High-Performance VLSI Architectures for Lattice-Based Cryptography

Lattice-based cryptography is a cryptographic primitive built upon the hard problems on point lattices. Cryptosystems relying on lattice-based cryptography have attracted huge attention in the last decade since they have post-quantum-resistant security and the remarkable construction of the algorithm. In particular, homomorphic encryption (HE) and post-quantum cryptography (PQC) are the two main applications of lattice-based cryptography. Meanwhile, the efficient hardware implementations for these advanced cryptography schemes are demanding to achieve a high-performance implementation. This dissertation aims to investigate the novel and high-performance very large-scale integration (VLSI) architectures for lattice-based cryptography, including the HE and PQC schemes. This dissertation first presents different architectures for the number-theoretic transform (NTT)-based polynomial multiplication, one of the crucial parts of the fundamental arithmetic for lattice-based HE and PQC schemes. Then a high-speed modular integer multiplier is proposed, particularly for lattice-based cryptography. In addition, a novel modular polynomial multiplier is presented to exploit the fast finite impulse response (FIR) filter architecture to reduce the computational complexity of the schoolbook modular polynomial multiplication for lattice-based PQC scheme. Afterward, an NTT and Chinese remainder theorem (CRT)-based high-speed modular polynomial multiplier is presented for HE schemes whose moduli are large integers

Low Power Adaptive Equaliser Architectures for Wireless LMMSE Receivers

Power consumption requires critical consideration during system design for portable wireless communication devices as it has a direct influence on the battery weight and volume required for operation. Wideband Code Division Multiple Access (W-CDMA) techniques are favoured for use in future generation mobile communication systems. This thesis investigates novel low power techniques for use in system blocks within a W-CDMA adaptive linear minimum mean squared error (LMMSE) receiver architecture. Two low power techniques are presented for reducing power dissipation in the LMS adaptive filter, this being the main power consuming block within this receiver. These low power techniques are namely the decorrelating transform, this is a differential coefficient technique, and the variable length update algorithm which is a dynamic tap-length optimisation technique. The decorrelating transform is based on the principle of reducing the wordlength of filter coefficients by using the computed difference between adjacent coefficients in calculation of the filter output. The effect of reducing the wordlength of filter coefficients being presented to multipliers in the filter is a reduction in switching activity within the multiplier thus reducing power consumed. In the case of the LMS adaptive filter, with coefficients being continuously updated, the decorrelating transform is applied to these calculated coefficients with minimal hardware or computational overhead. The correlation between filter coefficients is exploited to achieve a wordlength reduction from 16 bits down to 10 bits in the FIR filter block. The variable length update algorithm is based on the principle of optimising the number of operational filter taps in the LMS adaptive filter according to operating conditions. The number of taps in operation can be increased or decreased dynamically according to the mean squared error at the output of the filter. This algorithm is used to exploit the fact that when the SNR in the channel is low the minimum mean squared error of the short equaliser is almost the same as that of the longer equaliser. Therefore, minimising the length of the equaliser will not result in poorer MSE performance and there is no disadvantage in having fewer taps in operation. If fewer taps are in operation then switching will not only be reduced in the arithmetic blocks but also in the memory blocks required by the LMS algorithm and FIR filter process. This reduces the power consumed by both these computation intensive functional blocks. Power results are obtained for equaliser lengths from 73 to 16 taps and for operation with varying input SNR. This thesis then proposes that the variable length LMS adaptive filter is applied in the adaptive LMMSE receiver to create a low power implementation. Power consumption in the receiver is reduced by the dynamic optimisation of the LMS receiver coefficient calculation. A considerable power saving is seen to be achieved when moving from a fixed length LMS implementation to the variable length design. All design architectures are coded in Verilog hardware description language at register transfer level (RTL). Once functional specification of the design is verified, synthesis is carried out using either Synopsys DesignCompiler or Cadence BuildGates to create a gate level netlist. Power consumption results are determined at the gate level and estimated using the Synopsys DesignPower tool

Toatie : functional hardware description with dependent types

Describing correct circuits remains a tall order, despite four decades of evolution in Hardware Description Languages (HDLs). Many enticing circuit architectures require recursive structures or complex compile-time computation — two patterns that prove difficult to capture in traditional HDLs. In a signal processing context, the Fast FIR Algorithm (FFA) structure for efficient parallel filtering proves to be naturally recursive, and most Multiple Constant Multiplication (MCM) blocks decompose multiplications into graphs of simple shifts and adds using demanding compile time computation. Generalised versions of both remain mostly in academic folklore. The implementations which do exist are often ad hoc circuit generators, written in software languages. These pose challenges for verification and are resistant to composition. Embedded functional HDLs, that represent circuits as data, allow for these descriptions at the cost of forcing the designer to work at the gate-level. A promising alternative is to use a stand-alone compiler, representing circuits as plain functions, exemplified by the CλaSH HDL. This, however, raises new challenges in capturing a circuit’s staging — which expressions in the single language should be reduced during compile-time elaboration, and which should remain in the circuit’s run-time? To better reflect the physical separation between circuit phases, this work proposes a new functional HDL (representing circuits as functions) with first-class staging constructs. Orthogonal to this, there are also long-standing challenges in the verification of parameterised circuit families. Industry surveys have consistently reported that only a slim minority of FPGA projects reach production without non-trivial bugs. While a healthy growth in the adoption of automatic formal methods is also reported, the majority of testing remains dynamic — presenting difficulties for testing entire circuit families at once. This research offers an alternative verification methodology via the combination of dependent types and automatic synthesis of user-defined data types. Given precise enough types for synthesisable data, this environment can be used to develop circuit families with full functional verification in a correct-by-construction fashion. This approach allows for verification of entire circuit families (not just one concrete member) and side-steps the state-space explosion of model checking methods. Beyond the existing work, this research offers synthesis of combinatorial circuits — not just a software model of their behaviour. This additional step requires careful consideration of staging, erasure & irrelevance, deriving bit representations of user-defined data types, and a new synthesis scheme. This thesis contributes steps towards HDLs with sufficient expressivity for awkward, combinatorial signal processing structures, allowing for a correct-by-construction approach, and a prototype compiler for netlist synthesis.Describing correct circuits remains a tall order, despite four decades of evolution in Hardware Description Languages (HDLs). Many enticing circuit architectures require recursive structures or complex compile-time computation — two patterns that prove difficult to capture in traditional HDLs. In a signal processing context, the Fast FIR Algorithm (FFA) structure for efficient parallel filtering proves to be naturally recursive, and most Multiple Constant Multiplication (MCM) blocks decompose multiplications into graphs of simple shifts and adds using demanding compile time computation. Generalised versions of both remain mostly in academic folklore. The implementations which do exist are often ad hoc circuit generators, written in software languages. These pose challenges for verification and are resistant to composition. Embedded functional HDLs, that represent circuits as data, allow for these descriptions at the cost of forcing the designer to work at the gate-level. A promising alternative is to use a stand-alone compiler, representing circuits as plain functions, exemplified by the CλaSH HDL. This, however, raises new challenges in capturing a circuit’s staging — which expressions in the single language should be reduced during compile-time elaboration, and which should remain in the circuit’s run-time? To better reflect the physical separation between circuit phases, this work proposes a new functional HDL (representing circuits as functions) with first-class staging constructs. Orthogonal to this, there are also long-standing challenges in the verification of parameterised circuit families. Industry surveys have consistently reported that only a slim minority of FPGA projects reach production without non-trivial bugs. While a healthy growth in the adoption of automatic formal methods is also reported, the majority of testing remains dynamic — presenting difficulties for testing entire circuit families at once. This research offers an alternative verification methodology via the combination of dependent types and automatic synthesis of user-defined data types. Given precise enough types for synthesisable data, this environment can be used to develop circuit families with full functional verification in a correct-by-construction fashion. This approach allows for verification of entire circuit families (not just one concrete member) and side-steps the state-space explosion of model checking methods. Beyond the existing work, this research offers synthesis of combinatorial circuits — not just a software model of their behaviour. This additional step requires careful consideration of staging, erasure & irrelevance, deriving bit representations of user-defined data types, and a new synthesis scheme. This thesis contributes steps towards HDLs with sufficient expressivity for awkward, combinatorial signal processing structures, allowing for a correct-by-construction approach, and a prototype compiler for netlist synthesis