Falcon Takes Off - A Hardware Implementation of the Falcon Signature Scheme

Falcon is one out of three post-quantum signature schemes which have been selected for standardization by NIST in July 2022. To the best of our knowledge, Falcon is the only selected algorithm that does not yet have a publicly reported hardware description that performs signing or key generation. The reason might be that the Falcon signature and key generation algorithms do not fit well in hardware due to the use of floating-point numbers and recursive functions. This publication describes the first hardware implementation for Falcon signing and key generation. To overcome the complexity of the Falcon algorithms, High-Level Synthesis (HLS) was preferred over a hardware description language like Verilog or VHDL. Our HLS code is based on the C reference implementation available at NIST. We describe the required modifications in order to be compliant with HLS, such as rewriting recursive functions into iterative versions. The hardware core at security level 5 requires 45,223 LUTs, 41,370 FFs, 182 DSPs, and 37 BRAMs to calculate one signature in 8.7 ms on a Zynq UltraScale+ FPGA. Security level 5 key generation takes 320.3 ms and requires 100,649 LUTs, 91,029 FFs, 1,215 DSPs, and 69 BRAMs

FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256

In recent years, a substantial amount of research has been conducted and progress made in the area of quantum computers. Small functional prototypes have already been reported. If they scale as expected, they will eventually be able to break current public-key cryptosystems. The goal of post-quantum cryptography is to develop cryptographic systems that are secure against attacks originating from both quantum and classical computers. Frequently referred post-quantum signature schemes are based on the security of hash functions. A promising candidate in this group is SPHINCS-256. This paper presents the first FPGA-based hardware accelerator for SPHINCS-256. It can be implemented on an entry-level FPGA, occupying roughly 19,000 LUTs, 38,000 FFs and 36 BRAMs. On a Kintex-7 Xilinx FPGA, signing takes 1.53 milliseconds, and verification needs only 65 microseconds. Area and throughput of the accelerator are in a range that outperform today’s widely used RSA signature scheme. The performance can even keep up with ECDSA accelerators. Hence, SPHINCS-256 is a hot candidate to replace RSA and ECDSA in a post-quantum world

An FPGA-based 7-ENOB 600 msample/s adc without any external components

Analog to digital converters (ADCs) are indispensable nowadays. Analog signals are digitized earlier and earlier in the processing chain to reduce the need for complex analog signal processing. For this reason, ADCs are often integrated directly into field-programmable gate arrays (FPGA) or microprocessors. However, such ADCs are designed for a specific set of requirements with limited flexibility. In this paper, a new structure of an FPGA-based ADC is proposed. The ADC is based on the slope ADC, where a time-to-digital converter (TDC) measures the time from the beginning of a reference slope until the slope reaches the voltage-to-be-measured. Only FPGA-internal elements are used to build the ADC. It is fully reconfigurable and does not require any external components. This innovation offers the flexibility to convert almost any digital input/output (I/O) into an ADC. Considering the very high number of digital I/O ports available in today\u27s FPGA systems, this enables the construction of a massive and powerful ADC array directly on a standard FPGA. The proposed ADC has a resolution of 9.3 bit and achieves an effective number of bits (ENOB) of 7 at a sample rate of 600 MSample/s. The differential nonlinearity (DNL) ranges from-0.9 to 0.9 bit, and the integral nonlinearity (INL) is in the range between-1.1 and 0.9 bit. An alternative version of the ADC operates at 1.2 GSample/s and achieves an ENOB of 5.3