We are publishing an early progress update on our ML-KEM hardware implementation, targeting full compliance with FIPS 203 (Module-Lattice-Based Key-Encapsulation Mechanism Standard). At this stage, Key Generation is complete and verified in RTL. Encapsulation and Decapsulation are in active development.
Design Philosophy: Minimum Footprint
Vicip IP cores are designed specifically for low-resource, low-power targets — embedded systems, IoT devices, and edge hardware where area and power budgets are tight. This is not a general-purpose implementation adapted for small devices; it is built for them from the ground up.
Key architectural constraints
Single DSP/multiplier throughout the design — no parallel multiply units. BRAM usage kept to a minimum. LUT footprint optimised at the architectural level, not just through synthesis flags. The same philosophy applies across all Vicip products.
Polynomial arithmetic in ML-KEM operates in a modular domain. Vicip implements this using Montgomery multiplication, allowing all modular reductions to be handled by a single, area-efficient multiplier unit.
Implementation Results
Synthesis and implementation were conducted against a Xilinx 7-Series target with stringent SoC-integration timing constraints. The design achieves 76.9 MHz (13ns) timing closure, representing a 2.3x frequency improvement over previous iterations. This allows for high-throughput PQC operations within a minimal area footprint.
What's Next
With Key Generation and Encapsulation (ML-KEM.Encaps) fully verified at 77 MHz, development has officially commenced on Decapsulation (ML-KEM.Decaps, FIPS 203 §6.3). This final module will utilize the same single-multiplier architectural philosophy to maintain our low-resource footprint across the full KEM flow.