efficient fpga implementations of lowmc and picnic
play

Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD - PowerPoint PPT Presentation

Oct 17, 2022 •224 likes •499 views

SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian

  1. SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian Rechberger and Mario Werner #RSAC #RSAC

  2. #RSAC Post-Quantum Digital Signatures Shor‘s algorithm for factoring and discrete logarithm Quantum computer breaks: – Most asymmetric cryptography – RSA , DSA , ECDSA, … NIST Standardization Project for PQ Signatures – Currently second round – Picnic [Cha+17; Cha+19] (using LowMC [Alb+15]) – Performance optimized implementations required 2

  3. #RSAC Contribution First efficient VHDL implementation of LowMC First VHDL implementation of Picnic – Picnic1-L1-FS: 128 (64) bit security (PQ) – Picnic1-L5-FS: 256 (128) bit security (PQ) Coprocessors accessible via PCIe interface 3

  4. #RSAC #RSAC The LowMC Block Cipher

  5. #RSAC LowMC – Round Substitution-Permutation Network (SPN) with reduced SboxLayer: 5

  6. #RSAC LowMC – Details Designed to minimize AND gates (3 ANDs / Sbox) – 𝑇 𝑏, 𝑐, 𝑑 = 𝑏 ۩ 𝑐 ∧ 𝑑 , 𝑏 ۩ 𝑐 ۩ 𝑏 ∧ 𝑑 , 𝑏 ۩ 𝑐 ۩ 𝑑 ۩ 𝑏 ∧ 𝑐 Linear Layer: – State multiplied with matrix over GF (2) – 𝑜 × 𝑜 matrix per round 𝑜 … blocksize Roundkey schedule 𝑙 … keysize – Key multiplied with matrix over GF (2) – 𝑜 × 𝑙 matrix per round + inital key whitening 6

  7. #RSAC LowMC – Constants per Instance Naive implementaion: – L1: ~82 KiB – L5: ~617 KiB Impact on hardware utilization LowMC without opt. 𝑜 𝑙 𝑛 𝑠 nr. LUTs % LUTs L1 128 128 10 20 42 395 20.80% L5 256 256 10 38 209 348 102.72% 7

  8. #RSAC LowMC – Constants per Instance Naive implementaion: Optimizations by [Din+19]: – L1: ~82 KiB – L1: ~29 KiB – L5: ~617 KiB – L5: ~117 KiB Impact on hardware utilization LowMC without opt. with opt. Improv. 𝑜 𝑙 𝑛 𝑠 nr. % LUTs % LUTs LUTs % LUTs L1 128 128 10 20 42 395 20.80% 13 558 6.65% 68.02% L5 256 256 10 38 209 348 102.72% 44 431 21.8 % 78.78% 8

  9. #RSAC #RSAC The Picnic Signature Scheme

  10. #RSAC Picnic – Building Blocks FS transformed Σ -protocol Σ -protocol: ZKB++ or KKW 10

  11. #RSAC Picnic – Building Blocks FS transformed Σ -protocol Σ -protocol: ZKB++ or KKW Proof system: – Multi-party computation (MPC) of LowMC – Random oracle: SHAKE (Keccak) Keys: – Public Key: 𝑞𝑙 = (𝐷, 𝑞) – Secret Key: 𝑡𝑙 = 𝑙 11

  12. #RSAC Picnic – Proof System Communication per AND gate Publish 2 players in signature (based on challenge) 12

  13. #RSAC Picnic – MPC contd. MPC repeated 𝑈 times – Reduce probability to cheat – Picnic1-L1-FS: 𝑈 = 219 – Picnic1−L5−FS: 𝑈 = 438 Picnic signature: – Challenge – Published Players (based on challenge) – MPC Communication ( LowMC vs. AES ) 13

  14. #RSAC Picnic – MPC Implementation Optimized for speed: – 3 players calculated in parallel Further improvement – Precomputation of one share – Only 2 LowMC instances on FPGA Sign / Verify use same LUTs for matrices 14

  15. #RSAC Picnic – Other Submodulues Pseudorandomness for MPC Commitments – MPC Players commit to results Challenge creation (Random Oracle) ⇒ All using SHAKE – … different configurations 15

  16. #RSAC Picnic – Implementation Custom SHAKE implementation 3 players parallel per MPC run 𝑢 BRAM for intermediate values – ~400 KiB for Picnic1-L5-FS Picnic1-L1-FS and Picnic1-L5-FS implementations for – Sign / Verify only – Sign and Verify combined 16

  17. #RSAC #RSAC Practical Evaluation

  18. #RSAC FPGA and PCIe Xilinx Kintex-7 FPGA KC705 Evaluation Kit PCIe Wrapper – Manages FPGA/PC interface Developed C-Library for PC/FPGA communication 18

  19. #RSAC Hardware Utilization Lookup tables (LUTs) and BRAM utilization (% available) Design Part LUTs % BRAM % Picnic1-L1 90 037 44.18 % 52.5 11.80 % Picnic1-L1-Sign 76 472 37.52 % 52.5 11.80 % Picnic1-L1-Verify 68 614 33.67 % 33.5 7.53 % Picnic1-L5 167 530 82.20 % 98.5 22.13 % Picnic1-L5-Sign 149 456 73.33 % 98.5 22.13 % Picnic1-L5-Verify 138 547 67.98 % 62.5 14.04 % PCIe Wrapper 22 216 10.90 % 42.5 9.55 % 19

  20. #RSAC Runtime Comparison Software platform: – Ubuntu 18.04.1, GCC 7.3.0, 16 GB RAM – CPU: Intel i7-4790, 3.6 GHz Software clock clock FPGA C-Access Coprocessor frequency cycles runtime runtime SIMD No SIMD MHz k cycles ms ms ms ms ~ 31.3 Picnic1-L1-Sign 125 0.25 0.35 1.44 2.82 ~ 29.6 Picnic1-L1-Verify 125 0.24 0.40 1.15 2.34 ~ 154.5 Picnic1-L5-Sign 125 1.24 1.38 5.87 12.37 125 ~146.6 Picnic1-L5-Verify 1.17 2.13 4.92 10.59 20

  21. #RSAC Comparison of FPGA implementations Security Area f t Scheme FPGA Classic PQ LUT FF BRAM MHz ms Picnic1-L1-FS 128 64 K7 90 037 23 105 52.5 125 0.25 SPHINCS+-128 128 64 V7 11 438 3 335 ? 100 9.38 Picnic1-L5-FS 256 128 K7 167 530 33 164 98.5 125 1.24 SPHINCS-256 256 128 K7 19 067 38 132 36 525 1.53 ECDSA-256 128 X V7 6 816 4 442 0 225 1.49 ECDSA-256 128 X V4 34 869 32 430 176 375 0.04 RSA-2048 112 X V7 3 558 slices 0 399 5.68 21

  22. #RSAC Reducing LUT Utilization Implementation is optimized for speed LowMC matrices encoded in LUTs – 1 multiplication per clock cycle – High LUT utilization Reduce LUT utilization: – Store LowMC matrices in BRAM ... reduces performance – LowMC same matrix each round? – Alternatives to LowMC ? 22

  23. #RSAC Conclusion First efficient VHDL implementation LowMC First VHDL implementation of Picnic – Picnic1-L1-FS and Picnic1-L5-FS – Extended to FPGA-based coprocessor (PCIe Interface) Good runtime – Trade off with high hardware utilization 23

  24. #RSAC #RSAC Efficient FPGA Implementations of LowMC and Picnic Questions?

  25. #RSAC Bibliography I [Alb+15] Martin R. Albrecht, Christian Rechberger, Thomas Schneider, Tyge Tiessen, and Michael Zohner. Ciphers for MPC and FHE. EUROCRYPT (1). Vol. 9056. LNCS. Springer, 2015, pp. 430 – 454. [Cha19] André Chailloux. Quantum security of the fiat-shamir transform of commit and open protocols. ePrint, 2019:699, 2019. [Cha+17] Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives. ACM CCS. ACM, 2017, pp. 1825-1842.

  26. #RSAC Bibliography II [Cha+19] Melissa Chase et al. The Picnic Signature Scheme Design Document (version 2). 2019. URL: https://github.com/microsoft/Picnic/blob/master/spec/design-v2.0.pdf. [Din+19] Itai Dinur, Daniel Kales, Angela Promitzer, Sebastian Ramacher, and Christian Rechberger. Linear Equivalence of Block Ciphers with Partial Non-Linear Layers: Application to LowMC. EUROCRYPT (1). Vol. 11476. LNCS. Springer, 2019, pp. 343 – 372.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny Institute of Electronic Systems Warsaw University of Technology XL-th IEEE-SPIE Joint Symposium Wilga 2017 1/23 FPGA in DAQ FPGA chips are a

656 views • 23 slides
Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020

Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020

S C I E N C E P A S S I O N T E C H N O L O G Y Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020 Rump Session 12.05.2020 > https://lowmcchallenge.github.io/ LowMC First cipher design

503 views • 9 slides
Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F. Santucci, M. Faccio University of LAquila, LAquila, Italy Outline Introduction Problem Definition Resolution Method FPGA

1.27k views • 22 slides
Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM DAVID DERLER SEBASTIAN RAMACHER STEVEN GOLDFEDER CHRISTIAN RECHBERGER JONATHAN KATZ DANIEL SLAMANIG VLAD KOLESNIKOV XIAO WANG CLAUDIO ORLANDI

577 views • 37 slides
An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage Scaling and Power-Gating He Qi, Oluseyi Ayorinde, and Benton H. Calhoun Charles L. Brown Department of Electrical and Computer Engineering University of

711 views • 20 slides
AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A

AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A

AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A (nonalcoholic) Trustee General Service Board Treasurer 2019 A 2019 AUDIT UDIT RESUL RESULTS TS First draft of the Audit was completed on May

806 views • 70 slides
The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of Ensemble Based Methods In Sequential Data Assimilation: Accounting for Localization Elias D. Ni no-Ruiz Applied Math and Computer Science Laboratory

642 views • 50 slides
Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi

Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi

Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi Yuki 2 Ga Steven Derrien 1 Sanjay Rajopadhye 3 1 IRISA / Universit 2 INRIA / LIP / ENS Lyon e de Rennes 1 / Cairn 3 Colorado State University

826 views • 38 slides
Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Technische Universitt Mnchen Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop, Chicago, May 27, 2016 Josef Weidendorfer, Jens Breitbart Chair for Computer Architecture Department of

258 views • 8 slides
FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

2/21/2012 Content FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers Distributed RAM History FPGA vs ASIC FPGA and Microprocessors Alternatives to FPGAs ETI135, Advanced Digital IC Design

123 views • 10 slides
Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum |

958 views • 40 slides
to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 ,

to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 ,

HeteroHalide: From Image Processing DSL to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 , University of California, Los Angeles 2 li-jj16@mails.tsinghua.edu.cn 1 ,{chiyuze,cong}@cs.ucla.edu 2 1 *Work

362 views • 12 slides
WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs Generic logic cells + Programmable switches Why do we use it? High performance & Flexible Shorter time to market Joachim Rodrigues

308 views • 8 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
Scaling APIs from 0 to 60k RPM IN A FAST GROWING STARTUP PyParis - 2018/11/14 Who Am I?

Scaling APIs from 0 to 60k RPM IN A FAST GROWING STARTUP PyParis - 2018/11/14 Who Am I?

Scaling APIs from 0 to 60k RPM IN A FAST GROWING STARTUP PyParis - 2018/11/14 Who Am I? Jean-Baptiste Aviat CTO & Co-founder of sqreen.io Former hacker at Apple (Red T eam) jb@sqreen.io @jbaviat Customer What is Sqreen, Login how

745 views • 38 slides
Data Formats Omayma Said Data Scientist DataCamp Interactive Data Visualization with rbokeh

Data Formats Omayma Said Data Scientist DataCamp Interactive Data Visualization with rbokeh

DataCamp Interactive Data Visualization with rbokeh INTERACTIVE DATA VISUALIZATION WITH RBOKEH Data Formats Omayma Said Data Scientist DataCamp Interactive Data Visualization with rbokeh hdi_cpi_2015 Data DataCamp Interactive Data

702 views • 24 slides
POCT Testing for Ebola Patients: The Emory Experience Charles E. Hill, MD, PhD On Behalf of

POCT Testing for Ebola Patients: The Emory Experience Charles E. Hill, MD, PhD On Behalf of

POCT Testing for Ebola Patients: The Emory Experience Charles E. Hill, MD, PhD On Behalf of "Team Ebola" Serious Communicable Diseases Unit Emory University Hospital Associate Professor of Pathology and Laboratory Medicine Atlanta,

615 views • 27 slides
I have to tell you: NOTHING here has been evaluated by the FDA And NOTHING I am going to tell you

I have to tell you: NOTHING here has been evaluated by the FDA And NOTHING I am going to tell you

I have to tell you: NOTHING here has been evaluated by the FDA And NOTHING I am going to tell you about in this webinar is INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT DISEASE. THIS IS PURELY EDUCATIONAL. PLEASE NOTE: THERE WILL BE TECHNICAL

1.81k views • 143 slides
Achieving Success As Vice President Public Relations Rick Lakin, ACS, ALB, Sweetwater Valley

Achieving Success As Vice President Public Relations Rick Lakin, ACS, ALB, Sweetwater Valley

Club Leadership Training Session Achieving Success As Vice President Public Relations Rick Lakin, ACS, ALB, Sweetwater Valley Toastmasters 1311A.4 District 5 Officer Training Rick Lakin, ACS, ALB rilakin@gmail.com Immediate Past

674 views • 28 slides
EE&F Action Items Requested EE&F Action Items Requested VSPC recommendations to the

EE&F Action Items Requested EE&F Action Items Requested VSPC recommendations to the

EE&F Action Items Requested EE&F Action Items Requested VSPC recommendations to the Public Service Board: Continue Geotargeting the St. Albans area** Co t ue Geota get g t e St ba s a ea Continue to Geotarget Susie

506 views • 15 slides
Communications, Electronics, Research, Development and Engineering Center (CERDEC) Army

Communications, Electronics, Research, Development and Engineering Center (CERDEC) Army

APPROVED FOR PUBLIC RELEASE Communications, Electronics, Research, Development and Engineering Center (CERDEC) Army Intelligence Industry day Patrick J. ONeill SES Director CERDEC APPROVED FOR PUBLIC RELEASE APPROVED FOR PUBLIC RELEASE

424 views • 14 slides
10/1/2019 Direct Marketing of Lamb to the Consumer John Peck Mt. Salem Farm Brenda Reau Reau

10/1/2019 Direct Marketing of Lamb to the Consumer John Peck Mt. Salem Farm Brenda Reau Reau

10/1/2019 Direct Marketing of Lamb to the Consumer John Peck Mt. Salem Farm Brenda Reau Reau Suffolks Diane Russell Russell Sheep Company Brenda Reau Tonights moderator Raised Suffolk sheep 38 years Performance based

579 views • 12 slides

More recommend