AxRLWE: A Multi-level Approximate Ring-LWE Co-processor for Lightweight IoT Applications

Dur-e-Shahwar Kundi, Ayesha Khalid, Song Bian, Chenghua Wang, Maire O'Neill, Weiqiang Liu

Research output: Contribution to journalArticlepeer-review

62 Downloads (Pure)


This work presents a multi-level approximationexploration undertaken on the Ring-Learning-with-Errors (R-LWE) based Public-key Cryptographic (PKC) schemes thatbelong to quantum-resilient cryptography algorithms. Amongthe various quantum-resilient cryptography schemes proposedin the currently running NIST’s Post-quantum Cryptography(PQC) standardization plan, the lattice based LWE schemes haveemerged as the most viable and preferred class for the IoTapplications due to their compact area and memory footprintcompared to other alternatives. However, compared to the clas-sical schemes used today, R-LWE is much harder a challengeto fit on embedded IoT (end-node) devices, due to their stricterresource constraints (lower area, memory, energy budgets) aswell as their limited computational capabilities. To the best ofour knowledge, this is the first endeavour exploring the inherentapproximate nature of LWE problem to undertake a multi-levelApproximate R-LWE (AxRLWE) architecture with respectivesecurity estimates opt for lightweight IoT devices. UndertakingAxRLWE on Field Programmable Gate Arrays (FPGAs), webench-marked a64%area reduction cost compared to earlieraccurate R-LWE designs at the cost of reduced quantum-security.With 45nm CMOS technology, AxRLWE was bench-marked tofit well within the same area-budget of lightweight ECC processorand consume a third of energy compared to special class of R-Binary LWE (R-BLWE) designs being proposed for an IoT, withbetter security level.
Original languageEnglish
Journal IEEE Internet of Things Journal
Early online date27 Oct 2021
Publication statusEarly online date - 27 Oct 2021

Bibliographical note



Dive into the research topics of 'AxRLWE: A Multi-level Approximate Ring-LWE Co-processor for Lightweight IoT Applications'. Together they form a unique fingerprint.

Cite this