Lattice based cryptography plays an important role in the construction of post-quantum cryptography, including key exchange, public key encryption as well as digital signature schemes. Dating back to 2016, a new key exchange scheme called NewHope was proposed by Alkim, Ducas, Pöppelmann, and Schwabe that based security on the quantum hardness of Ring Learning with Errors (RLWE) problem, and was later submitted to the NIST public competition of standard post-quantum cryptography. The new scheme is attractive as it is designed to achieve high performance. In this work, we concentrate on its performance on hardware platforms and propose an efficient implementation of NewHope on Xilinx Artix-7 7020 FPGA platform that consumes 3158 slices, 10285 LUTs, 6623 registers in the server side, and 3042 slices, 10345 LUTs, 6704 registers in the client side, achieving a 45% reduction in LUT, 30% reduction in FF while the total time utilization also decreases by 16% compared with the up to date and directly related work. Specifically, we can accomplish three phases of the key exchange in 39.8/61.7/ $21.4~\mu \text{s}$ respectively, operating in 153/152 MHz in server/client side.

中文翻译：

---

NewHope 密钥交换在 FPGA 上的有效实现

基于格的密码学在后量子密码学的构建中扮演着重要的角色，包括密钥交换、公钥加密以及数字签名方案。追溯到 2016 年，Alkim、Ducas、Pöppelmann 和 Schwabe 提出了一种名为 NewHope 的新密钥交换方案，该方案基于带错误环学习（RLWE）问题的量子硬度的安全性，后来提交给 NIST 公开竞赛标准的后量子密码学。新方案很有吸引力，因为它旨在实现高性能。在这项工作中，我们专注于其在硬件平台上的性能，并提出在 Xilinx Artix-7 7020 FPGA 平台上高效实现 NewHope，该平台消耗 3158 个切片、10285 个 LUT、6623 个服务器端寄存器以及 3042 个切片、10345 个 LUT、6704在客户端注册，与最新的和直接相关的工作相比，LUT 减少了 45%，FF 减少了 30%，同时总时间利用率也减少了 16%。具体来说，我们可以分别在 39.8/61.7/$21.4~\mu\text{s}$ 完成三个阶段的密钥交换，在 153/152 MHz 的服务器/客户端运行。