Number Theoretic Transform Architecture suitable to Lattice-based Fully-Homomorphic Encryption

The Number Theoretic Transform (NTT) plays a central role for supporting high-performance polynomial multiplication on Post-Quantum Cryptography (PQC) and Fully-Homomorphic Encryption (FHE). This paper proposes a novel Montgomery-based butterfly to efficiently implement NTTs on FPGAs. This proposal is supported on prime moduli suitable for FHE, which minimizes the requirements to allow the speedup of the computation of the butterfly. A search algorithm is presented to select these moduli, while flexibility is a target in all parameters making the proposed architectures well-suited for FHE and PQC schemes. We experimentally evaluate the effectiveness of the novel butterfly-core on a Xilinx Virtex-7 device. The results show reductions up to 19%, 41%, 37%, and 67% in the number of lookup tables, slices, flip-flops, and Digital Signal Processors (DSPs), respectively, in comparison to the related state of the art. By integrating the proposed butterflies in a complete NTT accelerator, a speedup of up to 1.42 is achieved, while less than half of the number of DSPs are required, when compared to the other proposals. Moreover, the integration of the proposed accelerators to design FHE-based processors is discussed.