A Flexible ASIC-oriented Design for a Full NTRU Accelerator

Post-quantum cryptosystems are the subject of a significant re-search effort, witnessed by various international standardization competitions. Among them, the NTRU Key Encapsulation Mech-anism has been recognized as a secure, patent-free, and efficient public key encryption scheme. In this work, we perform a design space exploration on an FPGA target, with the final goal of an effi-cient ASIC realization. Specifically, we focus on the possible choices for the design of polynomial multipliers with different memory bus widths to trade-off lower clock cycle counts with larger intercon-nections. Our design outperforms the best FPGA synthesis results at the state of the art, and we report the results of ASIC syntheses minimizing latency and area with a 40nm industrial grade technol-ogy library. Our speed-oriented design computes an encapsulation in 4.1 to 10.2µs and a decapsulation in 7.1 to 11.7µs, depending on the NTRU security level, while our most compact design only takes 20% more area than the underlying SHA-3 hash module.