面向格基密码体制的高效硬件实现研究综述

A Survey on High-Efficiency Hardware Implementation for Lattice-Based Cryptosystem

格基密码体制以其强大的安全性、高效性、灵活性、实用性等特点从众多后量子密码体制方案中脱颖而出.在实际应用中,可将格基密码体制的自身优势与硬件构架的并行性、灵活性等特点充分结合,使整个系统能够高效运行.本文简要介绍了格的基本概念以及格上的困难问题;探讨了格基密码体制的主要优势以及其在公钥加密、数字签名、密钥交换等方面的应用价值;在硬件实现格基密码的模块设计架构中,针对离散高斯采样器、多项式乘法器这两大主要模块的主流优化技术和实现方法进行了调研、总结和比较;在硬件实现格基密码的整体架构中,围绕格基密码在不同场景下的应用、不同的硬件优化目的(面向性能/面向资源)等方面,详细分析对比了当前先进的设计理念和优化技术;最后,从安全性、灵活性、资源消耗、吞吐量等角度,将格基密码体制在硬件上的实现情况与其它实现方法进行对比分析,充分展现其在实际应用中的高效性和实用性.

Lattice-based cryptosystems stand out from many post-quantum cryptosystems due to their feature of strong security,high efficiency,high flexibility and practicability.In practical applications,the advantages of the lattice-based cryptosystems fit perfectly to the parallelism and flexibility of the hardware architecture,therefore the entire system can run efficiently.This paper briefly introduces the basic concepts of lattice and some difficult problems of lattice,discusses the main advantages of lattice cryptosystems and their applications in public key encryption,digital signature,key exchange,etc.In hardware module design architecture,this paper presents some summaries and comparisons featuring the mainstream optimization techniques and implementation methods of two main modules,namely Discrete Gaussian Sampler and Polynomial Multiplier.In the overall architecture design of hardware-implemented lattice-based cryptosystem,some outstanding designing concepts and optimization techniques are discussed in detail.Considering different purposes of application design and optimization(performance-oriented/resource-oriented)in reference to varying application aspects,cryptosystems on the hardware architecture are compared with other implementation methods in terms of security,flexibility,resource consumption and throughput,which demonstrates the efficiency and practicability of the method.