Uniform instruction set extensions for multiplications in contemporary and post-quantum cryptography

Felix Oberhansl, Tim Fritzmann, Thomas Pöppelmann, Debapriya Basu Roy, Georg Sigl

Research output: Contribution to journalArticlepeer-review


Hybrid key encapsulation is in the process of becoming the de-facto standard for integration of post-quantum cryptography (PQC). Supporting two cryptographic primitives is a challenging task for constrained embedded systems. Both contemporary cryptography based on elliptic curves or RSA and PQC based on lattices require costly multiplications. Recent works have shown how to implement lattice-based cryptography on big-integer coprocessors. We propose a novel hardware design that natively supports the multiplication of polynomials and big integers, integrate it into a RISC-V core, and extend the RISC-V ISA accordingly. We provide an implementation of Saber and X25519 to demonstrate that both lattice- and elliptic-curve-based cryptography benefits from our extension. Our implementation requires only intermediate logic overhead, while significantly outperforming optimized ARM Cortex M4 implementations, other hardware/software codesigns, and designs that rely on contemporary accelerators.

Original languageEnglish
Pages (from-to)1-18
Number of pages18
JournalJournal of Cryptographic Engineering
Issue number1
StatePublished - Apr 2024


  • Elliptic-curve cryptography
  • Hybrid key encapsulation
  • Instruction set extensions
  • Lattice-based cryptography
  • Post-quantum cryptography
  • RISC-V


Dive into the research topics of 'Uniform instruction set extensions for multiplications in contemporary and post-quantum cryptography'. Together they form a unique fingerprint.

Cite this