@MASTERSTHESIS{ 2024:199562346,
 	title = {Hardware acceleration for post-quantum cryptography in resource constrained embedded systems with RISC-V ISEs},
 	year = {2024},
 	url = "https://tede2.pucrs.br/tede2/handle/tede/11644",
 	abstract = "The imminent rise of practical quantum computing threatens well-established cryptography algorithms for secret key exchange in use today, such as Diffie-Hellman, RSA and Elliptic Curve based schemes (ECC), via Shor?s algorithm. To answer this challenge, the National Institute for Standard and Technology (NIST) has launched a competition for Key Encapsulation Mechanism (KEM) algorithms showing resistance to classical and quantumbased attacks. In July 2022, NIST announced that the Crystals-Kyber algorithm was chosen as the competition?s winner, being standardized as ML-KEM. No works in literature sufficiently address the issue of efficient implementation of Kyber in resource-constrained embedded systems. This work aims to explore hardware acceleration through Instruction Set Extensions (ISEs) in a low-end 32-bit RISC-V core in a comprehensive evaluation comprising performance, energy consumption, memory footprint and die area costs, enabling an efficient implementation of a cryptosystem that can withstand attacks from the emergence of quantum computers and is compliant to current cryptographic standards and algorithm suites. In addition to Kyber, this work also explores several algorithms for authenticated encryption (AEAD) and hash functions at the 128 and 256 bit security levels, evaluating improvements due to the use of specialized instructions in each algorithm. In summary, the use of ISEs in hash functions provides gains of 32%, 38% and 16% in performance, energy consumption, and code size, respectively. Gains in authenticated encryption are of 58%, 61% and 35% in performance, energy consumption, and code size, respectively. Area costs are of at most 10% of the baseline Ibex processor with no ISEs, corresponding to 4K equivalent gates. Hardware acceleration of symmetric primitives (e.g. SHA-3) in Kyber show performance and energy gains of 32% each. Combining hardware acceleration via a novel XKyber ISE and of Kyber symmetric primitives, further gains of 46% and 44% in performance and energy consumption are observed, while also reducing code size by 15%. XKyber area costs are again of 10% of the baseline Ibex processor with no ISEs.",
 	publisher = {Pontif?cia Universidade Cat?lica do Rio Grande do Sul},
 	scholl = {Programa de P?s-Gradua??o em Ci?ncia da Computa??o},
 	note = {Escola Polit?cnica}
}