Exploring the RISC-V Vector Extension for the Classic McEliece Post-Quantum Cryptosystem

Sabine Pircher1, Johannes Geier2, Alexander Zeh3, Daniel Mueller-Gritschneder2
1HENSOLDT Cyber GmbH, Research and Development; Technical University of Munich, Department of Electrical and Computer Engineering, Professorship of Coding for Communications and Data Storage, 2Technical University of Munich, Department of Electrical and Computer Engineering, Chair of Electronic Design Automation, 3HESOLDT Cyber GmbH, Research and Development


The dawn of quantum computers threatens the security guarantees of classical public-key cryptography. This gave rise to a new class of so-called quantum-resistant cryptography algorithms and a need to efficiently implement them on embedded hardware platforms. This paper investigates how we can exploit the most recent RISC-V Vector Extension Version 0.9 (RVV0.9) to accelerate a quantum-resistant code-based cryptosystem. We focused on the Gaussian Elimination Algorithm (GEA) that is essential for the key generation of the McEliece scheme. The GEA offers high potential for acceleration by vector instructions of the RVV extension. In order to evaluate the possible gains, we adopted a rapid prototyping approach based on an instruction set simulator (ISS). We extended the simulator ETISS with a SoftVector library, which allows to quickly model the instructions of RVV. Using the rapid prototyping nvironment, the GEA was re-implemented and verified for RVV0.9. The final performance gain heavily depends on the memory interface of the vector unit. For different configurations of the memory system, we could profile performance gains of 6x up to 18x for the GEA. This clearly shows the benefit of RVV for implementing quantum-resistant cryptosystems.