hardware arithmetic units and cryptoprocessors for
play

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic - PowerPoint PPT Presentation

Feb 07, 2023 •172 likes •591 views

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS IRISA Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS Lab-STICC Introduction 1 HTMM

  1. Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS – IRISA – Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS – Lab-STICC

  2. Introduction 1 HTMM – Hyper-Threaded Modular Multipliers 2 Hardware cryptoprocessors for HECC 3 Conclusion and Perspectives 4 G.Gallin Ph.D. Defense 29.11.2018 2 / 34

  3. Introduction Cybersecurity Challenges ◮ Digital systems are widely used in many applications ◮ economy: credit cards, online payments, ... ◮ medical: medical files, e-Health devices, ... ◮ Internet of Things (IoT): self-driving cars, smart homes, ... ◮ communications: telephony, emails, social networks, ... ◮ ... ◮ Strong needs for efficent digital security ◮ fast for user convinience ◮ reduced power consumption for battery-based systems ◮ small circuit area for embedded systems ◮ resistant to attacks: theoretical, logical and physical G.Gallin Ph.D. Defense 29.11.2018 3 / 34

  4. Introduction Example: Simplified Payment with Credit Cards Credit Card Terminal Bank Cryptographic primitives: ◮ authentication : asserts identity of user, credit card and bank ◮ integrity : ensures exchanged data are complete and unmodified ◮ confidentiality : asserts secrecy of exchanded data G.Gallin Ph.D. Defense 29.11.2018 4 / 34

  5. Introduction Overview on Cryptography: Symmetric Cryptography ◮ Also called secret-key cryptography ◮ Encryption and decryption with shared secret key key key x x o o 9 9 l l l l e d d e H . . H 5 5 message message Encryption Decryption sender receiver ◮ Very efficient and wildely used to ensure confidentiality ◮ Problems with symmetric cryptography ◮ secret key must be shared between sender and receiver ◮ communications with several parties → many keys to manage G.Gallin Ph.D. Defense 29.11.2018 5 / 34

  6. Introduction Overview on Cryptography: Asymmetric Cryptography ◮ Also known as public-key cryptography (PKC) ◮ uses a pair of private key and public key ◮ extensively used for digital signatures and key exchanges ◮ more expensive than symmetric cryptography ◮ First PKC: RSA proposed by Rivest, Shamir and Adleman in 1978 ◮ huge commercial success and still widely used ◮ large keys ( > 2000 bits recommended) and very costly for embedded applications ◮ E lliptic C urve C ryptography by Miller in 1985 and Koblitz in 1987 ◮ 200 to 500 bits keys recommended: better performances than RSA ◮ current PKC standard for various secured applications e.g. french passports or secured Internet browsing G.Gallin Ph.D. Defense 29.11.2018 6 / 34

  7. Introduction H yper- E lliptic C urve C ryptography ◮ HECC proposed by Koblitz in 1988 ◮ size of internal values divided by 2 but more arithmetic operations ◮ before late 2000s, HECC was less efficient than ECC ◮ New HECC cryptosystem proposed by Gaudry [1] in 2007 ◮ requires less arithmetic operations ◮ more efficient than ECC in theory ◮ size of internal values is around 128 bits (equiv. to ECC 256b) ◮ µ Kummer proposed by Renes et al. [6] in 2016 ◮ software implementation of Gaudry’s HECC on microcontrollers ◮ -75% and -35% time for digital signature and key exchange ◮ Very few recent hardware implementations of recent HECC cryptosystems G.Gallin Ph.D. Defense 29.11.2018 7 / 34

  8. Introduction HAH Project ◮ H ardware and A rithmetic for H ECC ◮ 3-year labex project (2014-2017) involving ◮ IRISA / Lab-STICC funded by labex CominLabs and Britanny region ◮ IRMAR lab. for mathematics funded by labex Lebesgue G.Gallin Ph.D. Defense 29.11.2018 8 / 34

  9. Introduction HAH Project: Objectives ◮ Propose new units for basic arithmetic operations in HECC ◮ modular arithmetic for 128–300-bit operands ◮ design small circuits with high frequencies and low computation time ◮ Design new hardware cryptoprocessors for HECC ◮ implement best state-of-the-art HECC cryptosystems ◮ explore various performance vs. cost tradeoffs ◮ confirm efficiency of HECC vs. ECC in hardware ◮ Robust against physical attacks: SPA (Simple Power Analysis) ◮ Flexible designs to support different curves and parameters G.Gallin Ph.D. Defense 29.11.2018 9 / 34

  10. HTMM – Hyper-Threaded Modular Multipliers Summary Introduction 1 HTMM – Hyper-Threaded Modular Multipliers 2 Hardware cryptoprocessors for HECC 3 Conclusion and Perspectives 4 G.Gallin Ph.D. Defense 29.11.2018 10 / 34

  11. HTMM – Hyper-Threaded Modular Multipliers Modular Operations in HECC ◮ HECC requires to compute arithmetic operations ( ± , × ) in GF( P ) ◮ operands and results ∈ { 0 , 1 , ..., P − 1 } ◮ P is a 100–300-bit prime ◮ Most frequent and costly operation: modular multiplication (MM) e.g. 75% of overall computation time in µ Kummer [6] ◮ Example: multiplications modulo small P = 23 2 × 10 = 20 2 × 10 mod 23 = 20 9 × 18 = 162 9 × 18 mod 23 = 1 4 × 10 = 40 4 × 10 mod 23 = 17 19 × 17 = 323 19 × 17 mod 23 = 1 G.Gallin Ph.D. Defense 29.11.2018 11 / 34

  12. HTMM – Hyper-Threaded Modular Multipliers Modular Reduction ◮ Fast reduction modulo specific primes with specific structures ◮ e.g. Mersenne prime P = 2 127 − 1 ∗ used in µ Kummer: ◮ limited to very few primes: not possible with flexibility constraints ◮ Reduction modulo generic primes ◮ more complex but supports all primes of a given max. size ◮ several efficient algorithms for operations modulo generic P ∗ 2 127 − 1 = (111111111111111111111111 ... 111111111111111111111111) 2 G.Gallin Ph.D. Defense 29.11.2018 12 / 34

  13. HTMM – Hyper-Threaded Modular Multipliers Modular Multiplication: Montgomery’s Algorithm ◮ M ontgomery M odular M ultiplication proposed in 1985 [5] ◮ best MM algorithm for generic primes P ◮ max. size of P : m − 2 bits G.Gallin Ph.D. Defense 29.11.2018 13 / 34

  14. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  15. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  16. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  17. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  18. HTMM – Hyper-Threaded Modular Multipliers Hyper-Threading: Principle ◮ Dependencies in CIOS → idle stages in the pipeline time ◮ Our solution: fill idle pipeline stages with independent MMMs time ◮ H yper- T hreaded M odular M ultiplier ◮ HTMM: physical unit computing σ independent MMMs concurrently ◮ hardware ressources are shared among σ Logical Multipliers (LMs) G.Gallin Ph.D. Defense 29.11.2018 15 / 34

  19. HTMM – Hyper-Threaded Modular Multipliers HTMM Architecture ◮ Based on 3 pipelined blocks (1 for each partial product in CIOS) ◮ Width of internal words fixed to w = 34 bits → only 9 DSP slices ◮ 3 to 4 stages in DSP slices to reach high frequencies RAM RAM Task 3 Task 2 0 Task 1 G.Gallin Ph.D. Defense 29.11.2018 16 / 34

  20. HTMM – Hyper-Threaded Modular Multipliers Tools for Architectures Exploration ◮ Many HTMM parameters to explore: size of P ( e.g. 128 or 256 bits), w , number of LMs, configurations of memories and DSP slices, algorithmic optimizations, ... ◮ We designed a software HTMM generator ◮ allows fast generation of VHDL codes for many HTMM specifications ◮ and optimized for various FPGAs ( e.g. pipeline config. in DSP slices) ◮ available as open-source 1 ◮ HTMM generator also offers support for some third-party softwares ◮ Xilinx tools for implementation, simulation and evaluation ◮ Sage mathematics software 2 for numerical validation of HTMM 1 HTMM generator available at https://sourcesup.renater.fr/htmm/ 2 available as open-source at http://www.sagemath.org/ G.Gallin Ph.D. Defense 29.11.2018 17 / 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a

Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a

1. Introduction 2. Binary Representation Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a number of arithmetic operators which are used to 5. Standard input and output combine variables and

403 views • 3 slides
Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

COMPUTER ORGANIZATION AND DESIGN 5 th Edition The Hardware/Software Interface Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers Operations on integers Addition and subtraction

718 views • 57 slides
Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU)

Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU)

Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU) Arithmetic Logic Unit (ALU) Data Arithmetic Unit LD0 32-bits 16 16 8 8 8 8 R7 R7.H R7.L R6 R6.H R6.L LD1 32-bits R5 R5.H R5.L

629 views • 61 slides
Basic hardware The main units Csernyi G abor Department of English Linguistics University of

Basic hardware The main units Csernyi G abor Department of English Linguistics University of

Basic hardware The main units Csernyi G abor Department of English Linguistics University of Debrecen Csernyi G abor (DE IEAS) Basic hardware 1 / 19 Table of contents Hardware division 1 The central unit 2 The micropocessor The

543 views • 21 slides
Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations

Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations

Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations Designing an ALU 1 Boolean Algebra Equations involving two values and three primary operators: OR : symbol + , X = A + B X is true if at

240 views • 22 slides
Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth

Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth

Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth Rajaa Jajati Keshari Sahoo Department of Mathematics, BITS Pilani Goa Campus Introduction Stock Prediction as a Pattern Recognition Task Deep

756 views • 16 slides
HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University

HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University

HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 3810: Computer Organization Overview Past lectures High-level stuff mostly on ISA, Assembly, and number representation This

487 views • 20 slides
Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for

Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for

Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen September 30, 2014 Markus Ongyerth:

514 views • 20 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic

Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic

Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic Operators integer and fixed point floating point Arnaud Tisserand Exotic number systems logarithmic number system (LNS) CNRS, IRISA

534 views • 18 slides
Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and

Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and

Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and logical operations Branches for loops and conditions Memory Functions Stack Calling conventions Talking To Hardware Input and Output

310 views • 19 slides
Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course Requirements Required English Language Arts 4 Units Mathematics 4 Units Science 3 Units Social Studies 3 Units Health .5 Units Physical Education

251 views • 24 slides
Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course Requirements Required English Language Arts 4 Units Mathematics 4 Units Science 3 Units Social Studies 3 Units Health .5 Units Physical Education

419 views • 25 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
(NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction

(NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction

National Public Key Infrastructure (NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures

303 views • 7 slides
Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

quinn emanuel trial lawyers | australia Level 15, 111 Elizabeth Street, Sydney NSW 2000, Australia | TEL +61 2 9146 3500 Level 41, 108 St Georges Terrace, Perth WA 6000 Australia | TEL +61 8 6382 3000 Law: Business or Profession Conference of

341 views • 22 slides
Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman

Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman

Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman (November 2017) Did you know You are all consumers Aims This session will provide you as advisers in law centres- with an introduction

954 views • 63 slides
Fidelity Bank Investor Presentation Unaudited Financial Results for the 3 months ended March 31,

Fidelity Bank Investor Presentation Unaudited Financial Results for the 3 months ended March 31,

Fidelity Bank Investor Presentation Unaudited Financial Results for the 3 months ended March 31, 2017 www.fidelitybank.ng Outline 1. Overview of Fidelity Bank 2. The Operating Environment 3. Financial Highlights 4. Financial

619 views • 39 slides
Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017 Audun Jsang - 2018 PQ Crypto Challenges 2 Aftenposten.no, 10 May 2018 Audun Jsang - 2018 PQ Crypto Challenges 3 Principle for Quantum

587 views • 42 slides
Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

416 views • 26 slides
Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Practical Security and Key Management Management University of Amsterdam Introduction SNE - Research Project 2 Research Question Security levels Secure elements By: Key Magiel van der Meer management PGP

778 views • 20 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides

More recommend