D5.3 Final Report on Hardware-Optimized Schemes

In this deliverable D5.3 "Final Report on Hardware-Optimized Schemes", we give a description of work that has been done for developing hardware-optimized schemes for functional encryption (FE). D5.3 extends D5.2 \Preliminary Report on Hardware-Optimized Schemes" from May 2019. This deliverable is specifically about the work in Task 5.2. As defined in D5.1 \Security and Trust Models", we assume full trust for the hardware-optimized schemes. This means that the computing platform is not susceptible to physical attacks because either adversaries do not have access to it (e.g., is located in a secure environment) or it is certified to provide protection against physical attacks (e.g. a smart card or secure element).

Consequently, the focus is in maximizing the efficiency of implementations which in this case means primarily accelerating the computations so that FE schemes can be computed as fast as possible. The work has focused on two different types of FE schemes: (1) schemes using large integer modular arithmetic and (2) schemes based on lattices. For the former, we describe an FPGA-based multi-core architecture for accelerating multi-input FE for inner product computations based on Paillier encryption and provide the final results for it. For the latter, we describe an instantiation of a post-quantum secure single-input FE scheme based on RLWE, detail its current status, and provide research directions towards an efficient hardware-optimized implementation. We describe a potentially new polynomial multiplication strategy to speed up RLWE based FE schemes. Additionally, we provide results for cryptographic pairings which are central building blocks for FE schemes with more expressive functions and additional features.