Invited Paper: Instruction Set Extensions for Post-Quantum Cryptography

Quantum computing is one of the latest breakthroughs in the field of computer science, having the potential of breaking the underlying assumptions of public-key cryptography. With the National Institute of Standards and Technology (NIST) having announced that lattice-based Kyber as Key Encapsulation Mechanism (KEM) and Dilithium and Falcon as digital signatures are going to be standardized as the first Post-Quantum Cryptography (PQC) schemes, the scientific community needs to investigate how to efficiently implement these new primitives to ensure a smooth transition. We review in this work the state-of-the-art in Instruction Set Extensions (ISEs) for the lattice-based PQC schemes to be standardized. We categorize them into three groups. Firstly, tightly-integrated implementations that aim to be small and only accelerate the core functions, secondly more generic and bigger ISEs that target more lattice operations, and thirdly a special class that focuses on vectorized processing. While we observe promising results in improving on runtime and energy consumption, the memory footprint is often overlooked in the evaluation, even though this is a serious issue in PQC where keys, ciphertexts and signatures tend to be larger. Additionally, we envision that more generic lattice-based ISEs will surface, and that side-channel and fault attacks will become more important.