In this section we elaborate on a new example processor model that is introduced with the 2023.06 release of ASIP Designer. It is called “Tsec” and implements an accelerator for post-quantum cryptography.
Kyber, the first standardized key encryption mechanism designed to withstand attacks with future powerful quantum computers, is computationally very demanding due to extensive use of hashing, for example. The Tsec example is an ASIP optimized for accelerating Kyber. It evolved from a RISC-V base model to which custom application-specific instructions were added as well as architectural specializations that go beyond simple RISC-V extension mechanisms, such as adding heterogeneous storage.
The underlying base model is Trv32p5x, a previously existing example processor model with a RISC-V scalar instruction set (RV32IM) and 5 pipeline stages, enhanced with DSP-type extensions including:
- A zero-overhead looping mechanism that allows to efficiently implement loops that iterate over arrays
- Load and store instructions with a post-modify addressing mode, that allow to make pointer updates without instruction overhead
- 2-way instruction-level parallelism to support the simultaneous execution of a compute operation and a memory access
Using the rich profiling capabilities of ASIP Designer, an open-source software implementation of the Kyber algorithm was simulated and profiled on the baseline model. Two main computational kernels were identified as the dominating bottlenecks: modular finite-field operations such as “Montgomery reduction” and “Barrett reduction”, and a hashing mechanism called “Keccak state permutation”.
The Montgomery and Barrett reduction functions could be accelerated by fusing them into single instructions. These fused instructions operate just like a custom scalar ALU instruction on the central register file X.