摘要: |
现有的密码体制大多基于RSA、ECC等公钥密码体制,在信息安全系统中实现密钥交换、数字签名和身份认证等,有其独特的优势,其安全性分别依赖于解决整数分解问题和离散对数问题的难度。近年来,随着量子计算机的快速发展,破解上述数学问题的时间大幅减少,这将严重损害数字通信的安全性、保密性和完整性。与此同时,一个新的密码学领域,即后量子密码学应运而生,基于它的加密算法可以对抗量子计算机的攻击,因此成为近年来的热点研究方向。2016年以来,NIST向世界各地的研究者征集候选抗量子密码学方案,并对全部方案进行安全性、成本和性能的评估,最终通过评估的候选方案将被标准化。本文比较了NIST后量子密码学算法征集(第2轮、第3轮)的各个方案,概述目前后量子加密算法的主要实现方法:基于哈希、基于编码、基于格和基于多变量,分析了各自的安全性,签名参数及计算量的特点以及后期的优化方向。PQC算法在硬件实现上的挑战其一是算法规范的数学复杂性,这些规范通常是由密码学家编写的,关注的重点是其安全性而非实现的效率,其二需要存储大型公钥、私钥和内部状态,这可能会导致不能实现真正的轻量级,从而降低硬件实现的效率。本文重点介绍了目前后量子加密算法的硬件实现方式,包括PQC硬件应用程序编程接口的开发,基于HLS的抽象实现和基于FPGA/ASIC平台的硬件实现。PQC方案的硬件化过程中不仅需要算法的高效实现,同时需要抵抗针对硬件结构的侧信道攻击。侧信道攻击可以通过来自目标设备泄露的相关信息来提取密码设备的密钥。本文讨论了后量子加密算法在具体实现和应用中受到侧信道攻击类别和防御对策。 |
关键词: 量子计算 后量子密码 加密算法 硬件实现 |
DOI:10.19363/J.cnki.cn10-1380/tn.2021.11.01 |
投稿时间:2021-08-29修订日期:2021-10-08 |
基金项目:本课题得到2021年度中央引导地方科技发展资金“车规级MCU与专用芯片及控制器研制”、江苏省自然科学基金(No.BK20191160)、计算机架构国家重点实验室开放研究项目(No.CARCH201901)、青蓝工程、常州市应用基础研究计划(No.CJ20200071)、常州市科技成果转化专项基金(No.2020029)专项资助。 |
|
The Survey of Post-quantum Cryptography Hardware Implementation |
CAO Yuan,LU Xu,WU Yanze,XIE Haodong,QIAO Yunkai,YAO Enyi,CHEN Shuai,YE Jing |
College of Computer Internet of Things Engineering, Hohai University, Changzhou 213000, China;School of Microelectronics, South China University of Technology, Guangzhou 511442, China;Guangdong Laboratory of Artificial Intelligence and Digital Economy (Guangzhou), Guangzhou 511442, China;Rock-solid Security Lab, Changzhou 213000, China;State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China |
Abstract: |
The majority of existing cryptosystems are based on public key cryptosystems such as RSA and ECC. This sort of encryption technology has specific benefits in the information security system when it comes to key exchange, digital signatures and identity authentication. Their security depends on the difficulty of solving integer factorization problem and the discrete logarithm problem. In recent years, with the rapid development of quantum computers, the time to solve the above mathematical problems is expected to be greatly reduced, which will seriously damage the security, confidentiality and comprehensiveness of digital communications. Under such circumstances, a new field of cryptography, namely Post-Quantum Cryptography (PQC) emerged. The encryption algorithm based on it can defend the attacks from quantum computers, so it has become a hot research topic recently. Since 2016, NIST has solicited candidate anti-quantum cryptography schemes from researchers all over the world and evaluated the security, cost, and performance of all solutions. The candidate solutions that passed the evaluation will be standardized. This article compares the various proposals of the NIST post-quantum cryptography algorithm solicitation (round 2 and 3), outlines the current main implementation methods of post-quantum encryption algorithms: hash-based, code-based, lattice-based and multivariate-based and analyzes their respective security, signature parameters and the characteristics of the amount of calculation, and the later optimization direction. The challenge of the PQC algorithm in hardware implementation is the mathematical complexity of the algorithm specifications. These specifications are usually written by cryptographers. The focus is on its security rather than the efficiency of implementation. The second is the requirement of storing large public keys, private keys and internal state, which may lead to the inability to achieve real lightweight, thereby reducing the efficiency of hardware implementation. This brief focuses on the current hardware implementation of post-quantum encryption algorithms, including the development of PQC hardware application programming interface, abstract implementation based on HLS and hardware implementation based on FPGA/ASIC platform. The hardware design of PQC scheme necessitates not only an efficient implementation of the algorithm but also the ability to withstand side-channel attacks on the hardware structure. A side-channel attack can obtain the key of a cryptographic device through relevant information leaked from the target device. This article discusses the types of side-channel attacks and countermeasures for post-quantum encryption algorithms in specific implementation and applications. |
Key words: quantum computer post-quantum cryptography encryption algorithm hardware implementation |