International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

High-Performance Hardware Implementation of MPCitH and Picnic3

Authors:
Guoxiao Liu , Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China
Keting Jia , Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China; BNRist, Tsinghua University, Beijing, China; Zhongguancun Laboratory, Beijing, China
Puwen Wei , School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China; Quan Cheng Laboratory, Jinan, China
Lei Ju , Quan Cheng Laboratory, Jinan, China
Download:
DOI: 10.46586/tches.v2024.i2.190-214
URL: https://tches.iacr.org/index.php/TCHES/article/view/11425
Search ePrint
Search Google
Abstract: Picnic is a post-quantum digital signature, the security of which relies solely on symmetric-key primitives such as block ciphers and hash functions instead of number theoretic assumptions. One of the main concerns of Picnic is the large signature size. Although Katz et al.’s protocol (MPCitH-PP) significantly reduces the size of Picnic, the involvement of more parties in MPCitH-PP leads to longer signing/verification times and more hardware resources. This poses new challenges for implementing high-performance Picnic on resource-constrained FPGAs. So far as we know, current works on the hardware implementation of MPCitH-based signatures are compatible with 3 parties only. In this work, we investigate the optimization of the implementation of MPCitH-PP and successfully deploying MPCitH-PP with more than three parties on resource-constrained FPGAs, e.g., Xilinx Artix-7 and Kintex-7, for the first time. In particular, we propose a series of optimizations, which include pipelining and parallel optimization for MPCitH-PP and the optimization of the underlying symmetric primitives. Besides, we make a slight modification to the computation of the offline commitment, which can further reduce the number of computations of Keccak. These optimizations significantly improve the hardware performance of Picnic3. Signing messages on our FPGA takes 0.047 ms for the L1 security level, outperforming Picnic1 with hardware by a factor of about 5.3, which is the fastest implementation of post-quantum signatures as far as we know. Our FPGA implementation for the L5 security level takes 0.146 ms beating Picnic1 by a factor of 8.5, and outperforming Sphincs by a factor of 17.3.
BibTeX
@article{tches-2024-34049,
  title={High-Performance Hardware Implementation of MPCitH and Picnic3},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={024 No. 2},
  pages={190-214},
  url={https://tches.iacr.org/index.php/TCHES/article/view/11425},
  doi={10.46586/tches.v2024.i2.190-214},
  author={Guoxiao Liu and Keting Jia and Puwen Wei and Lei Ju},
  year=2024
}