H-Saber: An FPGA-Optimized Version for Designing Fast and Efficient Post-Quantum Cryptography Hardware Accelerators

With the performance promises of quantum computers, standard encryption algorithms can be defeated. For this reason, a set of new quantum-resistant algorithms have been proposed and submitted for a standardization contest initiated by NIST. While the submission requirement was ANSI C for the reference implementation, NIST encouraged providing software implementations optimized for different target platforms, such as high-performance CPUs, embedded microcontrollers, and FPGAs. Yet, none of the algorithms submitted any FPGA-optimized code, due to the large and expensive development time required for coding at RTL. High-Level synthesis (HLS) covers the gap by creating automatically hardware code for FPGA out of C/C++. However, the quality of results is suboptimal due to the limitation imposed by the inadequacy of source code for HLS. In this paper, we propose a version of Saber's code optimized for FPGA targets. We show how we detected and improved the performance of the reference code, achieving competitive results compared to the hand-made RTL-based designs.