於現場可程式化邏輯閘陣列實作後量子密碼系統關鍵元件

彭柏源; Bo-Yuan Peng

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96386

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳和麟	zh_TW
dc.contributor.advisor	Ho-Lin Chen	en
dc.contributor.author	彭柏源	zh_TW
dc.contributor.author	Bo-Yuan Peng	en
dc.date.accessioned	2025-02-13T16:14:14Z	-
dc.date.available	2025-02-14	-
dc.date.copyright	2025-02-13	-
dc.date.issued	2025	-
dc.date.submitted	2025-02-04	-
dc.identifier.citation	[1] SmartFusion 2 Promotion Page by Microchip/ Microsemi. https://www.microchip.com/en-us/products/fpgas-and-plds/system-on-chip-fpgas/smartfusion-2-fpgas. [Accessed 15-July-2024]. [2] ZCU102 Promotion Page by AMD Xilinx. https://www.xilinx.com/products/boards-and-kits/ek-u1-zcu102-g.html. [Accessed 15-July-2024]. [3] ZedBoard Promotion Page by Avnet. https://www.avnet.com/wps/portal/us/products/avnet-boards/avnet-board-families/zedboard/. [Accessed 15-July-2024]. [4] ZedBoard Promotion Page by Digilent. https://digilent.com/reference/programmable-logic/zedboard/start. [Accessed 15-July-2024]. [5] R. Agarwal and C. Burrus. Fast Convolution using fermat number transforms with applications to digital filtering. IEEE Transactions on Acoustics, Speech, and Signal Processing, 22(2):87-97, 1974. [6] E. Alkim, D. Y.-L. Cheng, C.-M. M. Chung, H. Evkan, L. W.-L. Huang, V. Hwang, C.-L. T. Li, R. Niederhagen, C.-J. Shih, J. Wälde, and et al. Polynomial multipli-cation in ntru prime: Comparison of optimization strategies on cortex-m4. IACR 101Transactions on Cryptographic Hardware and Embedded Sy [7] Apon, Daniel. NIST assignments of platforms on implementation efforts to PQC teams. https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/cJxMq0_90gU/m/qbGEs3TXGwAJ, Feb. 2019. [Online 7-February-2019; accessed 25-May-2023]. [8] R. Avanzi, J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J. M. Schanck, P. Schwabe, G. Seiler, and D. Stehlé. CRYSTALS-Kyber: Algorithm Specifications And Supporting Documentation (version 3.02). In Post-Quantum Cryptography Standardization Project. NIST, Aug. 2021. [9] S. Bai, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehlé. CRYSTALS-Dilithium: Algorithm Specifications and Supporting Documentation (Version 3.1). In Post-Quantum Cryptography Standardization Project. NIST, Feb. 2021. [10] P. Barrett. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In Advances in Cryptology-CRYPTO’ 86, volume 263 of LNCS, pages 311-323. Springer Berlin Heidelberg, 1987. [11] A. Basso, F. Aydin, D. Dinu, J. Friel, A. Varna, M. Sastry, and S. Ghosh. Where star wars meets star trek: Saber and dilithium on the same polynomial multiplier. Cryptology ePrint Archive, Paper 2021/1697, 2021. https://eprint.iacr.org/2021/1697. [12] A. Basso, J. M. B. Mera, J.-P. D＇Anvers, A. Karmakar, S. S. Roy, M. V. Beirendonck, and F. Vercautere. SABER: Mod-LWR based KEM (Round 3 Submission). In Post-Quantum Cryptography Standardization Project. NIST, 2020. [13] L. Beckwith, D. T. Nguyen, and K. Gaj. High-performance hardware implementation of crystals-dilithium. In 2021 International Conference on Field-Programmable Technology (ICFPT), pages 1-10, 2021. [14] D. J. Bernstein, B. B. Brumley, M.-S. Chen, C. Chuengsatiansup, T. Lange, A. Marotzke, B.-Y. Peng, N. Tuveri, C. van Vredendaal, and B.-Y. Yang. NTRU Prime: round 3. In Post-Quantum Cryptography Standardization Project. NIST, Oct. 2020. [15] D. J. Bernstein, C. Chuengsatiansup, T. Lange, and C. van Vredendaal. NTRU Prime: round 2. In Post-Quantum Cryptography Standardization Project. NIST, Mar. 2019. [16] C. Chen, O. Danba, J. Hostein, A. Hülsing, J. Rijneveld, J. M. Schanck, T. Saito, P. Schwabe, W. Whyte, K. Xagawa, T. Yamakawa, and Z. Zhang. NTRU Algorithm Specications And Supporting Documentation. In Post-Quantum Cryptography Standardization Project. NIST, Sept. 2020. [17] C.-M. M. Chung, V. Hwang, M. J. Kannwischer, G. Seiler, C.-J. Shih, and B.-Y. Yang. NTT Multiplication for NTT-unfriendly Rings. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(2):159-188. [18] V. Dang, K. Mohajerani, and K. Gaj. High-Speed Hardware Architectures and FPGA Benchmarking of CRYSTALS-Kyber, NTRU, and Saber. IEEE Transactions on Computers, 72(02):306-320, Feb. 2023. Preprint version available on https://eprint.iacr.org/2021/1508.pdf since Nov. 2021. [19] P.-A. Fouque, J. Hoffstein, P. Kirchner, V. Lyubashevsky, T. Pornin, T. Prest, T. Ricosset, G. Seiler, W. Whyte, and Z. Zhang. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU (specification v1.2). In Post-Quantum Cryptography Standardization Project. NIST, Oct. 2020. [20] I. J. Good. Random motion on a finite abelian group. Mathematical Proceedings of the Cambridge Philosophical Society, In volume 47, pages 756-762. Cambridge University Press, 1951. [21] Y. Huang, M. Huang, Z. Lei, and J. Wu. A pure hardware implementation of CRYSTALS-KYBER PQC algorithm through resource reuse. IEICE Electronics Express, 17(17), 2020. [22] N. Koblitz. Elliptic Curve Cryptosystems. Mathematics of Computation, 48(177):203-209, Jan. 1987. [23] H.-F. Lo, M.-D. Shieh, and C.-M. Wu. Design of an efficient FFT processor for DAB system. In ISCAS 2001. The 2001 IEEE International Symposium on Circuits and Systems (Cat. No.01CH37196), volume 4, pages 654-657 vol. 4, 2001. [24] A. Marotzke. A Constant Time Full Hardware Implementation of Streamlined NTRU Prime. In International Conference on Smart Card Research and Advanced Applications, pages 3-17. Springer, 2020. [25] A. Marotzke. A Constant Time Full Hardware Implementation of Streamlined NTRU Prime. In Smart Card Research and Advanced Applications: CARDIS 2020, volume 12609 of LNCS, pages 3-17. Springer International Publishing, 2021. [26] Microchip Technology Inc. Military Grade IGLOO 2 FPGA and SmartFusion 2 SoC FPGA, January 2025. [27] V. S. Miller.Use of Elliptic Curves in Cryptography. In Advances in Cryptology - CRYPTO ’85 Proceedings, volume 218, pages 417-426. Springer Berlin Heidelberg, 1986. [28] P. K. Mishra and P. Sarkar. Application of Montgomery＇s trick to scalar multiplication for elliptic and hyperelliptic curves using a fixed base point. In International Workshop on Public Key Cryptography, pages 41-54. Springer, 2004. [29] P. L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44:519-521, 1985. [30] NIST. Post-Quantum Cryptography (PQC) Round 3 Submissions. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions, 2020. [Online 22-July-2020; accessed 25-May-2023]. [31] NIST. Post-Quantum Cryptography: Digital Signature Schemes Call for Proposals. https://csrc.nist.gov/projects/pqc-dig-sig/standardization/call-for-proposals, 2022. [Online 29-August-2022; accessed 25-May-2023]. [32] NIST. Post-Quantum Cryptography (PQC) Round 4 Submissions. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions, 2022. [Online 5-July-2022; accessed 25-May-2023]. [33] NIST. Post-Quantum Cryptography (PQC) Selected Algorithms 2022. https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022, 2022. [Online 5-July-2022; accessed 25-May-2023]. [34] OpenSSH. OpenSSH 9.0 Release Note. https://www.openssh.com/txt/release-9.0, 2022. [Online 8-April-2022; accessed 25-May-2023]. [35] B.-Y. Peng, A. Marotzke, M.-H. Tsai, B.-Y. Yang, and H.-L. Chen. Streamlined NTRU Prime on FPGA. Journal of Cryptographic Engineering, 13(2):167-186, Jun 2023. Preprint version available on https://eprint.iacr.org/2021/1444.pdf since Oct. 2021. [36] H. Prodinger. On binary representations of integers with digits -1, 0, 1. Integers, 0, 2000. https://math.colgate.edu/~integers/vol0.html. [37] G. W. Reitwiesner. Binary arithmetic. Advances in Computers, 1:231-308, 1960. [38] S. Ricci, L. Malina, P. Jedlicka, D. Smékal, J. Hajny, P. Cibik, P. Dzurenda, and P. Dobias. Implementing crystals-dilithium signature scheme on fpgas. In Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES 21. Association for Computing Machinery, 20 [39] R. L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM, 21(2):120-126, Feb. 1978. [40] P. Shor. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th Annual Symposium on Foundations of Computer Science, pages 124-134. IEEE, 1994. [41] S. Sinha Roy and A. Basso. High-speed Instruction-set Coprocessor for Lattice-based Key Encapsulation Mechanism: Saber in Hardware. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(4):443-466, Aug. 2020. [42] M.-H. Tsai. An efficient fpga implementation of streamlined ntru prime. Master’s thesis, Graduate Institute of Electronics Engineering, National Taiwan University, 2021. https://hdl.handle.net/11296/p95uu8. [43] Xilinx, Inc. UG474: 7 Series FPGAs Configurable Logic Block, 1.8 edition, September 2016. [44] Xilinx, Inc. UG574: UltraScale Architecture Configurable Logic Block, 1.5 edition, February 2017. [45] Xilinx, Inc. UG479: 7 Series DSP48E1 Slice, 1.10 edition, March 2018. [46] Xilinx, Inc. UG473: 7 Series FPGAs Memory Resources, 1.14 edition, July 2019. [47] Xilinx, Inc. UG573: UltraScale Architecture Memory Resources, 1.13 edition, September 2021. [48] Xilinx, Inc. UG579: UltraScale Architecture DSP Slice, 1.11 edition, August 2021. [49] Y. Xing and S. Li. A Compact Hardware Implementation of CCA-Secure Key Exchange Mechanism CRYSTALS-KYBER on FPGA. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(2):328-356, Feb. 2021. [50] N. Zhang, B. Yang, C. Chen, S. Yin, S. Wei, and L. Liu. Highly efficient architecture of newhope-nist on fpga using low-complexity ntt/intt. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2):49-72, Mar. 2020. [51] Y. Zhu, M. Zhu, B. Yang, W. Zhu, C. Deng, C. Chen, S. Wei, and L. Liu. Lwrpro: An energy-efficient configurable crypto-processor for module-lwr. IEEE Transactions on Circuits and Systems I: Regular Papers, 68(3):1146-1159, 2021.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96386	-
dc.description.abstract	後量子密碼學 (尤以格基密碼學為甚) 的計算過程經常需要快速的多項式乘法與取模運算，另外各種後量子密碼系統的向量值域範圍經常不是二的次方數，以致各種向量直接儲存傳遞時無法有效利用所有位元的消息含量。作者提出於現場可程式化邏輯閘陣列實作基於數論轉換的多項式乘法元件的暫存器傳輸級硬體之描述程式生成系統，可以自由生成基於全點型、古德三型或古德五型數論轉換的多項式乘法元件；應對各種不同模數與輸入位元數的高速取模運算元件的暫存器傳輸及硬體之描述程式生成系統；應對各種不同向量值域範圍的迪傑比編碼器，以達成各種相關運算的硬體加速。	zh_TW
dc.description.abstract	On the Post-Quantum Cryptography, especially the Lattice-Based Cryptography, fast polynomial multiplications with fast modulo operations are necessary. Also, the range of the entries of various vectors in PQC is not necessarily the power of 2, which makes the bits saving data or being transported not information effective. The author proposed the RTL generators of polynomial multiplication with various configurations based on the implementation of the full-point NTT and/or the Good's Trick NTT (with factor 3 or 5); the RTL generators of fast arbitrary modulo operation with arbitrary input bits; the RTL implementation of DJB Codec with parameter generator, generating arbitrary configuration fitting the requirement. These designs provide the hardware acceleration of the above computation requirements for PQC.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-02-13T16:14:14Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2025-02-13T16:14:14Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Acknowledgements (i) 摘要 (iii) Abstract (v) Contents (vii) List of Figures (xi) List of Tables (xiii) List of Algorithms (xv) Chapter 1 Introduction (1) 1.1 Hardware Implementation and Post-Quantum Cryptography (1) 1.2 Problem Description (3) 1.3 Contribution of the Dissertation (4) Chapter 2 Preliminaries (7) 2.1 Polynomial Multiplications, Modulo Operations, and Sequence Encoding in the Post-Quantum Cryptosystems (7) 2.2 Design Consideration with FPGAs (10) 2.2.1 Look-Up Tables (LUTs), Flip-Flops (FFs), and Configurable Logic Blocks (CLBs) (11) 2.2.2 Digital Signal Processing (DSP) Slices (12) 2.2.3 Block Memories (BRAMs) (13) 2.3 Notations in Hardware Related References (13) Chapter 3 Hardware Implementation of Number-Theoretic Transform (15) 3.1 A Simple Review on NTT (16) 3.1.1 Basic full-point NTT (16) 3.1.2 Good’s Trick (18) 3.2 Choice of NTT Parameters with the Computing Power (20) 3.3 Case Study: Streamlined NTRU Prime (24) 3.3.1 sntrup761q4591 and sntrup653q4621: Starting Examples (27) 3.3.2 sntrup1277q7879 and the extreme power on FPGAs (29) 3.3.3 sntrup857q5167, sntrup953q6343 and sntrup1013q7177 (30) 3.4 Hardware of NTT and Pointwise Multiplication (32) 3.5 Hardware Implementation on Weaker FPGAs (40) Chapter 4 Fast Modulo Reduction on Hardware (45) 4.1 Linear Reduction (46) 4.1.1 Example: mod± 4591 (47) 4.1.2 Generalized Approach of mod±±l (50) 4.1.3 Generalized Approach of mod±+l , mod+±l , and mod++l (53) 4.1.4 mod+ 3 and mod+ 5: on Good’s Tricked NTT (54) 4.1.5 Final Note to the Linear Reduction (56) 4.2 Shifting Reduction (57) 4.2.1 Example: mod± 7681 (57) 4.2.2 Generalized Approach of mod±±l (60) 4.2.3 Constructive Shifting Reduction (62) 4.3 Linear v.s. Shifting: Which One? (70) Chapter 5 Hardware to Codec of Sequences of Integers (73) 5.1 Review on DJB Codec (74) 5.2 Hareware Implementation of DJB Codec (80) 5.2.1 Hardware Implementation of DJB Encoding Procedure (80) 5.2.2 Hardware Implementation of DJB Decoding Procedure (87) 5.2.3 Results of Implementation (94) 5.3 DJB Codec on Other Cases (96) 5.3.1 DJB Codec on Z3329 [x] / < x^256 + 1 > (96) 5.3.2 DJB Codec on Z8380417 [x] / < x^256 + 1 > (97) Chapter 6 Conclusion and Future Works (99) References (101) Appendix A — Fast Modulo Operation to Every Configuration in Streamlined NTRU Prime (109) A.1 Design with the Linear Reduction Approach (109) A.1.1 mod± 4621 (109) A.1.2 mod± 5167 (111) A.1.3 mod± 6343 (112) A.1.4 mod± 7177 (114) A.1.5 mod± 7879 (116) A.2 Design with the Shifting Reduction Approach (117) A.2.1 mod± 12289 (117) A.2.2 mod± 15361 (119) A.2.3 mod± 114689 (121) A.2.4 mod± 120833 (122) A.2.5 mod± 163841 (124) A.2.6 mod± 249857 (127) Appendix B — Implementation Result of Both Reduction Approaches for Prime Divisors in the range [257, 26003] (131) Appendix C — Data Structure Descriptors for Every Configuration in Streamlined NTRU Prime (197)	-
dc.language.iso	en	-
dc.subject	古德法	zh_TW
dc.subject	數論轉換	zh_TW
dc.subject	迪傑比編碼	zh_TW
dc.subject	現場可程式化邏輯閘陣列	zh_TW
dc.subject	多項式乘法	zh_TW
dc.subject	取模運算	zh_TW
dc.subject	DJB Codec	en
dc.subject	Modulo Reduction	en
dc.subject	Good's Trick	en
dc.subject	NTT	en
dc.subject	Polynomial Multiplication	en
dc.subject	FPGA	en
dc.title	於現場可程式化邏輯閘陣列實作後量子密碼系統關鍵元件	zh_TW
dc.title	On the FPGA Implementation of Polynomial Multiplications and Fast Modulo Reduction Operations in Post-Quantum Cryptosystems	en
dc.type	Thesis	-
dc.date.schoolyear	113-1	-
dc.description.degree	博士	-
dc.contributor.oralexamcommittee	雷欽隆;吳安宇;黃俊郎;蕭旭君;楊柏因;鄭振牟	zh_TW
dc.contributor.oralexamcommittee	Chin-Laung Lei;An-Yeu Andy Wu;Jiun-Lang Huang;Hsu-Chun Hsiao;Bo-Yin Yang;Chen-Mou Cheng	en
dc.subject.keyword	現場可程式化邏輯閘陣列,多項式乘法,數論轉換,古德法,取模運算,迪傑比編碼,	zh_TW
dc.subject.keyword	FPGA,Polynomial Multiplication,NTT,Good's Trick,Modulo Reduction,DJB Codec,	en
dc.relation.page	202	-
dc.identifier.doi	10.6342/NTU202500332	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2025-02-04	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
dc.date.embargo-lift	2025-02-14	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-1.pdf	1.63 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。