Paper 2021/1648

A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for CRYSTALS-Kyber

Huimin Li, Delft University of Technology, The Netherlands
Nele Mentens, Leiden University, The Netherlands; KU Leuven, Belgium
Stjepan Picek, Radboud University and Delft University of Technology, The Netherlands

SHA-3 is considered to be one of the most secure standardized hash functions. It relies on the Keccak-f[1,600] permutation, which operates on an internal state of 1,600 bits, mostly represented as a $5\times5\times64{-}bit$ matrix. While existing implementations process the state sequentially in chunks of typically 32 or 64 bits, the Keccak-f[1,600] permutation can benefit a lot from speedup through parallelization. This paper is the first to explore the full potential of parallelization of Keccak-f[1,600] in RISC-V based processors through custom vector extensions on 32-bit and 64-bit architectures. We analyze the Keccak-f[1,600] permutation, composed of five different step mappings, and propose ten custom vector instructions to speed up the computation. We realize these extensions in a SIMD processor described in SystemVerilog. We compare the performance of our designs to existing architectures based on vectorized application-specific instruction set processors (ASIP). We show that our designs outperform all related work thanks to our carefully selected custom vector instructions.

Available format(s)
Publication info
Lattice-based Cryptography Polynomial Operation Vector Instruction SIMD Processor RISC-V ISA Extension
Contact author(s)
H Li-7 @ tudelft nl
nele mentens @ kuleuven be
s picek @ tudelft nl
2022-09-28: last of 4 revisions
2021-12-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Huimin Li and Nele Mentens and Stjepan Picek},
      title = {A Scalable {SIMD} {RISC}-V based Processor with Customized Vector Extensions for {CRYSTALS}-Kyber},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1648},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.