Evaluating NTT/INTT implementation styles for post-quantum cryptography

Malik Imran, Safiullah Khan, Ayesha Khalid, Ciara Rafferty, Yasir Ali Shah, Samuel Pagliarini, Muhammad Rashid, Maire O'Neill

Research output: Contribution to journalLetterpeer-review

6 Downloads (Pure)


Unifying the forward and inverse operations of the number theoretic transform (NTT) into a single hardware module is a common practice when designing polynomial coefficient multiplier accelerators as used in the post-quantum cryptographic algorithms. This work experimentally evaluates that this design unification is not always advantageous. In this context, we present three NTT hardware architectures: (i) A forward NTT (FNTT) architecture, (ii) An inverse NTT (INTT) architecture and (iii) A unified NTT (UNTT) architecture for computing the FNTT and INTT computations on a single design. We benchmark our throughput/area and energy/area evaluations on Xilinx Virtex-7 FPGA and 28nm ASIC platforms. The standalone FNTT and INTT designs, on average on FPGA, exhibit 4.66× and 3.75× higher throughput/area and energy/area values respectively than the UNTT design. Similarly, the individual FNTT and INTT designs, on average on ASIC, achieve 1.25× and 1.09× higher throughput/area and energy/area values respectively, compared to the UNTT design.

Original languageEnglish
Number of pages4
JournalIEEE Embedded Systems Letters
Early online date06 Jun 2024
Publication statusEarly online date - 06 Jun 2024

Publications and Copyright Policy

This work is licensed under Queen’s Research Publications and Copyright Policy.


  • post-quantum cryptography
  • number theoretic transform
  • polynomial multiplication
  • FPGA
  • ASIC


Dive into the research topics of 'Evaluating NTT/INTT implementation styles for post-quantum cryptography'. Together they form a unique fingerprint.

Cite this