Ring-Learning-with-Errors (RLWE) has emerged as the foundation of many important techniques for improving security and privacy, including homomorphic encryption and post-quantum cryptography. While promising, these techniques have received limited use due to their extreme overheads of running on general-purpose machines. In this paper, we present a novel vector Instruction Set Architecture (ISA) and microarchitecture for accelerating the ring-based computations of RLWE. The ISA, named B512, is developed to meet the needs of ring processing workloads while balancing high-performance and general-purpose programming support. Having an ISA rather than fixed hardware facilitates continued software improvement post-fabrication and the ability to support the evolving workloads. We then propose the ring processing unit (RPU), a high-performance, modular implementation of B512. The RPU has native large word modular arithmetic support, capabilities for very wide parallel processing, and a large capacity high-bandwidth scratchpad to meet the needs of ring processing. We address the challenges of programming the RPU using a newly developed SPIRAL backend. A configurable simulator is built to characterize design tradeoffs and quantify performance. The best performing design was implemented in RTL and used to validate simulator performance. In addition to our characterization, we show that a RPU using 20.5mm2 of GF 12nm can provide a speedup of 1485x over a CPU running a 64k, 128-bit NTT, a core RLWE workload
翻译:摘要:基于环学习误差(RLWE)的技术已成为提高安全性和隐私性的许多重要技术的基础,包括同态加密和后量子密码学。然而,这些技术由于在通用计算机上运行的极高开销而受到限制。在本文中,我们提出了一种新颖的矢量指令集架构(ISA)和微架构,用于加速RLWE的环形计算。ISA名为B512,旨在满足环形处理工作负载的需求,同时平衡高性能和通用编程支持。使用ISA而不是固定硬件有助于在成品后继续改进软件,以及支持不断发展的工作负载。然后,我们提出了环形处理单元(RPU),这是B512的高性能、模块化实现。RPU具有本地大字模数运算支持、非常宽的并行处理能力以及大容量高带宽刮板以满足环形处理的需求。我们通过新开发的SPIRAL后端解决了使用RPU进行编程的挑战。构建了可配置的模拟器来表征设计折衷并量化性能。选出的最佳设计已经在RTL中实现,并用于验证模拟器性能。除了我们的表征,我们还显示了一个使用GF 12nm的面积为20.5mm2的RPU可以提供比运行64k、128位NTT的CPU快1485倍的速度提升.
相关内容
微信扫码咨询专知VIP会员