


























Patrick Longa, Microsoft Research
Jakub Szefer, Northwestern University
FrodoKEM, a conservative post-quantum key encapsulation mechanism based on the plain Learning with Errors (LWE) problem, has been recommended for use by several government cybersecurity agencies and is currently undergoing standardization by the International Organization for Standardization (ISO). Despite its robust security guarantees, FrodoKEM's performance remains one of the main challenges to its widespread adoption. This work addresses this concern by presenting a fully standard-compliant, high-performance hardware implementation of FrodoKEM targeting both FPGA and ASIC platforms. The design introduces a scalable parallelization architecture that supports run-time configurability across all twelve parameter sets, covering three security levels (L1, L3, L5), two PRNG variants (SHAKE-based and AES-based), and both standard and ephemeral modes, alongside synthesis-time tunability through a configurable performance parameter to balance throughput and resource utilization. For security level L1 on AMD Artix 7 FPGA, the implementation achieves 2,599, 2,338, and 2,147 operations per second for key generation, encapsulation, and decapsulation, respectively, representing the fastest standard-compliant performance reported to date while consuming only 37.6K LUTs, 64 DSPs, and 10.1K flip-flops. The design achieves a 2.3–159$\times$ improvement in the Area–Time Product (ATP) over all prior specification-compliant FPGA implementations. Furthermore, this work presents the first ASIC evaluation of FrodoKEM using the NANGATE45 45 nm technology library, achieving 7,721, 6,946, and 6,378 operations per second for key generation, encapsulation, and decapsulation, respectively, with a logic area of 0.250 mm$^2$. The ASIC implementation exhibits favorable sub-linear area scaling and competitive energy efficiency across different performance parameter configurations, establishing a baseline for future comparative studies. The results validate FrodoKEM's practical viability for deployment in high-throughput, resource-constrained, and power-sensitive cryptographic applications, demonstrating that conservative post-quantum security can be achieved without compromising performance.
BibTeX
@misc{cryptoeprint:2025/2269,
author = {Sanjay Deshpande and Patrick Longa and Jakub Szefer},
title = {Accelerating {FrodoKEM} in Hardware},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/2269},
year = {2025},
url = {https://eprint.iacr.org/2025/2269}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。