hardware acceleration of cryptography
play

Hardware Acceleration of Cryptography Patrick Schaumont Professor - PowerPoint PPT Presentation

Nov 04, 2023 •371 likes •1.38k views

Hardware Acceleration of Cryptography Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Patrick Schaumont (VT) Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration

  1. Hardware Acceleration of Cryptography Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Patrick Schaumont (VT)

  2. Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration in Embedded Architectures 4. AES Hardware Accelerator 5. Direct Memory Access 6. Power Dissipation 7. Literature This lecture is about: • Accelerators in microcontrollers • Embedded computing • Efficient crypto (fast, low energy) This lecture is NOT about: • FPGA • Multi‐core • High‐speed crypto Patrick Schaumont (VT) 2

  3. Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration in Embedded Architectures 4. AES Hardware Accelerator 5. Direct Memory Access 6. Power Dissipation 7. Literature Patrick Schaumont (VT) 3

  4. Sequential, Concurrent and Parallel • Consider three tasks and two processors A B v1 v2 C 1 2 Patrick Schaumont (VT) 4

  5. Sequential, Concurrent and Parallel • Sequentially running A, B and C on Proc 1 v1 Proc 1 v2 A B A B C v1 v2 time C Proc 2 time 1 2 v1 and v2 are stored in Proc 1's memory Patrick Schaumont (VT) 5

  6. Sequential, Concurrent and Parallel • In Parallel running A on Proc 1 and B on Proc 2 v1 Proc 1 A B A C v1 v2 time v2 C Proc 2 B time 1 2 v1 is stored in Proc 1's memory v2 is communicated from Proc2 to Proc1 Patrick Schaumont (VT) 6

  7. Sequential, Concurrent and Parallel • Concurrently running A and B on Proc 1, C on Proc 2 Proc 1 A B A + B v1 v2 time v1, v2 C Proc 2 C time 1 2 v1 and v2 are communicated from Proc1 to Proc2 There are many concurrency mechanisms: threading, hyperthreading, SMT, TMT, .. Patrick Schaumont (VT) 7

  8. Control and Data Dependency A Data Dependency is a relation between two operations such that the result of one operation is used by the next A Control Dependency is a relation between two operations such that one operation must execute after the other A → B → C Patrick Schaumont (VT) 8

  9. Control and Data Dependency A Data Dependency is a relation between two operations such that the result of one operation is used by the next A Data Dependency is a fundamental property of the application A Control Dependency is a relation between two operations such that one operation must execute after the other A Control Dependency is caused by a resource constraint Patrick Schaumont (VT) 9

  10. Software and Hardware Software is sequential/concurrent Hardware is parallel PUSH {A4, V1, V2, LR} MOVS A3, #0 MOVW A4, sbox+0 MOVT A4, sbox+0 MOVS A2, #0 ADD V1, A1, A2, LSL #2 LDRB V2, [A3, +V1] SBOX SBOX SBOX SBOX LDRB V2, [A4, +V2] ADDS A2, A2, #1 UXTB A2, A2 CMP A2, #4 STRB V2, [A3, +V1] BLT ||$C$L7|| ADDS A3, A3, #1 UXTB A3, A3 CMP A3, #4 BLT ||$C$L6|| POP {A4, V1, V2, PC} As parallel as allowed by resource constraints Maximally parallel Many control dependencies! Ideally, only data dependencies Patrick Schaumont (VT) 10

  11. Hardware acceleration Sequential Software Parallel Hardware Time T SW T HW If T HW < T SW , overall performance may improve Patrick Schaumont (VT) 11

  12. Hardware acceleration Sequential Software Parallel Hardware Data Time Dependencies T SW T COM T HW Data Dependencies Better : If (T HW + T COM ) < T SW , overall performance may improve Patrick Schaumont (VT) 12

  13. Speedup Sequential Software Parallel Hardware T SW T COM T HW T SW Speedup =? T COM + T HW Patrick Schaumont (VT) 13

  14. Speedup Sequential Software Parallel Hardware T SW T COM T HW T TOTAL T TOTAL Better: Speedup =? T TOTAL ‐ (T SW ‐ (T COM + T HW )) Patrick Schaumont (VT) 14

  15. Speedup Sequential Software Parallel Hardware T SW T COM T HW T TOTAL 1 Speedup = (1 ‐ p) + p/s with p = (T TOTAL / T SW ) ~ parallelizable portion s = T SW / (T COM + T HW ) ~ acceleration Patrick Schaumont (VT) 15

  16. Speedup Sequential Software Parallel Hardware T SW T COM T HW T TOTAL 1 Speedup = (1 ‐ p) + p/s About time! with p = (T TOTAL / T SW ) ~ parallelizable portion s = T SW / (T COM + T HW ) ~ acceleration Patrick Schaumont (VT) 16

  17. Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration in Embedded Architectures 4. AES Hardware Accelerator 5. Direct Memory Access 6. Power Dissipation 7. Literature Patrick Schaumont (VT) 17

  18. Target Platform • MSP432P401R • MSP430FR5994 • ARM Cortex M4 • MSP430 (16 bit) • 256k Flash/64K SRAM • 256K FRAM/ 8KSRAM • $20 • $17 Patrick Schaumont (VT) 18

  19. MSP432P401R Patrick Schaumont (VT) 19

  20. MSP432P401R BUS CPU Memory Program (read) Data (read/write) Patrick Schaumont (VT) 20

  21. MSP432P401R Direct Memory Access CRYPTO Accelerator Patrick Schaumont (VT) 21

  22. MSP432P401R Bus Slaves Bus Masters Patrick Schaumont (VT) 22

  23. MSP430FR5994 Patrick Schaumont (VT) 23

  24. MSP430FR5994 DMA BUS CPU Memory CRYPTO Program (read) Accelerator Data (read/write) Patrick Schaumont (VT) 24

  25. Memory Map (MSP430FR5994) 43FFF • Unified view of all bus slaves in a single memory space 256K FRAM • FRAM, SRAM store program and variables 4000 3BFF • Peripherals contain 8K SRAM memory-mapped registers 1C00 FFF Peripherals 020 Patrick Schaumont (VT) 25

  26. Memory Map (MSP430FR5994) 43FFF • Unified view of all bus slaves in a single memory space 256K FRAM • FRAM, SRAM store program and variables 4000 3BFF • Peripherals contain 8K SRAM memory-mapped registers 1C00 Software Hardware ... BUS FFF MOV.B #1,&P1OUT 1 Peripherals ... P1OUT 020 P1OUT Patrick Schaumont (VT) 26

  27. Example: LED Blinker #include <msp430.h> int main(void) { WDTCTL = WDTPW | WDTHOLD; P1OUT &= ~BIT0; P1IN P1DIR |= BIT0; while (1) { P1OUT ^= BIT0; __delay_cycles(100000); } } P1OUT // Assembly BIC.B #1,&P1OUT+0 OR.B #1,&P1DIR+0 XOR.B #1,&P1OUT+0 PUSHM.A #1, r13 P1DIR MOV.W #33330, r13 SUB.W #1, r13 JNE $1 POPM.A #1, r13 JMP $C$L4 Patrick Schaumont (VT) 27

  28. Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration in Embedded Architectures 4. AES Hardware Accelerator 5. Direct Memory Access 6. Power Dissipation 7. Literature Patrick Schaumont (VT) 28

  29. Hardware Acceleration • Let's design a multiplier peripheral (MSP430) • Our benchmark program unsigned long mymul( unsigned a, unsigned b) { unsigned long r; r = ( unsigned long ) a * b; return r; } volatile int arg1 = 5, arg2 = 3; int main() { return mymul(arg1, arg2); } Patrick Schaumont (VT) 29

  30. Hardware Acceleration • Let's design a multiplier peripheral (MSP430) • Our benchmark program main : MOV.W #5,0(SP) return address MOV.W #3,2(SP) MOV.W 0(SP),r12 b arguments MOV.W 2(SP),r13 a CALLA #mymul rhi mymul : rlo SP SUBA #8,SP MOV.W r13,6(SP) MOV.W r12,4(SP) stack frame CALLA #__mspabi_mpyul just before MOV.W r12,0(SP) ADDA #8, SP MOV.W r13,2(SP) ADDA #8,SP RETA Patrick Schaumont (VT) 30

  31. Hardware Acceleration • Our benchmark program __mspabi_mpyul : // library function MOV.W R12 ,R11 MOV.W R13 ,R14 CLR.W R15 main : CLR.W R12 MOV.W #5,0(SP) CLR.W R13 MOV.W #3,2(SP) CLRC MOV.W 0(SP),r12 arguments RRC.W R11 MOV.W 2(SP),r13 JMP mpyul_add_loop1 CALLA #mymul RRA.W R11 mpyul_add_loop: mymul : JNC shift_test_mpyul SUBA #8,SP mpyul_add_loop1: MOV.W r13,6(SP) ADD.W R14, R12 MOV.W r12,4(SP) ADDC.W R15, R13 CALLA #__mspabi_mpyul RLA.W R14 MOV.W r12,0(SP) shift_test_mpyul: MOV.W r13,2(SP) RLC.W R15 ADDA #8,SP TST.W R11 RETA JNE mpyul_add_loop RET Patrick Schaumont (VT) 31

  32. Hardware Acceleration • Our accelerated program data+control dependency main : MOV.W #5,0(SP) MOV.W #3,2(SP) MOV.W 0(SP),r12 arguments MOV.W 2(SP),r13 CALLA #myhwmul Hardware myhwmul : Multiplier MOV.W r12,&HW1 MOV.W r13,&HW2 software MOV.W #0,&CTL1 HAL MOV.W #1,&CTL1 MOV.W &HW3,r12 data dependency MOV.W &HW4,r13 RETA Patrick Schaumont (VT) 32

  33. Hardware Multiplier System Interconnect per_addr 16 or 20 per_din to 16 per_we other bus slaves per_en bus interface a ctl b 1‐cycle CPU mul rlo rhi from 16 per_dout other 16 bus slaves 16 Patrick Schaumont (VT) 33

  34. Hardware Multiplier Peripheral Design per_din per_din[0] per_din 16 1 16 write_c write_a write_b 16 per_we per_ad per_en 16 16 1 16 1 a ctl b 2 16 16 16 1 address decoding * 16 32 write_c write_a write_b 16 read_r 16 edge edg edg 16 16 edg rlo rhi 0 read_r 2 per_dout Patrick Schaumont (VT) 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use translate3d for hardware acceleration Challenges Game vs Web Game Text Textured objects Animation Physics Transformation Large but Still Bounded

715 views • 71 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION

DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION

Jol Cathbras Alexandre Carbon Peter Milder Renaud Sirdey Nicolas Ventroux DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION Conference on Cryptographic Hardware and Embedded Systems 2018 |

1.01k views • 35 slides
Hardware Acceleration of Hardware Acceleration of Graphics and Imaging Graphics and Imaging

Hardware Acceleration of Hardware Acceleration of Graphics and Imaging Graphics and Imaging

Hardware Acceleration of Hardware Acceleration of Graphics and Imaging Graphics and Imaging Algorithms Using FPGAs Algorithms Using FPGAs Pavel Zemk Pavel Zemk Department of Computer Graphics and Multimedia, Department of Computer

988 views • 70 slides
Amandeep Chhabra, Adil Sadik, Manu Dhundi,Prabhat Godse What is Hardware Acceleration of Market

Amandeep Chhabra, Adil Sadik, Manu Dhundi,Prabhat Godse What is Hardware Acceleration of Market

Amandeep Chhabra, Adil Sadik, Manu Dhundi,Prabhat Godse What is Hardware Acceleration of Market Order Decoding (HAMOD) Motivation System Overview Hardware Read/Write, Multiplexer Controller Software Results

276 views • 17 slides
Genesis: A Hardware Acceleration Framework for Genomic Data Analysis Tae Jun Ham , David

Genesis: A Hardware Acceleration Framework for Genomic Data Analysis Tae Jun Ham , David

The 47th IEEE International Symposium on Computer Architecture Genesis: A Hardware Acceleration Framework for Genomic Data Analysis Tae Jun Ham , David Bruns-Smith, Brendan Sweeney, Yejin Lee, Seong Hoon Seo, U Gyeong Song, Young H. Oh,

353 views • 20 slides
Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors

Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors

Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors Thanks to the teams of KATAN, SPONGENT, PRINCE, FIDES Design and Security of Cryptographic Functions, Algorithms, and Devices, PAGE: 1 of 33 Summer

590 views • 45 slides
Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc

Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc

Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc Beuchat Laboratory of Cryptography and Informantion Security University of Tsukuba, Japan jeanluc.beuchat@gmail.com Joint work with: enaire, LIP,

1.73k views • 139 slides
Hardware Acceleration for RAID5/6, Deduplication &amp; Security for parallel workloads Vikas

Hardware Acceleration for RAID5/6, Deduplication &amp; Security for parallel workloads Vikas

Hardware Acceleration for RAID5/6, Deduplication &amp; Security for parallel workloads Vikas Aggarwal Storage Developer Conference Bangalore 2017 Team Members Venkatesh Bolla Achyutha Krishna Anil Reddy Responsibilities: Storage

792 views • 27 slides
Hardware Acceleration of Feature Detection and Description Algorithms on LowPower Embedded

Hardware Acceleration of Feature Detection and Description Algorithms on LowPower Embedded

Hardware Acceleration of Feature Detection and Description Algorithms on LowPower Embedded Platforms Onur Ulusel, Christopher Picardo, Christopher Harris, Sherief Reda, R. Iris Bahar, School of Engineering, Brown University Image Processing

775 views • 24 slides
Programmable Hardware Acceleration Vinay Gangadhar PhD Final Examination Thursday, Nov 16 th ,

Programmable Hardware Acceleration Vinay Gangadhar PhD Final Examination Thursday, Nov 16 th ,

Programmable Hardware Acceleration Vinay Gangadhar PhD Final Examination Thursday, Nov 16 th , 2017 Advisor: Karu Sankaralingam Committee: Mark Hill, Mikko Lipasti, David Wood, Dimitris Papailiopoulos 1 11/16/2017 Dissertation Talk Computing

1.75k views • 144 slides
Hardware Acceleration for Programs in SSA Form Manuel Mohr, Artjom Grudnitsky, Tobias

Hardware Acceleration for Programs in SSA Form Manuel Mohr, Artjom Grudnitsky, Tobias

saarland university computer science Hardware Acceleration for Programs in SSA Form Manuel Mohr, Artjom Grudnitsky, Tobias Modschiedler, Lars Bauer, Sebastian Hack, Jrg Henkel Institute for Program Structures and Data Organization, Karlsruhe

879 views • 66 slides
THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen

THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen

THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen Department of Computer Science University of Helsinki kimmo.u.jarvinen@helsinki.fi ECRYPT-CSA Workshop on Hardware Benchmarking Bochum, Germany,

840 views • 58 slides
Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi, Sungpack Hong, Nathan Bronson, Christos Kozyrakis, Kunle Olukotun Pervasive Parallelism Laboratory Stanford University 1 TM Design Alternatives

545 views • 21 slides
Compilation and Hardware Support for Approximate Acceleration Thierry Moreau , Adrian Sampson,

Compilation and Hardware Support for Approximate Acceleration Thierry Moreau , Adrian Sampson,

Compilation and Hardware Support for Approximate Acceleration Thierry Moreau , Adrian Sampson, Andre Baixo, Mark Wyse, Ben Ransford, Jacob Nelson, Hadi Esmaeilzadeh (Georgia Tech), Luis Ceze and Mark Oskin University of Washington

801 views • 45 slides
Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi, Sungpack Hong, Nathan Bronson, Christos Kozyrakis, Kunle Olukotun Pervasive Parallelism Laboratory Stanford University 1 TM Design Alternatives

315 views • 20 slides
Compact Binary Coalescence and the BMS Group Abhay Ashtekar Institute for Gravitation and the

Compact Binary Coalescence and the BMS Group Abhay Ashtekar Institute for Gravitation and the

Compact Binary Coalescence and the BMS Group Abhay Ashtekar Institute for Gravitation and the Cosmos &amp; Physics department, Penn State Applications of null geometry that would delight Jurek. Interplay of conceptual, mathematical and

423 views • 16 slides
Two New Features in Discrete Choice Experiments to Improve Willingness to Pay Estimation that

Two New Features in Discrete Choice Experiments to Improve Willingness to Pay Estimation that

Two New Features in Discrete Choice Experiments to Improve Willingness to Pay Estimation that Result in SDR and SADR: Separated (Adaptive) Dual Response Forthcoming in Management Science Christian Schlereth WHU Otto Beisheim School of

564 views • 39 slides
Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial

Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial

Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial Background Some concepts Stand- alone solver and AMPL interface Example C+ + code Less structured part: Q &amp; A More examples Future -

892 views • 35 slides
On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software Encryption 17, Tokyo Ashwin Jha 1 , Avradip Mandal 2 , Mridul Nandi 1 1 Indian Statistical Institute, Kolkata, India 2 Fujitsu Laboratories of America,

751 views • 28 slides
CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles

CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles

CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles Serving 5.8 million people With 4,000 staff and 1,500 volunteers Managed 1.1 million 999 calls last year Completed 500,000 non-

153 views • 11 slides
NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC

NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC

NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC Security Research with a Smartphone-Based Toolkit NFCGate | Klee, Roussos et al. | Secure Mobile Networking Lab Near-Field Communication (NFC) While

480 views • 25 slides
GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per

GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per

` GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per Byt yte Shay Gueron Yehuda Lindell Bar-Ilan University Haifa Univ. and Intel Appeared at ACM CCS 2015 ` How to Encry rypt wit ith a Blo

684 views • 30 slides
Storing passwords in Linux Stored in /etc/shadow seed:$6$5MfvmFOaDU$CVt7:14400:0:99999:7::

Storing passwords in Linux Stored in /etc/shadow seed:$6$5MfvmFOaDU$CVt7:14400:0:99999:7::

Storing passwords in Linux Stored in /etc/shadow seed:$6$5MfvmFOaDU$CVt7:14400:0:99999:7:: Colon-separated values, including: username:hash Hash is $-separated values: Id (6 = based on SHA-512, 1 = based on MD5, etc.)

887 views • 45 slides

More recommend