exchange on low cost fpgas

Exchange on Low-Cost FPGAs Tobias Oder and Tim Gneysu - PowerPoint PPT Presentation

Apr 18, 2023 •305 likes •562 views

Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs Tobias Oder and Tim Gneysu Ruhr-University Bochum Latincrypt 2017 20.09.2017 Public-Key Crypto and Long-Term Security NewHope on FPGA | Tobias Oder and Tim Gneysu |

  1. Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs Tobias Oder and Tim Güneysu Ruhr-University Bochum Latincrypt 2017 20.09.2017

  2. Public-Key Crypto and Long-Term Security NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 2

  3. Lattice-Based Cryptography • Five main branches of post-quantum crypto: – Code-based – Lattice-based – Hash-based – Multivariate-quadratic – Supersingular elliptic curve isogenies NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 3

  4. Standard Lattices vs Ideal Lattices Ring or ideal lattices • smaller parameters • faster implementations • smaller implementations But less trust in security due to structure! Ideal: polynomial multiplication Standard: matrix-vector multiplication Module lattices somewhere inbetween NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 4

  5. Learning with Errors Given A and b = As Task: Find s ➢ Easy to solve NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 5

  6. Learning with Errors Given A and b = As Task: Find s ➢ Easy to solve Given A and b = As + e Task: Find s ➢ Hard problem NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 6

  7. A New Hope - Simple Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation (2016), http://cryptojedi.org/papers/#newhopesimple NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 7

  8. A New Hope NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 8

  9. Challenges for HW Implementation Implementation for Xilinx Aritx-7 FPGA • NTT for polynomial multiplication in O( n log n ) • Binomial sampler to generate error polynomials • SHAKE-128 for Parse • Optimize for low-area footage, but maintain a decent performance NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 9

  10. Our Design - Server NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 10

  11. Our Design - Client NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 11

  12. Sever-side Operations I NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 12

  13. Client-side Operations NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 13

  14. Sever-side Operations II NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 14

  15. Comparison We compare our results with • Thomas Pöppelmann and Tim Güneysu : Towards practical lattice- based public-key encryption, SAC 2013 • Sujoy Sinha Roy and Frederik Vercauteren and Nele Mentens and Donald Donglong Chen and Ingrid Verbauwhede : Compact Ring- LWE based cryptoprocessor, CHES 2014 • Po-Chun Kuo and Wen-Ding Li and Yu-Wei Chen and Yuan-Che Hsu and Bo-Yuan Peng and Chen-Mou Cheng and Bo-Yin Yang: Post-Quantum Key Exchange on FPGAs, ePrint, 2017 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 15

  16. Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1,536 953 3 1 Pöppelmann et al. R-LWE Encrypt 5,595 4,760 14 1 Kuo et al. NewHope 12,340 6,098 14 29 Our (server) NewHope Simple 5,142 4,452 4 2 Our (client) NewHope Simple 4,498 4,635 4 2 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 16

  17. Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1,536 953 3 1 Pöppelmann et al. R-LWE Encrypt 5,595 4,760 14 1 Kuo et al. NewHope 12,340 6,098 14 29 Our (server) NewHope Simple 5,142 4,452 4 2 Our (client) NewHope Simple 4,498 4,635 4 2 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 17

  18. Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1,536 953 3 1 Pöppelmann et al. R-LWE Encrypt 5,595 4,760 14 1 Kuo et al. NewHope 12,340 6,098 14 29 Our (server) NewHope Simple 5,142 4,452 4 2 Our (client) NewHope Simple 4,498 4,635 4 2 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 18

  19. Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1,536 953 3 1 Pöppelmann et al. R-LWE Encrypt 5,595 4,760 14 1 Kuo et al. NewHope 12,340 6,098 14 29 Our (server) NewHope Simple 5,142 4,452 4 2 Our (client) NewHope Simple 4,498 4,635 4 2 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 19

  20. Performance results Implementation Scheme Frequency Cycles µs/Operation Roy et al. (Enc) R-LWE Encrypt 278 MHz 13,300 47 Roy et al. (Dec) R-LWE Encrypt 278 MHz 5,800 21 Pöppelmann et al. (Enc) R-LWE Encrypt 251 MHz 13,769 55 Pöppelmann et al. (Dec) R-LWE Encrypt 251 MHz 8,883 35 Kuo et al. (server) NewHope 114 MHz 11,400 100 Kuo et al. (client) NewHope 114 MHz 11,300 99 Our (server) NewHope Simple 125 MHz 171,124 1,369 Our (client) NewHope Simple 117 MHz 179,292 1,532 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 20

  21. Performance results Implementation Scheme Frequency Cycles µs/Operation Roy et al. (Enc) R-LWE Encrypt 278 MHz 13,300 47 Roy et al. (Dec) R-LWE Encrypt 278 MHz 5,800 21 Pöppelmann et al. (Enc) R-LWE Encrypt 251 MHz 13,769 55 Pöppelmann et al. (Dec) R-LWE Encrypt 251 MHz 8,883 35 Kuo et al. (server) NewHope 114 MHz 11,400 100 Kuo et al. (client) NewHope 114 MHz 11,300 99 Our (server) NewHope Simple 125 MHz 171,124 1,369 Our (client) NewHope Simple 117 MHz 179,292 1,532 NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 21

  22. Comparison What makes our numbers worse than those of R-LWE implementations? • Parameter sizes • More components • Key generation • On-the-fly generation of a • Security level NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 22

  23. Conclusions • NewHope-Simple is well suited for implementations on constrained devices – Low area footprint – Practical performance • VHDL source code will be made available for verification soon: – http://www.seceng.rub.de/ • Our implementation is constant time – DPA-resistant implementation is future work NewHope on FPGA | Tobias Oder and Tim Güneysu | Ruhr-University Bochum | 20.09.2017 23

  24. Thank You For Your Attention! Any Questions?

Recommend

The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs

The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs

The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs The Chuck Stroud Chuck Stroud Electrical and Computer Engineering Electrical and Computer Engineering Auburn University Auburn University 1

685 views • 42 slides
FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks

FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks

FPGAs 1 CMPE691/491: Advanced FPGA Design FPGAs Large array of configurable logic blocks (CLB) connected via programmable interconnects Features and Specifications of FPGAs Basic Programmable Devices Features and Specifications of FPGAs

1.13k views • 46 slides
Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001

Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001

Physical Design For FPGAs Rajeev Jayaraman Physical Implementation Tools Xilinx Inc. ISPD-2001 Do you know FPGAs? FPGAs are used only in prototyping and emulation systems? Can you design anything real in FPGAs? FPGAs are too

595 views • 48 slides
Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto

Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto

Efficient Multi-Ported Memories for FPGAs Eric LaForest Greg Steffan University of Toronto Computer Engineering Research Group February 22, 2010 Parallelism in FPGAs Larger SoCs on FPGAs Parallel Systems Parallel systems on FPGAs

680 views • 47 slides
TUTORIAL - TUTORIAL -ABC ABC TOTAL COST for a COST OBJECT TOTAL COST for a COST OBJECT

TUTORIAL - TUTORIAL -ABC ABC TOTAL COST for a COST OBJECT TOTAL COST for a COST OBJECT

TUTORIAL - TUTORIAL -ABC ABC TOTAL COST for a COST OBJECT TOTAL COST for a COST OBJECT EXAMPLE: 1 Direct Cost (Labor Material) Direct Cost (Labor Material) Overhead Cost Overhead Cost + + Total

200 views • 15 slides
Fast dynamic and partial reconfiguration Data Path with low Hardware overhead on Xilinx FPGAs

Fast dynamic and partial reconfiguration Data Path with low Hardware overhead on Xilinx FPGAs

Fast dynamic and partial reconfiguration Data Path with low Hardware overhead on Xilinx FPGAs with low Hardware overhead on Xilinx FPGAs Michael Hbner 1 , Diana Ghringer 2 , Juanjo Noguera 3 , Jrgen Becker 1 1 Karlsruhe Institute of

370 views • 16 slides
Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined Radio Applications Rodger Hosking Rodger Hosking 1 Software Defined Radio Needs High-Performance Signal Processing DSP: filtering, FFTs,

859 views • 26 slides
Linux and FPGAs Chad D. Kersey chad@cdkersey.com cdkersey@gatech.edu Linux and FPGAs - p. 1/9

Linux and FPGAs Chad D. Kersey chad@cdkersey.com cdkersey@gatech.edu Linux and FPGAs - p. 1/9

Linux and FPGAs Chad D. Kersey chad@cdkersey.com cdkersey@gatech.edu Linux and FPGAs - p. 1/9 Architecture FPGA Overview Architecture Applications FPGA Development in Linux Linux on FPGA Devices Reconfigurable logic and interconnect.

115 views • 9 slides
Physical optimization for Physical optimization for FPGAs using post- FPGAs using post-

Physical optimization for Physical optimization for FPGAs using post- FPGAs using post-

Physical optimization for Physical optimization for FPGAs using post- FPGAs using post- placement topology placement topology rew riting rew riting Val Pevzner, Andrew Kennings, Andy Fox Introduction (1) Introduction (1) Traditional flow

459 views • 20 slides
Hybrid Dot-Product Design for FP-Enabled FPGAs Bogdan Pasca Intel ARITH 2019, June 10-12, 2019

Hybrid Dot-Product Design for FP-Enabled FPGAs Bogdan Pasca Intel ARITH 2019, June 10-12, 2019

Hybrid Dot-Product Design for FP-Enabled FPGAs Bogdan Pasca Intel ARITH 2019, June 10-12, 2019 Hybrid Dot-Product Design for FP-Enabled FPGAs Bogdan Pasca Intel ARITH 2019, June 10-12, 2019 Context FPGAs intersting neural network training

457 views • 34 slides
High-Speed Computing & Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are

High-Speed Computing & Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are

High-Speed Computing & Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are slowly becoming more and more advanced and practical as high-speed computing platforms. In this talk, David will provide an in-depth introduction into

478 views • 43 slides
A Network of Time Division Multiplexing for FPGAs Rosemary Francis Motivation FPGAs are

A Network of Time Division Multiplexing for FPGAs Rosemary Francis Motivation FPGAs are

A Network of Time Division Multiplexing for FPGAs Rosemary Francis Motivation FPGAs are now home to complex Systems on-Chip Designs require the use of Network-on- Chip FPGA global wiring is simple in comparison with ASIC

2.67k views • 19 slides
with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

Zsolt Istvn * , Gustavo Alonso, Ankit Singla Systems Group, Computer Science Dept., ETH Zrich * Now at IMDEA Software Institute, Madrid Providing Multi-tenant Services with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in

374 views • 15 slides
Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz Korcyl - Jagiellonian University, Krakw Grzegorz Korcyl PANDA TDAQ Workshop, Giessen April 2010 Outline Motivation 1. 2. General structure

292 views • 16 slides
FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and

FPGAs 1 To read more This days papers: Brown and Rose, Architecture of FPGAs and CPLDs: A Tutorial. (no review required) Putnam et al, A Reconfjgurable Fabric for Accelerating Large-Scale Datacenter Services 1

821 views • 43 slides
FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs

FPGAs milliseconds+ to reconfjgure custom chips ??? (next week) FPGAs ??? GPUs vector computations examples: computation second processor specialized for particular the accelerator concept 2 fmexible, slower functional units

423 views • 11 slides
FT-UNSHADES2. H.G. Miranda, M.A. Aguirre, J. Barrientos, L. Sanz Electronic Engineering Dpt.

FT-UNSHADES2. H.G. Miranda, M.A. Aguirre, J. Barrientos, L. Sanz Electronic Engineering Dpt.

FT-UNSHADES2. H.G. Miranda, M.A. Aguirre, J. Barrientos, L. Sanz Electronic Engineering Dpt. School of Engineering. University of Sevilla (SPAIN) Sevilla, March 2014 FT -UNSHADES goals FT -UNSHADES is a tool for SEE EMULATION, at netlist

477 views • 25 slides
discussion on ML in FPGAs 1 T RIGGER S YSTEM 2 40 MHz subset data Level-1 full data

discussion on ML in FPGAs 1 T RIGGER S YSTEM 2 40 MHz subset data Level-1 full data

discussion on ML in FPGAs 1 T RIGGER S YSTEM 2 40 MHz subset data Level-1 full data Custom Electronics Absorbs ~100s Tb/s Trigger decision in ~10 s 100 kHz High Level Trigger ~13k CPU farm 100 ms/event 500 Hz Offline

360 views • 6 slides
Fast FPGA Implementation of Diffie-Hellman on the Kummer Surface of a Genus-2 Curve Philipp

Fast FPGA Implementation of Diffie-Hellman on the Kummer Surface of a Genus-2 Curve Philipp

Fast FPGA Implementation of Diffie-Hellman on the Kummer Surface of a Genus-2 Curve Philipp Koppermann, Fabrizio De Santis, Johann Heyszl and Georg Sigl History of High-Speed Curve Cryptography over Prime Fields 1 Point Addition on a

319 views • 16 slides
FPGA-based Multithreading for In-Memory Hash Joins Robert J. Halstead , Ildar Absalyamov , Walid

FPGA-based Multithreading for In-Memory Hash Joins Robert J. Halstead , Ildar Absalyamov , Walid

FPGA-based Multithreading for In-Memory Hash Joins Robert J. Halstead , Ildar Absalyamov , Walid A. Najjar, Vassilis J. Tsotras University of California, Riverside Outline Background What are FPGAs Multithreaded Architectures

343 views • 18 slides
Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system : a combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function. In some

415 views • 20 slides
Fractal Compression Alex Munoz Algorithms Interest Group 29 June 2016 Outline Introduction

Fractal Compression Alex Munoz Algorithms Interest Group 29 June 2016 Outline Introduction

Fractal Compression Alex Munoz Algorithms Interest Group 29 June 2016 Outline Introduction Mathematical Background Connecting Mathematics to Compression Fractal Compression Coherent Example Introduction Thinking about

1.1k views • 20 slides
Computer Graphics 4731 Lecture 5: Fractals Prof Emmanuel Agu Computer Science Dept. Worcester

Computer Graphics 4731 Lecture 5: Fractals Prof Emmanuel Agu Computer Science Dept. Worcester

Computer Graphics 4731 Lecture 5: Fractals Prof Emmanuel Agu Computer Science Dept. Worcester Polytechnic Institute (WPI) What are Fractals? Mathematical expressions to generate pretty pictures Evaluate math functions to create drawings

507 views • 36 slides
Video Group

Video Group

Video Group CS MSU Graphics & Media Lab Only for Maxus KLT

891 views • 75 slides

More recommend