在FPGA上的CRYSTALS-KYBER實作 - 一個符合IND-CCA2安全標準的金鑰封裝機制

Abstract

本篇論文包含了CRYSTALS-KYBER的基礎介紹。 首先從KYBER的難題假設開始，之後基於這個難題假設，我們將會介紹KYBER的所有演算法，之後再介紹如何硬體實作。 SHA3演算法的部分我們將會著重於如何做出有效率的硬體實作。 之後我們會特別針對KYBER的NTT/INTT以及乘法演算法做詳盡的介紹，包括KYBER的代數結構、NTT/INTT演算法、輔助演算法以及硬體電路圖。 最終我們將會呈現重要的硬體實作結果並解釋結果。

This work covers the fundamentals for people to understand the principles of CRYSTALS-KYBER. First we will introduce the hardness assumption of KYBER. Then based on the hardness assumption, we will introduce all the algorithms of KYBER. We will also give explanations to those algorithms including key generation, key encapsulation and key de-capsulation. Then introduce how these algorithms are implemented as hardware. Then we will briefly introduce the SHA3 family algorithms used in KYBER implementation. The content about SHA3 will mainly be its algorithmic structure and how we utilize it to reduce the area of the hardware. After that, we will give detail introduction to KYBER’s NTT/INTT algorithm and polynomial multiplication algorithm, including the algebraic structure used in the algorithm, the NTT/INTT algorithmic body, the auxiliary algorithms, and the hardware diagram with the idea behind the design. Finally we will give some result of our hardware implementation and reasoning behind that.