Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer:

Slides:

Advertisements

Similar presentations

FPGA and ASIC Technology Comparison - 1 © 2009 Xilinx, Inc. All Rights Reserved FPGA and ASIC Technology Comparison, Part 2.

Advertisements

14. Aug Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.

Advanced Information Security 4 Field Arithmetic

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.

Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.

UCB November 8, 2001 Krishna V Palem Proceler Inc. Customization Using Variable Instruction Sets Krishna V Palem CTO Proceler Inc.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

Workshop on Cryptographic Hardware and Embedded Systems (CHES 2006) 13/10/2006 1/26 Superscalar Coprocessor for High-speed Curve-based Cryptography K.

Ross Brennan On the Introduction of Reconfigurable Hardware into Computer Architecture Education Ross Brennan

Performance and Overhead in a Hybrid Reconfigurable Computer O. D. Fidanci 1, D. Poznanovic 2, K. Gaj 3, T. El-Ghazawi 1, N. Alexandridis 1 1 George Washington.

RICE UNIVERSITY Implementing the Viterbi algorithm on programmable processors Sridhar Rajagopal Elec 696

Allen Michalski CSE Department – Reconfigurable Computing Lab University of South Carolina Microprocessors with FPGAs: Implementation and Workload Partitioning.

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Dr. Johannes Wolkerstorfer IAIK – Graz University of Technology.

Automated Design of Custom Architecture Tulika Mitra

1 Advance Computer Architecture CSE 8383 Ranya Alawadhi.

Research on Reconfigurable Computing Using Impulse C Carmen Li Shen Mentor: Dr. Russell Duren February 1, 2008.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

HW/SW PARTITIONING OF FLOATING POINT SOFTWARE APPLICATIONS TO FIXED - POINTED COPROCESSOR CIRCUITS - Nalini Kumar Gaurav Chitroda Komal Kasat.

ECE 545 – Introduction to VHDL ECE 645—Project 2 Project Options.

Efficient Implementation of a String Matching Algorithm for SRC and Cray Reconfigurable Computers Esam El-Araby 1, Mohamed Taher 1, Tarek El-Ghazawi 1,

Hyperelliptic Curve Coprocessors On a FPGA HoWon Kim ETRI, Korea.

Gaj1P230/MAPLD 2004 Elliptic Curve Cryptography over GF(2 m ) on a Reconfigurable Computer: Polynomial Basis vs. Optimal Normal Basis Representation Comparative.

A Low-Power Design for an Elliptic Curve Digital Signature Chip Rich Schroeppel, Tim Draelos, Russell Miller, Rita Gonzales, Cheryl Beaver

BCRYPT ECC-Day 2008 Requirements, Algorithms, Architectures The design space of ECC hardware.

Ch. 2 Data Manipulation 4 The central processing unit. 4 The stored-program concept. 4 Program execution. 4 Other architectures. 4 Arithmetic/logic instructions.

Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Tim Güneysu, Christof Paar and Jan Pelzl.

M. Mateen Yaqoob The University of Lahore Spring 2014.

ECEG-3202 Computer Architecture and Organization Chapter 7 Reduced Instruction Set Computers.

Wavelet Spectral Dimension Reduction of Hyperspectral Imagery on a Reconfigurable Computer Tarek El-Ghazawi1, Esam El-Araby1, Abhishek Agarwal1, Jacqueline.

Cryptographic coprocessor

Gaj1MAPLD 2005/1016 Development and Maintenance of User Libraries for SRC Reconfigurable Computers Kris Gaj 1, Tarek El-Ghazawi 2, Paul Gage 3, Dan Poznanovic.

A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2 n ) Michael Jung 1, M. Ernst 1, F. Madlener 1, S. Huss 1, R. Blümel.

Mapping of Regular Nested Loop Programs to Coarse-grained Reconfigurable Arrays – Constraints and Methodology Presented by: Luis Ortiz Department of Computer.

An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, Tarek El-Ghazawi 1 1 The George.

RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.

Motivation Basis of modern cryptosystems

Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.

Topics to be covered Instruction Execution Characteristics

Design and Analysis of Low-Power novel implementation of encryption standard algorithm by hybrid method using SHA3 and parallel AES.

Programmable Hardware: Hardware or Software?

Supported in part by NIST/U.S. Department of Commerce

An Inverter Architecture for ECC-GF(2m) Based on the Stein’s Algorithm

Chapter 9 – Elliptic Curve Cryptography ver. November 3rd, 2009

Network Security Design Fundamentals Lecture-13

D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK

CS161 – Design and Architecture of Computer Systems

Architecture & Organization 1

Improving java performance using Dynamic Method Migration on FPGAs

Implementation of IDEA on a Reconfigurable Computer

Architecture & Organization 1

Matlab as a Development Environment for FPGA Design

The Application of Elliptic Curves Cryptography in Embedded Systems

Computer Evolution and Performance

Introduction to Elliptic Curve Cryptography

Chapter 12 Pipelining and RISC

Cryptology Design Fundamentals

The George Washington University

Network Security Design Fundamentals Lecture-13

Presentation transcript:

Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer: Polynomial Basis vs. Optimal Normal Basis Representation Comparative Study Kris Gaj, Sashisu Bajracharya, Nghi Nguyen, Deapesh Misra Tarek El-Ghazawi George Mason University The George Washington University Gaj 1

What is a reconfigurable computer? Reconfigurable processor system Microprocessor system P . . . P . . . FPGA FPGA P memory P memory FPGA memory FPGA memory . . . . . . Interface Interface I/O I/O Gaj 2

Why cryptography is a good application for reconfigurable computers? computationally intensive arithmetic operations unconventionally long operand sizes (160-2048 bits) multiple algorithms, parameters, key sizes, and architectures = need for reconfiguration

SRC Hardware & Software Gaj 4

SRC-6E from SRC Computers, Inc. Gaj 5

SRC Hardware Architecture Gaj 6

SRC Programming SRC HDL (VHDL) HLL (C) P system FPGA system Library Developer Application Programmer Gaj 7

SRC Compilation Process Gaj 8

Elliptic Curve Cryptosystems Gaj 9

Elliptic Curve Cryptosystems public key (asymmetric) cryptosystems first true alternative for RSA several times shorter keys fast and compact implementations, in particular in hardware a family of cryptosystems, instead of a single cryptosystem Gaj 10

Three Classes of Elliptic Curves Elliptic curves built over Secure m m=155 .. 512 K = GF(p) K = GF(2m) Our m m=233 Arithmetic operations present in many libraries Polynomial basis representation Normal basis representation Fast in hardware Compact in hardware Gaj 11

Basic operations of ECC Basic operations in Galois Field GF(2m) addition and subtraction (xor): x+y, x-y (XOR) multiplication, squaring: x  y, x2 inversion: x-1 Basic operations on points of an Elliptic Curve addition of points: P + Q doubling a point: 2 P projective to affine coordinate: P2A Complex operations on points of an Elliptic Curve scalar multiplication: k  P = P + P + …+P Gaj 12 k times

ECC hierarchy of functions High level kP projective_to_affine (P2A) Medium level P+Q 2P Low level 2 INV Low level 1 XOR MUL SQR independent of the GF representation specific to the given GF representation Gaj 13

Investigated Partitioning Schemes Gaj 14

SRC Program Partitioning C function for P P system HLL C function for MAP FPGA system VHDL macro HDL Gaj 15

H00 Partitioning (μP Software Only) C function for P kP H C function for MAP VHDL macro specific to the given GF representation Gaj 16

00H Partitioning (VHDL only) C function for P C function for MAP VHDL macro H kP specific to the given GF representation Gaj 17

0HL1 Partitioning C function for MAP VHDL macros for µ P H L1 kP MUL4 C function for MAP VHDL macros ROT SQR XOR for µ P H L1 V_ POW kP INV P2A P+Q 2P MUL2 MUL independent of the GF representation specific to the given GF representation Gaj 18

FPGA Contents (0HL1) kP MUL4 P+Q 2P P2A MUL2 INV MUL MUL MUL MUL MUL POW INV P2A Gaj 19

0HL2 Partitioning C function for µ P kP kP C function H for MAP VHDL for µ P kP kP C function H P+Q 2P for MAP P+Q P+Q 2P 2P P2A P2A VHDL MUL2 L2 MUL4 SQR ROT XOR INV INV macros independent of the GF representation specific to the given GF representation Gaj 20

0HM Partitioning C function for µ P C function kP H for MAP VHDL P+Q C function for µ P C function kP H for MAP VHDL P+Q P+Q 2P 2P P2A P2A M macros independent of the GF representation specific to the given GF representation Gaj 21

Results Gaj 22

Timing Measurements End-to-End time (SW) MAP function MAP function MAP .c file .mc file MAP function MAP function MAP Alloc. FPGA Configure DMA Data In FPGA Computation DMA DataOut MAP Free End-to-End time (HW) End-to-End time (SW) MAP Allocation time Configuration time MAP Release Time Gaj 23

Results for Optimal Normal Basis (Latency) Gaj 24

Results for Polynomial Basis (Latency) Gaj 25

Results for Optimal Normal Basis (Area) Gaj 26

Results for the Polynomial Basis (Area) Gaj 27

Algorithm Partitioning Scheme Number of lines of code Algorithm Partitioning Scheme VHDL PB ONB Macro Wrapper MAP C Main C 0HL1 N/A 1007 260 371 153 0HL2 714 1291 230 349 0HM 1744 160 185 00H 1960 36 78 Gaj 28

Conclusions Assuming focus on: Timing Resources Ease of programming Gaj 29

Large speedup vs. software Ease of implementation Best implementation approaches Optimal Normal Basis OHL1 scheme Polynomial Basis OHL2 scheme Large speedup vs. software Ease of implementation Flexibility Gaj 30

Conclusions Elliptic Curve Cryptosystem implementation challenging for reconfigurable computers because of optimization for latency rather than throughput limited amount of parallelism Absolute latency and resource utilization similar for Optimal Normal Basis and Polynomial Basis Number of lines of VHDL code smaller for the polynomial basis representation Gaj 31

Conclusions – cont. Speed-up over Intel P3 microprocessor implementation From 893 to 1305 times for Optimal Normal Basis From 33 times for Polynomial Basis 27 x greater for Optimal Normal Basis compared to Polynomial Basis Representation because of polynomial basis operations more efficient in software Gaj 32