Apparaît dans la collection : 2024 - T3 - WS1 - Deployment of post-quantum cryptography
Hardware implementations of PQC schemes may quite easily outperform software implementations for at least a subset of major performance metrics, such as speed, power consumption, and energy usage. They may also offer better security against physical attacks, including side-channel analysis. Additionally, hardware efficiency can serve as a tie-breaker in the remaining phases of the NIST PQC standardization process. In this talk, we will analyze and compare the selected hardware implementations of emerging PQC standards. We will contrast the implementations of ML-KEM, based on CRYSTALS-Kyber, with the designs for the major NIST Round 3 and Round 4 KEMs. We will compare the implementations of ML-DSA, based on CRYSTALS-Dilithium, with the recently developed hardware implementations of selected Round 1 onramp signature schemes, such as MAYO, UOV, LESS, and SDiTH. All investigated schemes will be compared from the point of view of the public key and ciphertext or signature sizes, execution times in hardware, and the relative cost of their hardware implementations.
