Constrained Environments A. Murat Fiskiran and Ruby B. Lee - - PowerPoint PPT Presentation

constrained environments
SMART_READER_LITE
LIVE PREVIEW

Constrained Environments A. Murat Fiskiran and Ruby B. Lee - - PowerPoint PPT Presentation

Nov 26, 2023 169 likes •335 views

Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments A. Murat Fiskiran and Ruby B. Lee Princeton Architecture Laboratory for Multimedia and Security Princeton University A.

slide-1
SLIDE 1

Workload Characterization of

Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments

  • A. Murat Fiskiran and Ruby B. Lee

Princeton Architecture Laboratory for Multimedia and Security Princeton University

  • A. Murat Fiskiran and Ruby B. Lee, "Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for

Constrained Environments," Proceedings of the 5th Annual IEEE International Workshop on Workload Characterization (WWC-5), pp. 127-137, November 2002.

slide-2
SLIDE 2

Need for Security?

  • Wireless devices: PDAs, multimedia cell

phones, tablet PCs …

– Public channel = need for cryptography – Limited processing power, memory, power

Confidentiality Symmetric-key Integrity Hash Key exchange, user authentication, digital signature Public-key

Function Class

slide-3
SLIDE 3

Algorithm Set

  • Diffie-Hellman is representative of other

elliptic-curve algorithms.

DES, AES 128 – 256 bits Symmetric-key SHA, MD5 N/A Hash

Class

163 – 233 bits (elliptic curve) 1024 – 2048 bits (non-elliptic curve)

Typical key size Diffie-Hellman,

ElGamal, DSA

Examples

Public-key

slide-4
SLIDE 4

Diffie-Hellman on Elliptic Curves

  • E is an elliptic curve, P = (x,y) is a point on E.

Based on elliptic-curve discrete logarithm problem (P × a) × b (P × b) × a P × b P × a Choose b. Choose a.

Bob Alice

slide-5
SLIDE 5

Point Multiplication

  • P × a is point multiplication. The result

is another point on the elliptic curve.

  • Computed by a double-and-add chain

– No easy way to compute any arbitrary multiple of P.

  • Example: if a = 13, then:

P × 13 = [(2 × P + P) × 2 × 2] + P

slide-6
SLIDE 6

Point Doubling and Addition

f f f

x x y a x x y x ) 1 (

2 2

+ + = + + = + = θ θ θ θ

1 3 3 1 3 2 1 2 3 1 2 1 2

) ( y x x x y a x x x x x y y + + + = + + + + = + + = θ θ θ θ

9 addition, 2 multiplication, 1 squaring, 1 inversion 4 addition, 2 multiplication, 2 squaring, 1 inversion

P = (x1,y1), Q = (x2,y2) P + Q = (x3,y3) P = (x,y) P × 2 = (xf,yf)

slide-7
SLIDE 7

Binary Fields

  • Coordinates of P= (x,y) come from a

field.

  • Fastest implementations are on binary

fields.

– Field elements = binary polynomials

  • Example:

P = (x+ 1,x2+ 1) = (0011,0101)2

slide-8
SLIDE 8

ECC and Polynomial Operations

Orange: basic Green: optimized

Point addition Point doubling

9 addition, 2 multiplication, 1 squaring, 1 inversion 4 addition, 2 multiplication, 2 squaring, 1 inversion

Extended Euclidean Almost I nverse Self-multiplication Table-lookup

New instructions

Shift-and-add Table-lookup

Polynomial multiplier

XOR I nversion Squaring Multiplication Addition

slide-9
SLIDE 9

Methodology

  • Algorithms coded and optimized in

assembly

  • 64-bit basic RISC architecture
  • Simulated using two algorithm sets:

basic and optimized

  • 163-bit and 233-bit keys
  • Diffie-Hellman, ElGamal, DSA
  • AES and SHA (for completeness)
slide-10
SLIDE 10

Speedup From Optimized Algorithms

1 1 1 1 1 1 14.5 16.9 15.3 12.9 16.3 17.9 2 4 6 8 10 12 14 16 18 20 DH-163 ElGamal- 163 DSA-163 DH-233 ElGamal- 233 DSA-233

slide-11
SLIDE 11

Instruction Distribution

0% 20% 40% 60% 80% 100% 1a 1b 2a 2b 3a 3b Other Memory Compute

  • 1a. EC-DHKE basic (1.0)
  • 1b. EC-DHKE optimized (14.5)
  • 2a. EC-ElGamal basic (1.0)
  • 2b. EC-ElGamal optimized (16.9)
  • 3a. EC-DSA basic (1.0)
  • 3b. EC-DSA optimized (15.3)
slide-12
SLIDE 12

Pathlength Increase: From 163-bit to 233-bit keys

1 1 1 1 1 1 2.5 2.6 2.6 2.8 2.7 2.2 0.5 1 1.5 2 2.5 3 DH-basic ElGamal- basic DSA-basic DH-

  • ptimized

ElGamal-

  • ptimized

DSA-

  • ptimized
slide-13
SLIDE 13

Observations

1. Algorithmic enhancements provide 15× speedup.

– Mainly by reducing arithmetic operations (up to 30× )

2. Memory instructions are as frequent as compute instructions.

– Reasons: Function call overhead, long data types – Further speedups possible based on memory optimizations (?)

3. Longer keys result in disproportionately large slowdowns.

– Complexity of ECC operations

4. DH and ElGamal have similar distributions.

– DSA is different; includes SHA as hash algorithm.

5. Optimized algorithms use little extra memory (< 1kB). 6. A separate multiplier is not needed.

slide-14
SLIDE 14

Summary

  • 1. Selection of algorithms suitable for

constrained environments:

– Elliptic-curve versions of DH, ElGamal, and DSA; AES and SHA

  • 2. Description of operations needed;

focus on elliptic-curve and polynomial

  • perations
  • 3. Instruction frequencies
  • 4. Sufficiency of a simple RISC processor
slide-15
SLIDE 15

Future Work

  • Expand algorithm set

– Include block ciphers, other signature and hash algorithms

  • Expand arithmetic operations to

– Integers (prime fields) – Different representation of polynomials (different bases) – Different coordinate systems (e.g. projective)