Ring-Learning-with-Errors (RLWE) has emerged as the foundation of many important techniques for improving security and privacy, including homomorphic encryption and post-quantum cryptography. While promising, these techniques have received limited use due to their extreme overheads of running on general-purpose machines. In this paper, we present a novel vector Instruction Set Architecture (ISA) and microarchitecture for accelerating the ring-based computations of RLWE. The ISA, named B512, is developed to meet the needs of ring processing workloads while balancing high-performance and general-purpose programming support. Having an ISA rather than fixed hardware facilitates continued software improvement post-fabrication and the ability to support the evolving workloads. We then propose the ring processing unit (RPU), a high-performance, modular implementation of B512. The RPU has native large word modular arithmetic support, capabilities for very wide parallel processing, and a large capacity high-bandwidth scratchpad to meet the needs of ring processing. We address the challenges of programming the RPU using a newly developed SPIRAL backend. A configurable simulator is built to characterize design tradeoffs and quantify performance. The best performing design was implemented in RTL and used to validate simulator performance. In addition to our characterization, we show that a RPU using 20.5mm2 of GF 12nm can provide a speedup of 1485x over a CPU running a 64k, 128-bit NTT, a core RLWE workload
翻译:摘要:基于环-学习-误差(RLWE)的技术已成为提高安全性和隐私性的许多重要技术的基础,包括同态加密和后量子密码。然而,由于在通用计算机上运行这些技术具有极高的开销,因此这些技术的应用受到了限制。本文提出了一个新的向量指令集架构(ISA)和微架构,用于加速RLWE的基于环的计算。该ISA名为B512,是为满足环处理工作负载的需求而开发的,同时平衡高性能和通用编程支持。ISA而不是固定硬件有助于在制造后继续改进软件,并支持不断发展的工作负载。然后,我们提出了环处理单元(RPU),它是B512的高性能、模块化实现。RPU具有本地大型字模数算术支持、非常宽的并行处理能力和大容量高带宽Scratchpad,以满足环处理的需求。我们通过新开发的SPIRAL后端解决了编程RPU的挑战。建立可配置的模拟器,对设计权衡进行表征和性能量化。实现了性能最佳的设计RTL,并用于验证模拟器性能。除了我们的表征,我们还表明,使用GF 12nm的20.5mm2的RPU在运行64k、128位NTT、核心RLWE工作负载的CPU上可以提供1485倍的加速。
相关内容
微信扫码咨询专知VIP会员