In this paper, we present a lightweight hardware design for a recently proposed quantum-safe key encapsulation mechanism based on QC-LDPC codes called LEDAkem, which has been admitted as a round-2 candidate to the NIST post-quantum standardization project. Existing implementations focus on high speed while few of them take into account area or power efficiency, which are particularly decisive for low-cost or power constrained IoT applications. The solution we propose aims at maximizing the metric of area efficiency by rotating the QC-LDPC code representations amongst the block RAMs in digit level. Moreover, optimized parallelized computing techniques, lazy accumulation and block partition are exploited to improve key decapsulation in terms of area and timing efficiency. We show for instance that our area-optimized implementation for 128-bit security requires $6.82\times 10^5$6.82×105 cycles and $2.26\times 10^6$2.26×106 cycles to encapsulate and decapsulate a shared secret, respectively. The area-optimized design uses only 39 slices (3 percent of the available logic) and 809 slices (39 percent of the available logic) for key encapsulation and key decapsulation respectively, on a small-size low-end Xilinx Spartan-6 FPGA.

中文翻译：

---

在 FPGA 上使用 LDPC 码的轻量级密钥封装

在本文中，我们为最近提出的基于 QC-LDPC 代码的量子安全密钥封装机制提出了一种轻量级硬件设计，称为 LEDAkem，该机制已被 NIST 后量子标准化项目接纳为第 2 轮候选。现有的实施侧重于高速，而很少考虑面积或功率效率，这对于低成本或功率受限的物联网应用尤为重要。我们提出的解决方案旨在通过在数字级别的块 RAM 之间轮换 QC-LDPC 代码表示来最大化面积效率的度量。此外，还利用优化的并行计算技术、惰性累加和块分区来提高密钥解封装的面积和时序效率。$6.82\乘以 10^5$6.82×105 循环和 $2.26\乘以 10^6$2.26×106循环来分别封装和解封装共享秘密。面积优化设计在小型低端 Xilinx Spartan-6 FPGA 上仅使用 39 个切片（可用逻辑的 3%）和 809 个切片（可用逻辑的 39%）分别用于密钥封装和密钥解封。