2025
Conference Paper
Title

Towards ML-KEM & ML-DSA on OpenTitan

Abstract
This paper presents extensions to the OpenTitan hardware root of trust that aim at enabling high-performance lattice-based cryptography. We start by carefully optimizing ML-KEM and ML-DSA-the two algorithms primarily rec-ommended and standardized by NIST-in software targeting the OpenTitan Big Number (OTBN) accelerator. Based on profiling results of these implementations, we propose tightly integrated extensions to OTBN, specifically an interface from OTBN to OpenTitan's Keccak accelerator (KMAC core) and extensions to the OTBN ISA to support operations on 2S6-bit vectors. We implement these extensions in hardware and show that we achieve a speedup by a factor between 6 and 9 for different operations and parameter sets of ML-KEM and ML-DSA compared to our baseline implementation on unmodified OTBN. This speedup is achieved with an increase in cell count of less than 17% in OTBN, which corresponds to an increase of less than 3 % for the full Earl Grey OpenTitan core.
Author(s)
Abdulrahman, Amin
Max Planck Institute for Security and Privacy
Oberhansl, Felix Fritz
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Hien Pham, Hoang Nguyen
BULL S.A.
Philipoom, Jade
ZeroRISC
Schwabe, Peter
Max Planck Institute for Security and Privacy
Stelzer, Tobias
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Seelos-Zankl, Andreas
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Mainwork
Conference
DOI
Language
English
Keyword(s)