Fast secure boot
Often, in situations where a system needs a high throughput, it can be challenging to offload the cryptography processing to specialized hardware. In network HSMs used by banks and financial institutions for example, the process has to maximize both speed and security, in order to handle large numbers of transactions in a way that’s safe, efficient, and appears as frictionless as possible to end users.
These devices need to be able to boot as quickly and as efficiently as possible (fast boot) and to boot using secure, trusted processes as safely as possible (secure boot) at the same time. When it comes to post-quantum cryptography, applying this trade-off is a difficult balance.
PQPerform-Lattice
PQPerform-Lattice is our specialized high-throughput hardware product. It’s optimized to handle performance, and integrates seamlessly with Linux applications.
CNSA 2.0, the NSA’s recommendation for PQC algorithms, permits the use of ML-DSA-87, an algorithm that handles signature verification. Speeding up signature verification is the key to achieving fast boot time in small images such as early stage boot loaders, as signature verification time can dominate over the image hashing time. Consequently, PQPerform-Lattice has been designed to solve this problem. For example:
- Image size: 8B, ML-DSA-87-verify: 16k cycles
- Image size: 32KB, ML-DSA-87-verify: 25k cycles
- Image size: 128KB, ML-DSA-87-verify: 55k cycles
- Image size: 512KB, ML-DSA-87-verify: 177k cycles
- Image size: 1MB, ML-DSA-87-verify: 339k cycles
- Image size: 4MB, ML-DSA-87-verify: 1.3M cycles
