KaratSaber: New Speed Records for Saber Polynomial Multiplication using Efficient Karatsuba FPGA Architecture

Abstract

SABER is a round 3 candidate in the NIST Post-Quantum Cryptography Standardization process. Polynomial convolution is one of the most computationally intensive operation in Saber Key Encapsulation Mechanism, that can be performed through widely explored algorithms like the schoolbook polynomial multiplication algorithm (SPMA) and Number Theoretic Transform (NTT). While SPMA multiplier has a slow latency performance, the NTT-based multiplier usually requires large hardware. In this work, we propose KaratSaber, an optimized Karatsuba polynomial multiplier architecture with a balanced hardware efficiency (throughput-per-slice, TPS) compared to NTT and SPMA based designs. KaratSaber employs several techniques for an efficient design: a parallel grid input technique for efficient pre-processing stage in Karatsuba-based polynomial multiplier, a novel instruction code result-mapping technique catering the negacyclic operations improves the post-processing stage efficiency, a double multiplicand shifter-based multiplier doubles the throughput at the multiplication stage. Combining these three techniques, the proposed KaratSaber architecture is 7.47<inline-formula><tex-math notation=LaTeX>$\times$</tex-math></inline-formula> faster compared to the state-of-the-art SPMA Saber architecture at the expense of 4.96<inline-formula><tex-math notation=LaTeX>$\times$</tex-math></inline-formula> additional hardware resources; making KaratSaber 46.04% more area-time efficient. When compared to LWRPro, a recent Karatsuba Saber architecture, KaratSaber architecture achieves a 2.11<inline-formula><tex-math notation=LaTeX>$\times$</tex-math></inline-formula> higher throughput by only utilizing 1.92<inline-formula><tex-math notation=LaTeX>$\times$</tex-math></inline-formula> additional hardware; thus gaining a 10.44% improvement in area-time efficiency IEEE