US 12,238,207 B2
Secure processor for post-quantum cryptography algorithm CRYSTALS-KYBER
Dongsheng Liu, Wuhan (CN); Ang Hu, Wuhan (CN); Tianze Huang, Wuhan (CN); Siqi Xiong, Wuhan (CN); Chenjun Yang, Wuhan (CN); and Jiaming Zhang, Wuhan (CN)
Assigned to Wuhan Yixin Microelectronics Co., Ltd., Wuhan (CN)
Filed by Wuhan Yixin Microelectronics Co., Ltd., Wuhan (CN)
Filed on Apr. 4, 2023, as Appl. No. 18/295,274.
Claims priority of application No. 202211363055.X (CN), filed on Nov. 2, 2022.
Prior Publication US 2024/0146517 A1, May 2, 2024
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0852 (2013.01) [H04L 9/3242 (2013.01)] 7 Claims
OG exemplary drawing
 
1. A secure processor for a post-quantum cryptography (PQC) algorithm CRYSTALS-KYBER, comprising a communication unit, a management unit, a processing unit, and a storage unit, wherein
the communication unit is configured to receive and transmit data for the secure processor;
the management unit is configured to control the processing unit according to the data;
the processing unit is configured to process the data to form encrypted data, decrypted data and key data; the processing unit comprises a fast number theoretic transform (NTT) module, a hash module, and a configurable sampling module; the hash module and the configurable sampling module are configured to process the data into polynomial data; and the NTT module is configured to accelerate an operation in data processing; and
the storage unit is configured to store the data;
the hash module comprises a controller, an input buffer, a round function module, and an output buffer; the input buffer is configured to pad a tail sequence of data; the round function module comprises two identical converters connected in series; the round function module is configured to process the data in SHA3-256, SHA3-512, SHAKE-128, SHAKE-256 and SHAKE-256 (s∥b); the output buffer 313 is configured to register processing data and processed data; The output buffer includes a 1,344-bit buffer register to separate the processing from the transmission;
the configurable sampling module comprises a rejection sampler and a binomial distribution sampler; the rejection sampler supports parallel input of four 48-bit data; and the binomial distribution sampler supports parallel input of sixteen 8-bit data; the rejection sampler includes a rejection sampling unit and a decryption unit; the secondary sampler includes a secondary sampling unit, a code processing unit, and a modulus-domain conversion unit; the rejection sampling unit compares the data, and samples the data less than 3329; the decryption unit decrypts the data less than 3329, and a counting unit rearranges the data to obtain a sequential output result; unsampled data in the rejection sampling unit is transmitted to the secondary sampler; the secondary sampling unit calculates a Hamming distance of the unsampled data, and transmits the unsampled data to the code processing unit for code conversion or to the modulus-domain conversion unit for modulo operation according to requirements of a mode.