Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security."— Presentation transcript:

1 CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security Laboratory Electrical and Computer Engineering Department Oregon State University, Corvallis, Oregon 97331 Workshop on Cryptographic Hardware and Embedded Systems August 13 - 15, 2002

2 CHES20022 Presentation Outline  Introduction Motivation, related work  GF(p) Montgomery inverse algorithm & hardware Previous work  GF(2 n ) Montgomery inverse algorithm AlmMonInv & CorPh phases  The unified and scalable architecture implementation  Area & speed comparisons  Conclusions

3 CHES20023Introduction  Modular inverse is essential in public-key cryptography a basic operation in the elliptic curve cryptography (ECC)  This work is targeted mainly toward the ECC utilization  ECC is frequently defined over finite fields GF(p) or GF(2 n )

4 CHES20024Motivation But still inverse computation is needed once as a final stage More Security More Speed Inverse in hardware Inverse computation Expensive Projective Coordinates Inverse Computation-delay Other computations The inverse delay will dominate and make the whole computation slow. Inverse Other computations

5 CHES20025 Previous Work  Several designs for GF(2 n ) only Hasan (2001):  word-by-word design >> small area  Takagi (1993) : inverse algorithm with a redundant binary representation (GF(p)) large area and expensive data transformation.  Goodman and Chandrakasan (2001) : processor that performs inversion in both GF(p) and GF(2 n ): reconfigurable, designed for low power, large area.

6 CHES20026 Scalable Architecture  Features: Short design’s longest path, independent of operand precision Design area adjustable to available space (flexible) Allows the computation with virtually infinite precision (limited only by memory).

7 CHES20027 Computing Unit Memory Unit Computes 10 bits at each clock cycle Able to handle 1000 bits maximum Computing Unit No Change A New Memory Unit Modified 1100 bits Why Scalable Hardware? w n n max

8 CHES20028 Unified architecture  Definition: An architecture is said to be unified when it is able to work with operands in both prime and binary extension fields (GF(p) and GF(2 n ))

9 CHES20029 Phase I Input : a  [1, p -1 ] and p Output: r  [1, p -1 ] and k, where r = a -1 2 k (mod p) and n  k  2n 1.u := p, v := a, r := 0, and s := 1, 2.k := 0 3.while (v > 0) 4.if u is even then u := u/2, s := 2s 5.else if v is even then v := v/2, r := 2r 6.else if u > v then u := (u - v)/2, r := r+s, s := 2s 7.else v := (v - u)/2, s := s+r, r := 2r 8.k := k + 1 9.if r  p then r := r - p 10.return r := p - r Modular Inverse (Extended Euclidean Alg.)

10 CHES200210 Phase II Input : r  [1, p -1], p, and k (r and k from phase I) Output: x  [1, p -1 ] where x = a -1 2 n (mod p) 11.for i = 1 to k - n do 12.if r is even then r := r/2 13.else r := (r + p)/2 14.return x := r Modular Inverse (Extended Euclidean Alg.)

11 CHES200211 Montgomery Modular inverse Based on Extended Euclidean Algorithm

12 CHES200212 Montgomery inverse hardware algorithm for GF(p) ISVLSI-2002 Multi-bit shifting Multi-precision operators

13 CHES200213 The scalable hardware

14 CHES200214 GF(2 n ) Features  a(x)=a n-1 x n-1 +a n-2 x n-2 +... +a 2 x 2 +a 1 x+a 0, where a i GF(2) a=(a n-1 a n-2... a 2 a 1 a 0 )  { + & - } in GF(p)   in GF(2 n )  p(x)=x n +p n-1 x n-1 +p n-2 x n-2 +... +p 2 x 2 +p 1 x+p 0 p=(1 p n-1 p n-2... p 2 p 1 p 0 )  ||a(x)|| = ||p(x)|| (degree of a(x) = degree of p(x))  a=pa  Normal Subtraction (carry propagate) for degree testing

15 CHES200215 GF(2 n ) Montgomery inverse

16 CHES200216 Montgomery inverse hardware algorithm for GF(2 n )

17 CHES200217 Scalable and unified inverter hardware

18 CHES200218 Experimental Results  VHDL  functional simulation  Maple – verification.  Leonardo (Mentor Graphics) – synthesis  0.5 Micron CMOS technology - ASIC Design Kit (ADK)  VHDL code compiled to obtain estimates for: Area  the number of gates Clock Period  Longest path delay (nanoseconds)

19 CHES200219 Area Comparison

20 CHES200220 Speed Comparison (n max =512 bits) Speed Comparison (n max =512 bits) AVG cycles C f = 1.53n C s = (2.4n+1)e e = #words Time=C*cycle_time

21 CHES200221 Technologyindependent Speed Comparison (n max =512 bits)

22 CHES200222 A scalable and unified architecture that operates in both GF(p) and GF(2 n ) fields was proposed. Adjusted a GF(2 n ) MonInv algorithm to include the multi- bit shifting method making it very similar to a previously proposed GF(p) inversion hw design. A comparison of the scalable & unified design with a reconfigurable hardware shows that the scalable design saves a lot of area and operates at comparable speed. Scalable/unified design has similar or better performance than a fixed-precision design, with significantly less area. Small extra cost to add unified design feature to previously proposed design for GF(p) only. (around 8.4%).Conclusions

23 CHES200223 Note  Figures in the paper included in the proceedings -> difficult to read Contact tenca@ece.orst.edu THANK YOU

Download ppt "CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security."

Similar presentations

Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.

Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
EECE **** Embedded System Design

EECE **** Embedded System Design
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
A Security Protocol for Sensor Networks Khadija Stewart, Themistoklis Haniotakis and Spyros Tragoudas Dept. of Electrical and Computer Engineering Southern.

A Security Protocol for Sensor Networks Khadija Stewart, Themistoklis Haniotakis and Spyros Tragoudas Dept. of Electrical and Computer Engineering Southern.
Mohamed Younis CMCS 411, Computer Architecture 1 CMCS 411-101 Computer Architecture Lecture 7 Arithmetic Logic Unit February 19, 2001 www.csee.umbc.edu/~younis/CMSC411/

Mohamed Younis CMCS 411, Computer Architecture 1 CMCS Computer Architecture Lecture 7 Arithmetic Logic Unit February 19,
DSD 2007 Concurrent Error Detection for FSMs Designed for Implementation with Embedded Memory Blocks of FPGAs Andrzej Krasniewski Institute of Telecommunications.

DSD 2007 Concurrent Error Detection for FSMs Designed for Implementation with Embedded Memory Blocks of FPGAs Andrzej Krasniewski Institute of Telecommunications.
A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.

A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
1 EFFICIENT ADDERS TO SPEEDUP MODULAR MULTIPLICATION FOR CRYPTOGRAPHY Adnan Gutub Hassan Tahhan Computer Engineering Department KFUPM, Dhahran, SAUDI ARABIA.

1 EFFICIENT ADDERS TO SPEEDUP MODULAR MULTIPLICATION FOR CRYPTOGRAPHY Adnan Gutub Hassan Tahhan Computer Engineering Department KFUPM, Dhahran, SAUDI ARABIA.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.

A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.
Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.

Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.
A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.
SCOTT MILLER, AMBROSE CHU, MIHAI SIMA, MICHAEL MCGUIRE ReCoEng Lab DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING UNIVERSITY OF.

SCOTT MILLER, AMBROSE CHU, MIHAI SIMA, MICHAEL MCGUIRE ReCoEng Lab DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING UNIVERSITY OF.
Chapter 6 Arithmetic. Addition 0111 + 0 0 1 1 1 1 0 0 0 1101 Carry in Carry out 7 + 6 13.

Chapter 6 Arithmetic. Addition Carry in Carry out
An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.

An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.
Energy and Delay Improvement via Decimal Floating Point Hossam A.H.Fahmy, Electronics and Communications Department, CairoUniversity Egypt and.

Energy and Delay Improvement via Decimal Floating Point Hossam A.H.Fahmy, Electronics and Communications Department, CairoUniversity Egypt and.
Enhancing Embedded Processors with Specific Instruction Set Extensions for Network Applications A. Chormoviti, N. Vassiliadis, G. Theodoridis, S. Nikolaidis.

Enhancing Embedded Processors with Specific Instruction Set Extensions for Network Applications A. Chormoviti, N. Vassiliadis, G. Theodoridis, S. Nikolaidis.

Similar presentations

Ads by Google