A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange

Aikata Aikata*, Ahmet Can Mert, David Jacquemin, Amitabh Das, Donald Matthews, Santosh Ghosh, Sujoy Sinha Roy

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


We propose design methodologies for building a compact, unified and programmable cryptoprocessor architecture that computes post-quantum key agreement and digital signature. Synergies in the two types of cryptographic primitives are used to make the cryptoprocessor compact. As a case study, the cryptoprocessor architecture has been optimized targeting the signature scheme 'CRYSTALS-Dilithium' and the key encapsulation mechanism (KEM) 'Saber,' both finalists in the NIST's post-quantum cryptography standardization project. The programmable cryptoprocessor executes key generations, encapsulations, decapsulations, signature generations, and signature verifications for all the security levels of Dilithium and Saber. On a Xilinx Ultrascale+ FPGA, the proposed cryptoprocessor consumes 18,406 LUTs, 9,323 FFs, 4 DSPs, and 24 BRAMs. It achieves 200 MHz clock frequency and finishes CCA-secure key-generation/encapsulation/decapsulation operations for LightSaber in 29.6/40.4/ 58.3 μs; for Saber in 54.9/69.7/94.9 μs; and for FireSaber in 87.6/108.0/139.4 μs, respectively. It finishes key-generation/sign/verify operations for Dilithium-2 in 70.9/151.6/75.2 μs; for Dilithium-3 in 114.7/237/127.6 μs; and for Dilithium-5 in 194.2/342.1/228.9 μs, respectively, for the best-case scenario. On UMC 65 nm library for ASIC the latency is improved by a factor of two due to a 2× increase in clock frequency.

Original languageEnglish
Pages (from-to)1568-1580
Number of pages13
JournalIEEE Transactions on Computers
Issue number6
Early online date10 Oct 2022
Publication statusPublished - 1 Jun 2023


  • Computer architecture
  • Computers
  • Cryptography
  • CRYSTALS-Dilithium
  • Design methodology
  • Digital signatures
  • Hardware Implementation
  • Hash functions
  • Lattice-based Cryptography
  • NIST
  • Post-quantum cryptography
  • Saber
  • saber
  • post-quantum cryptography
  • lattice-based cryptography
  • hardware implementation

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics


Dive into the research topics of 'A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange'. Together they form a unique fingerprint.

Cite this