Piscataway : IEEE , 2018 : 1 - 5 .
刘冬生 , 陈勇 , 熊思琦 , 等 . 应用于后量子密码的高速高效SHA-3硬件单元设计 [J ] . 信息安全学报 , 2021 , 6 ( 6 ): 32 - 39 .
LIU D S , CHEN Y , XIONG S Q , et al . Design of high-speed and high-efficiency SHA-3 hardware unit for post-quantum cryptography [J ] . Journal of Cyber Security , 2021 , 6 ( 6 ): 32 - 39 . (in Chinese)
CONTI F , SCHILLING R , SCHIAVONE P D , et al . An IoT endpoint system-on-chip for secure and energy-efficient near-sensor analytics [J ] . IEEE Transactions on Circuits and Systems I: Regular Papers , 2017 , 64 ( 9 ): 2481 - 2494 .
BANERJEE U , PATHAK A , CHANDRAKASAN A P . 2.3 an energy-efficient configurable lattice cryptography processor for the quantum-secure Internet of Things [C ] // 2019 IEEE International Solid-State Circuits Conference . Piscataway : IEEE , 2019 : 46 - 48 .
DUCAS L , LEPOINT T , LYUBASHEVSKY V , et al . Crystals-dilithium: Digital signatures from module lattices [EB/OL ] . ( 2018-12-01 )[ 2023-12-10 ] . https://eprint.iacr.org/2017/633 https://eprint.iacr.org/2017/633 .
GRECONICI D O C , KANNWISCHER M J , SPRENKELS D . Compact dilithium implementations on cortex-M3 and cortex-M4 [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2021 , 2021( 1 ): 1 - 24 .
AIKATA A , MERT A C , IMRAN M , et al . KaLi: A crystal for post-quantum security using kyber and dilithium [J ] . IEEE Transactions on Circuits and Systems I: Regular Papers , 2023 , 70 ( 2 ): 747 - 758 .
AIKATA A , MERT A C , JACQUEMIN D , et al . A unified cryptoprocessor for lattice-based signature and key-exchange [J ] . IEEE Transactions on Computers , 2022 , 72 ( 6 ): 1568 - 1580 .
GHINEA D , KACZMARCZYCK F , PULLMAN J , et al . Hybrid post-auantum signatures in hardware security keys [M ] // Applied Cryptography and Network Security Workshops . Cham : Springer Nature Switzerland , 2023 : 480 - 499 .
0
浏览量
6
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies