Design of Conflict-Free Memory Mapping Scheme for Polynomial Multiplication in Lattice-Based Cryptography

doi:10.19678/j.issn.1000-3428.0253271

Abstract

Abstract: Polynomial multiplication accounts for more than 80% of the computational time in lattice-based cryptographic operations. Polynomial multiplication based on the Number Theoretic Transform (NTT) can reduce the computational complexity of polynomial multiplication from to . However, compared with other implementation methods, polynomial multiplication based on the NTT algorithm is more complex in data scheduling and more difficult in memory mapping. At present, memory mapping schemes tailored for specific algorithms are limited by algorithm parameters and hardware characteristics, resulting in poor scalability. Memory mapping schemes for reconfigurable polynomial multiplication incur significant overhead in control and storage units, leading to low area efficiency of polynomial multiplication architectures. To address the above issues, this paper proposes a conflict-free memory mapping scheme based on partial constant geometry transformation, which can support lattice-based cryptographic polynomial multiplication operations that meet the condition . A conflict-free data scheduling scheme is proposed to avoid write-write conflicts during the mode transition of polynomial multiplication and data conflicts in the polynomial point multiplication stage. In addition, to avoid read-write conflicts in memory units during data scheduling, a multi-Bank storage scheme with cyclic shift storage is proposed, which can reduce the control complexity and cut down the storage capacity by 37.5% compared with the classic ping-pong storage method. To further demonstrate the superiority of performance, the polynomial multiplication architecture based on the conflict-free memory mapping scheme was experimentally verified on the FPGA xc7v2000tflg1925. Compared with the relevant literature, the conflict-free memory mapping scheme proposed in this paper exhibits higher area efficiency.

摘要： 多项式乘法在格密码运算中占用80%以上的时间，基于快速数论变换(NTT)的多项式乘法能够将多项式乘法的计算复杂度从降低至。然而，基于NTT算法的多项式乘法在数据调度方面相比于其他实现方式更为复杂，内存映射更为困难。当前，适用于特定算法的内存映射方案受算法参数和硬件特征限制，扩展性有限；适用于可重构多项式乘法运算的内存映射方案在控制单元和存储单元的开销较大，导致多项式乘法架构面积效率较低。基于上述问题，该文提出一种基于部分常数几何变换的无冲突内存映射方案，能够支持满足条件的格密码多项式乘法运算。其中，提出一种基于部分CG算法的无冲突数据调度方案，避免多项式乘法在模式转换过程中的写写冲突以及多项式点乘阶段的数据冲突。此外，为避免存储单元在数据调度过程中的读写冲突，提出一种循环移位存储的多Bank存储方案，能够降低控制复杂度的同时，相较于经典乒乓存储方式减少37.5%的存储容量。为进一步证明性能的优越性，基于无冲突内存映射方案的多项式乘法架构在FPGA xc7v2000tflg1925上进行实验验证，和相关文献相比，本文提出的无冲突内存映射方案具有更高的面积效率。

ZHAO Wangpeng, CHEN Tao, LI Wei, NAN Longmei, DU Yiran. Design of Conflict-Free Memory Mapping Scheme for Polynomial Multiplication in Lattice-Based Cryptography[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0253271.

赵旺鹏, 陈韬, 李伟, 南龙梅, 杜怡然. 面向格密码多项式乘法的无冲突内存映射方案设计[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0253271.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0253271

References

[1] J. Bos et al., “CRYSTALS-Kyber: A CCA-secure module-lattice-based KEM,” in Proc. IEEE Eur. Symp. Secur. Privacy, Apr. 2018,pp. 353–367.
[2] L. Ducas et al., “CRYSTALS-dilithium: A lattice-based digital signature scheme,” IACR Trans. Cryptograph. Hardw. Embedded Syst., vol. 2018,pp. 238–268, Feb. 2018.
[3] P.-A. Fouque et al., “Falcon: Fast-Fourier lattice-based compact signatures over NTRU,” Submission to the NIST’s Post-Quantum Cryptogr.Standardization Process, vol. 36, no. 5, pp. 1–75, 2018.
[4] Feng X, Li S, Xu S. RLWE-oriented high-speed polynomial multiplier utilizing multi-lane stockham NTT algorithm[J]. IEEE Transactions on Circuits and Systems II: Express Briefs, 2019, 67(3): 556-559.
[5] 周清雷,韩贺茹,李斌,等.面向格密码的可配置基-4 NTT硬件优化与实现[J].通信学报,2024,45(10):163-179. ZHOU Q L, HAN H R, LI B, et al. Configurable radix-4 NTT hardware optimization and implementation for lattice-based cryptography[J]. Journal on Communications, 2024, 45(10):163-179.
[6] J. Mu et al., "Scalable and Conflict-Free NTT Hardware Accelerator Design: Methodology, Proof, and Implementation," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 42, no. 5, pp. 1504-1517, May 2023, doi: 10.1109/TCAD.2022.3205552.
[7] 谢家兴,蒲金伟,方伟钿,等.面积高效的格密码多项式乘法硬件实现[J/OL].计算机工程,1-11. XIE J X,PU J W,FANG W D,et al. Area-Efficient Polynomial Multiplication Hardware Implementation for Lattice-based Cryptography[J/OL].Computer Engineering,1-11.
[8] Z. Wu, R. Kan, J. Guo and H. Xiao, "Scalable and Low-Cost NTT Architecture With Conflict-Free Memory Access Scheme," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 33, no. 5, pp. 1407-1411, May 2025, doi: 10.1109/TVLSI.2025.3526261.
[9] A. Pakala, Z. Chen and K. Yang, "MBSNTT: A Highly Parallel Digital In-Memory Bit-Serial Number Theoretic Transform Accelerator," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 33, no. 2, pp. 537-545, Feb. 2025, doi: 10.1109/TVLSI.2024.3462955.
[10] Y. Xing and S. Li, “An efficient implementation of the NewHope key exchange on FPGAs,” IEEE Trans. Circuits Syst. I, Reg. Papers, vol. 67,no. 3, pp. 866–878, Mar. 2020.
[11] X. Feng and S. Li, “Accelerating an FHE integer multiplier using negative wrapped convolution and ping-pong FFT,” IEEE Trans. Circuits Syst. II, Exp. Briefs, vol. 66, no. 1, pp. 121–125, Jan. 2019.
[12] J. Wang et al., "A Reconfigurable and Area-Efficient Polynomial Multiplier Using a Novel In-Place Constant-Geometry NTT/INTT and Conflict-Free Memory Mapping Scheme," in IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 72, no. 3, pp. 1358-1371, March 2025, doi: 10.1109/TCSI.2024.3483229.
[13] Y. Su, B.-L. Yang, C. Yang, Z.-P. Yang, and Y.-W. Liu, “A highly unified reconfigurable multicore architecture to speed up NTT/INTT for homomorphic polynomial multiplication,” IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 30, no. 8, pp. 993–1006, Aug. 2022.
[14] S. -H. Liu, C. -Y. Kuo, Y. -N. Mo and T. Su, "An Area-Efficient, Conflict-Free, and Configurable Architecture for Accelerating NTT/INTT," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 32, no. 3, pp. 519-529, March 2024, doi: 10.1109/TVLSI.2023.3336951.
[15] X. Li, J. Lu, D. Liu, A. Li, S. Yang and T. Huang, "A High Speed Post-Quantum Crypto-Processor for Crystals-Dilithium," in IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 71, no. 1, pp. 435-439, Jan. 2024, doi: 10.1109/TCSII.2023.3304416.
[16] XING Y F, LI S G. A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS KYBER on FPGA[J]. IACR Transactions on Crypto⁃ graphic Hardware and Embedded Systems, 2021(2): 328-356.
[17] 陈韬,李慧琴,吴艾青,等.基于2KNTT的多项式乘法单元设计[J].电子学报,2024,52(02):455-467. CHEN T, LI H Q, WU A Q, et al. A Polynomial Multiplier Design Based on 2KNTT[J].ACTA ELECTRONICA SINICA,2024,52(02):455-467.
[18] 刘冬生,赵文定,刘子龙,等.应用于格密码的可重构多通道数论变换硬件设计[J].电子与信息学报,2022,44(02):566-572. LIU D, ZHAO W, LIU Z, et al. Reconfigurable hardware design of multi-lanes number theoretic transform for lattice-based cryptography[J].Electronics and Informatics,2022, 44(2): 566-572.
[19] 李斌,陈晓杰,冯峰,等.后量子密码CRYSTALS-Kyber的FPGA多路并行优化实现[J].通信学报,2022,43(02):196-207. LI B, CHEN X J, FENG F, et al. FPGA multi-unit parallel optimization and implementation ofpost-quantum cryptography CRYSTALS-Kyber[J]. Journal on Communications,2022,43(02):196-207.
[20] Y. Zhao, X. Liu, Y. Hu and H. Xiao, "Design of an Efficient NTT/INTT Architecture With Low-Complex Memory Mapping Scheme," in IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 71, no. 1, pp. 400-404, Jan. 2024, doi: 10.1109/TCSII.2023.3296492.
[21] Feng X, Li S. Accelerating an FHE integer multiplier using negative wrapped convolution and ping-pong FFT[J]. IEEE Transactions on Circuits and Systems II:Express Briefs, 2018, 66(1): 121-125.
[22] X. Hu, J. Tian, M. Li and Z. Wang, "AC-PM: An Area-Efficient and Configurable Polynomial Multiplier for Lattice Based Cryptography," in IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 70, no. 2, pp. 719-732, Feb. 2023, doi: 10.1109/TCSI.2022.3218192.
[23] Z. Ye, R. C. C. Cheung and K. Huang, "PipeNTT: A Pipelined Number Theoretic Transform Architecture," in IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 69, no. 10, pp. 4068-4072, Oct. 2022, doi: 10.1109/TCSII.2022.3184703.
[24] 付秋兴,李伟,别梦妮,等.格基后量子密码的可重构NTT运算单元与高效调度算法研究[J].电子学报,2025,53(04):1182-1191. FU Q X, LI W, BIE M N, et al. Research on Reconfigurable NTT Arithmetic Unit and Efficient Scheduling Algorithm for Lattice Post-Quantum Cryptography[J].ACTA ELECTRONICA SINICA, 2025,53(04):1182-1191.
[25] Z. Wang, Y. Yang, J. Wang, J. Hou, Y. Su and C. Yang, "A Scalable and Efficient NTT/INTT Architecture Using Group-Based Pairwise Memory Access and Fast Interstage Reordering," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 33, no. 2, pp. 588-592, Feb. 2025, doi: 10.1109/TVLSI.2024.3465010.

Please choose a citation manager

Content to export