Low-Power Cryptography Means Opportunities for the Chip Industry in IoT PQC
Many millions of the projected devices in the “Internet of Things” (IOT) will be wireless, very low power battery-operated devices with small microcontrollers and small memories. Current public key encryption will leave such devices vulnerable to attack by as quantum computers become available. Today’s post quantum cryptography techniques require more power and memory than many of these IOT devices possess.
Recently, MIT researchers have designed a novel post-quantum lattice cryptography demonstration chip with low power IOT devices in mind. The research was presented at the 2019 ISSCC conference. Lattice cryptography is one of the leading candidates for practical implementation but is computationally intense and currently not suitable for many low power IOT applications.
While current high-performance microprocessors and algorithms are inefficient with lattice processing, they are fast processors with large memories, and are not subject to the electrical power constraints of battery-operated devices. Current microprocessors can easily use brute force to produce acceptable processing times for lattice encryption. On the other hand, most IOT chips are much more cost and power sensitive and do not have the processing power, or memory necessary for efficient lattice encryption.
The MIT researchers designed a small (2 mm2) silicon test device compliant with one of the NIST standards for lattice-based cryptography and designed with power requirements low enough to be used with low power IOT devices:
• The first issue the new design addressed for current IOT hardware is the random number generation processing power issue. The MIT team examined many random number generation schemes and found Secure Hash Algorithm 3 (SHA-3) to be two to three times as efficient as current algorithms. After tweaking the algorithm and some modification of the math involved in sampling and post processing, the team ended up with a method that is two orders of magnitude more efficient and only takes 9% of the silicon chip real estate.
• The second issue the new design addressed is memory. Traditional two or four port RAM have high throughput but take a lot of silicon space on a chip, too much for many low power IOT applications. The MIT team modified a Number Theoretic Transform (NTT), which functions similar to a Fourier Transform, and allows use of four single port RAM’s and occupies about a third less silicon area than a multiport memory. The MIT design also has a small instruction memory component which can be programmed to handle different sampling techniques and will be able to be updated as lattice encryption evolves.
The advances made by the MIT team demonstrate hardware and algorithm improvements that can be applied to lattice cryptography in the near future to allow improved quantum computer resistant encryption in low power IOT devices which will become ubiquitous in the near future. The window of opportunity for chips of this kind is probably three to five years as IoT becomes a reality and PQC standards and products become stabilized. We also think there is an extended opportunity to apply the lessons from this work to other NIST approved cryptography algorithms. Look for startups that address this opportunity in the near future.
For more information on Inside Quantum Technology’s take on lattice cryptography and other post quantum cryptography: https://www.insidequantumtechnology.com/product/post-quantum-cryptography-ten-year-forecast/