Adams Bridge: An Accelerator for Post-Quantum Resilient

The name Adams Bridge is inspired by the mythological structure which was said to span a vast gulf between two landmasses. In the realm of cryptography, a similar vast gap exists between classical asymmetric cryptography and quantum-resilient cryptography.  Azure aims to bridge this gap by developing a fully open-source silicon quantum resilient cryptographic accelerator known as the Adams Bridge Accelerator.  The Adams Bridge accelerator will be first integrated into Caliptra 2.0, and then delivered as an independent accelerator thereafter.  This integration makes Caliptra the first open-source root-of-trust with hardened post quantum resilient cryptography.  

 

The algorithms used in classical asymmetric cryptography depend on complex number theory problems, such as integer factorization or the discrete logarithm problem, for their security. However, research has demonstrated that a quantum computer with enough power can defeat current asymmetric algorithms. Given this, the National Institute of Standards and Technology (NIST) has been working closely with the industry for several years to create new algorithms that are safe from quantum threats. NIST has finalized its selection of quantum-safe algorithms and has released publications, FIPS 203 and FIP S204 in August 2024.

 

The newly selected post-quantum algorithms are significantly different from their classical counterparts, which calls for a new approach to the design of digital signature schemes and attestation protocols.  Hardware device manufacturers and suppliers need to pay immediate attention to these changes as they impact foundational hardware security capabilities such as immutable root-of-trust anchors for both code integrity and hardware identity.  Currently, the risks to hardware are more significant than for software, due to longer development times and the immutability of hardware.   Therefore, immediate action is needed for new hardware designs.

 

To accelerate the adoption of these quantum resilient algorithms and to increase trustworthiness of hardware security, Microsoft is open sourcing our new Adams Bridge Accelerator that provides hardware acceleration for the NIST-selected quantum resilient algorithms Dilithium & Kyber. 

The Register Transfer Language (RTL) code for the Adams Bridge Accelerator – ‘Dilithium component’ is open-sourced as a discrete crypto accelerator and is also integrated into the already open-sourced Caliptra Root of Trust (RoT).  Providing the RTL for all portions of Adams Bridge will allow for easy uptake by industry partners, and save development time that would otherwise be spent developing identical functionality. 

 

This new open-source Caliptra update will be made available in October 2024.  The Adams Bridge Accelerator – Kyber component will be released shortly thereafter.

 

               

Figure 1  Caliptra Subsystem block diagram

 

Caliptra 2.0 – Root of Trust Subsystem

Caliptra, an open-source silicon root of trust for which Microsoft is a founding member, is already being adopted by leaders in modern AI infrastructure, storage and network infrastructure.  

 

At the OCP Global Summit 2024, This version of Caliptra is not only quantum resilient, but it expands upon the capabilities of Caliptra 1.0 to include the Root of Trust for Update and Root of Trust for Recovery.  Caliptra subsystem meets all the root of trust requirements of NIST 800-193 and offers a fully transparent root of trust subsystem, negating the need for additional boot controllers.

 

For more information about Caliptra and Adams Bridge, please visit the Caliptra website: https://Caliptra.io