Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK Graz - - PowerPoint PPT Presentation

elliptic curve cryptography
SMART_READER_LITE
LIVE PREVIEW

Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK Graz - - PowerPoint PPT Presentation

Nov 12, 2022 247 likes •473 views

Institute for Applied Information Processing and Communications (IAIK) Evaluating 16-bit Processors for Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK Graz University of Technology Erich.Wenger@iaik.tugraz.at

slide-1
SLIDE 1

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 1

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

1

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Erich Wenger and Mario Werner

IAIK – Graz University of Technology Erich.Wenger@iaik.tugraz.at www.iaik.tugraz.at

Evaluating 16-bit Processors for Elliptic Curve Cryptography

slide-2
SLIDE 2

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 2

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Overview

  • Motivation
  • Algorithms
  • Processors
  • Results
slide-3
SLIDE 3

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 3

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Motivation

We want to:

  • Investigate current CPUs for ECC
  • Find their limitations
  • Save energy
  • Improve performance
slide-4
SLIDE 4

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 4

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Point Multiplication Algorithm

  • Montgomery Ladder [Hutter]
  • 7 registers
  • Point Verification [Ebeid]
  • Randomized Projective Coordinates [Coron]
slide-5
SLIDE 5

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 5

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Multi-Precision Multiplication

  • Operand Scanning
slide-6
SLIDE 6

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 6

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

MSP430

  • Manufacturer: Texas Instruments
  • Low-Power RISC Processor
  • 16 Registers (12 useable)
  • 27 Instructions
  • Memory Mapped

Multiplier

slide-7
SLIDE 7

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 7

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

MSP430 – Operand Scanning

  • uter_loop:

MOV.W @R12+, &MPY inner_loop: MOV.W @R13+, &OP2 ADD.W &RESLO, R6 ADDC.W &RESHI, R7

slide-8
SLIDE 8

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 8

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

MSP430 – Product Scanning

inner_loop: MOV.W @R12+, &MAC MOV.W @R13 , &OP2 DECD R13 ADD.W &SUMEXT, R11

slide-9
SLIDE 9

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 9

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

PIC24 vs. dsPIC

Both Processors:

  • 16-bit RISC
  • 24-bit Instruction

Word

  • 16 registers (14

useable)

  • Used for:
  • Motor Control
  • Signal Processing

dsPIC:

  • Digital Signal

Processing Engine

  • Multiply-Accumulate
  • Two Address

Generation Units

  • Loop Instructions
  • DO
  • REPEAT
slide-10
SLIDE 10

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 10

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

dsPIC – Product Scanning

  • 16-bit Multiplication
  • 32-bit Addition (plus Overflow)

𝐵𝐷𝐷 ← 𝐵𝐷𝐷 + 𝐵 𝑗 ∙ 𝐶 𝑘

  • Load A[i] and B[j]
  • Memory Addressing (𝑗 ← 𝑗 + 1 , 𝑘 ← 𝑘 − 1)

REPEAT W4 MAC W5*W6, A, [W8]+=2, W5, [W10]-=2, W6

slide-11
SLIDE 11

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 11

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

dsPIC – Unrolled Product Scanning

MAC W5*W6, A, [W9]-=2, W5, [W11]+=2, W6 MAC W5*W6, A, [W9], W5, [W11]+=2, W6 MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MOV [W7],[W2++] SFTAC A, #16 MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MAC W5*W6, A, [W9]+=2, W5, [W11], W6 MAC W5*W6, A, [W9]-=2, W5, [W11]+=2, W6 MOV [W7],[W2++] SFTAC A, #16

slide-12
SLIDE 12

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 12

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

dsPIC – Montgomery Multiplication

𝑆 = 2𝑋𝑂 > 𝑞 ෤ 𝑏 ≡ 𝑏𝑆 (𝑛𝑝𝑒 𝑞) ෨ 𝑐 ≡ 𝑐𝑆 𝑛𝑝𝑒 𝑞 ǁ 𝑑 ≡ 𝑁𝑝𝑜𝑢 ෤ 𝑏෨ 𝑐 ≡ 𝑏𝑆 𝑐𝑆 𝑆−1 ≡ 𝑏𝑐𝑆 ≡ 𝑑𝑆 𝑛𝑝𝑒 𝑞 ෤ 𝑏 ≡ 𝑁𝑝𝑜𝑢 𝑏, 𝑆2 ≡ 𝑏𝑆2𝑆−1 ≡ 𝑏𝑆 𝑑 ≡ 𝑁𝑝𝑜𝑢( ǁ 𝑑, 1) ≡ (𝑑𝑆)𝑆−1 NIST Reduction…

slide-13
SLIDE 13

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 13

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results

  • SECG:
  • secp160r1

removed in 2010

  • NIST:
  • P-192
  • P-224
  • P-256
  • IAR Embedded Workbench 5.20
  • Microchip MPLAB C30 v3.25
slide-14
SLIDE 14

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 14

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: MSP430

0,00 0,50 1,00 1,50 2,00 2,50 3,00 3,50

Speedup

Multiplication Field Multiplication Point Multiplication

slide-15
SLIDE 15

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 15

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: PIC24, dsPIC

1 2 3 4 5 6 7 8 9 10 Speedup Multiplication Field Multiplication Point Multiplication

slide-16
SLIDE 16

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 16

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: Point Multiplication

0,5 1 1,5 2 2,5 3 3,5

  • p. sc.

hybrid

  • p. sc.
  • p. sc.
  • pr. sc.

Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC Speedup secp160r1 P-192 P-224 P-256

slide-17
SLIDE 17

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 17

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: Point Multiplication

5 10 15

  • p. sc.

hybrid

  • p. sc.
  • p. sc.
  • pr. sc.

Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC Speedup secp160r1 P-192 P-224 P-256

slide-18
SLIDE 18

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 18

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: Point Multiplication

1 2 3 4 5 6

  • p. sc.

hybrid

  • p. sc.
  • p. sc.
  • pr. sc.

Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC Speedup secp160r1 P-192 P-224 P-256

slide-19
SLIDE 19

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 19

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results: Related Work

500 1000 1500 2000 2500 3000 ASM + DSP Yan 2009 Kern 2010 Wenger 2010 Hutter 2010 dsPIC C6416 ASIC ASIC ASIC Runtime [kCycles] secp160r1 P-192 P-224

slide-20
SLIDE 20

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 20

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Thank you…

This work has been supported by the Austrian Government through the research program FIT-IT Trust in IT Systems under the project number 825743 (project PIT).

slide-21
SLIDE 21

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 21

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results

slide-22
SLIDE 22

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 22

TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS

Results