Implementational challenges of lattice-based cryptography.

Homomorphic encryption schemes and several post-quantum cryptographic algorithms use novel mathematical techniques based on lattices. The computational complexity and excessive data sizes make the design of efficient co-processors or instruction set extensions a challenge. Furthermore, each scheme exhibits different trade-offs between security parameters, memory size and bandwidth requirements. In this PhD thesis, we investigate these implementational challenges by designing architectures that are efficient in terms of throughput, area, power and energy. In this context, we aim to design architectures that are optimized both algorithmically and architecturally. Our next step is to generalize, so that optimizations can be re-used between different homomorphic and post-quantum schemes. At the same time we look at countermeasures such that our architectures are able to resist side-channel as well as fault attacks.