Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs

Tobias Oder, Tim Güneysu

La­tin­crypt 2017, La Habana, Cuba, September 20-22, 2017


Lattice-based cryptography is one of the most promising candidates being considered to replace current public-key systems in the era of quantum computing. In 2016 Alkim, Ducas, Pöppelmann, and Schwabe proposed the lattice-based key exchange scheme NewHope. The scheme has gained some popularity in the research community as it is believed to withstand attacks by quantum computers with a comfortable security margin and provides decent efficiency and low communication cost. In this work, we evaluate the efficiency of NewHope on reconfigurable hardware. We provide the up to our knowledge first fieldprogrammable gate array (FPGA) implementation of NewHope-Simple that is a slight modification of NewHope proposed by the authors themselves in 2016. NewHope-Simple is basically NewHope with different error correction mechanism. Our implementation of the client-side scheme requires 1,483 slices, 4,498 look-up tables (LUTs), and 4,635 flip-flops (FFs) on low-cost Xilinx Artix-7 FPGAs. The implementation of the server-side scheme takes 1,708 slices, 5,142 LUTs, and 4,452 FFs. Both cores use only two digital signal processors (DSPs) and four 18-kb block memories (BRAMs). The implementation has a constant execution time to prevent timing attacks. The server-side operations take 1.4 milliseconds and the client-side operations take 1.5 milliseconds.

[VHDL] [pdf]