hardware datapath verification using commutative algebra
play

Hardware Datapath Verification using Commutative Algebra and - PowerPoint PPT Presentation

Oct 30, 2022 •418 likes •1.37k views

Hardware Datapath Verification using Commutative Algebra and Algebraic Geometry Priyank Kalla Associate Professor Electrical and Computer Engineering, University of Utah kalla@ece.utah.edu http://www.ece.utah.edu/~kalla A tutorial presented

  1. Hardware Datapath Verification using Commutative Algebra and Algebraic Geometry Priyank Kalla Associate Professor Electrical and Computer Engineering, University of Utah kalla@ece.utah.edu http://www.ece.utah.edu/~kalla A tutorial presented at the joint session of SAT, DIFTS and FMCAD 2015 Research funded in part by the US National Science Foundation

  2. The Core Message of the Tutorial Modern Algebraic Geometry Study of the zeros of multivariate polynomials Infeasible to enumerate the solutions Reason about various properties of the solution-sets Employ techniques that lie at the cross-roads of number-theory, commutative algebra, geometry Use of Gr¨ obner bases as a powerful reasoning engine Hardware datapaths possess structure and symmetry in the problem Gr¨ obner bases help identify this structure/symmetry Exploit this structure/symmetry to engineer domain-specific implementations for datapath verification Enables verification of hard datapath verification problems P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 2 / 54

  3. Tutorial Objective and Agenda Formal verification of datapath implementations (RTL) Word-level abstractions from designs, symbolic techniques Model bit-precise semantics at word-level Applications: Cryptography, Error Control Circuits, Signal Processing P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 3 / 54

  4. Tutorial Objective and Agenda Formal verification of datapath implementations (RTL) Word-level abstractions from designs, symbolic techniques Model bit-precise semantics at word-level Applications: Cryptography, Error Control Circuits, Signal Processing Equivalence check: specification ( Spec ) vs implementation ( Impl ) Spec and Impl : same function? RTL: functions over k -bit vectors k -bit vector �→ Boolean domain B k (mod 2 k ) = Z 2 k k -bit vector �→ integers k -bit vector �→ Galois (Finite) field F 2 k P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 3 / 54

  5. Tutorial Objective and Agenda Formal verification of datapath implementations (RTL) Word-level abstractions from designs, symbolic techniques Model bit-precise semantics at word-level Applications: Cryptography, Error Control Circuits, Signal Processing Equivalence check: specification ( Spec ) vs implementation ( Impl ) Spec and Impl : same function? RTL: functions over k -bit vectors k -bit vector �→ Boolean domain B k (mod 2 k ) = Z 2 k k -bit vector �→ integers k -bit vector �→ Galois (Finite) field F 2 k Approach: Computer Algebra Techniques Model: Polynomial functions over f : Z 2 k → Z 2 k or f : F 2 k → F 2 k Devise decision procedures for polynomial function equivalence Commutative algebra, algebraic geometry + contemporary verification P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 3 / 54

  6. Verification of Galois field circuits Wide applications of Galois field (GF) circuits Cryptography : RSA, Elliptic Curve Cryptography (ECC) Error Correcting Codes, Digital Signal Processing, etc. P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 4 / 54

  7. Verification of Galois field circuits Wide applications of Galois field (GF) circuits Cryptography : RSA, Elliptic Curve Cryptography (ECC) Error Correcting Codes, Digital Signal Processing, etc. Bugs in GF arithmetic circuits can leak secret keys Biham et al., “Bug Attacks”, Crypto 2008 [1] P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 4 / 54

  8. Verification of Galois field circuits Wide applications of Galois field (GF) circuits Cryptography : RSA, Elliptic Curve Cryptography (ECC) Error Correcting Codes, Digital Signal Processing, etc. Bugs in GF arithmetic circuits can leak secret keys Biham et al., “Bug Attacks”, Crypto 2008 [1] Target problems Given Galois field F 2 k , polynomial f , and circuit C Verify: circuit C implements f ; or find the bug Given circuit C , with k -bit inputs and outputs Derive a polynomial representation for C over f : F 2 k → F 2 k Word-level abstraction as a canonical polynomial representation P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 4 / 54

  9. Verification of Galois field circuits Wide applications of Galois field (GF) circuits Cryptography : RSA, Elliptic Curve Cryptography (ECC) Error Correcting Codes, Digital Signal Processing, etc. Bugs in GF arithmetic circuits can leak secret keys Biham et al., “Bug Attacks”, Crypto 2008 [1] Target problems Given Galois field F 2 k , polynomial f , and circuit C Verify: circuit C implements f ; or find the bug Given circuit C , with k -bit inputs and outputs Derive a polynomial representation for C over f : F 2 k → F 2 k Word-level abstraction as a canonical polynomial representation Solutions employing Nullstellensatz over F 2 k + Gr¨ obner Basis methods Focus: Techniques and implementations to address scalability Term-orders, custom F 4 -style reduction P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 4 / 54

  10. Galois Field Overview Galois field F q is a finite field with q elements, q = p k , p = prime 0 , 1 elements, associate, commutative, distributive laws Closure property: + , − , × , inverse ( ÷ ) Our interest: F q = F 2 k ( q = 2 k ) F 2 k : k -dimensional extension of F 2 = { 0 , 1 } k -bit bit-vector, AND/XOR arithmetic Efficient crypto-hardware implementations To construct F 2 k F 2 k ≡ F 2 [ x ] (mod P ( x )) P ( x ) ∈ F 2 [ x ], irreducible polynomial of degree k Operations performed (mod P ( x )) and coefficients reduced (mod 2) P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 5 / 54

  11. Example Field Construction: F 8 Construct: F 2 3 = F 2 [ x ] (mod P ( x ) = x 3 + x + 1) Consider any polynomial A ( x ) ∈ F 2 [ x ] A ( x ) (mod x 3 + x + 1) = a 2 x 2 + a 1 x + a 0 . Let P ( α ) = 0: � a 2 , a 1 , a 0 � = � 0 , 0 , 0 � = 0 � a 2 , a 1 , a 0 � = � 0 , 0 , 1 � = 1 � a 2 , a 1 , a 0 � = � 0 , 1 , 0 � = α � a 2 , a 1 , a 0 � = � 0 , 1 , 1 � = α + 1 � a 2 , a 1 , a 0 � = � 1 , 0 , 0 � = α 2 � a 2 , a 1 , a 0 � = � 1 , 0 , 1 � = α 2 + 1 � a 2 , a 1 , a 0 � = � 1 , 1 , 0 � = α 2 + α � a 2 , a 1 , a 0 � = � 1 , 1 , 1 � = α 2 + α + 1 P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 6 / 54

  12. Polynomial Functions f : F q → F q Every function is a polynomial function over F q Consider 1-bit right-shift operation Z [2 : 0] = A [2 : 0] >> 1 { a 2 a 1 a 0 } A → { z 2 z 1 z 0 } Z 000 0 → 000 0 001 1 → 000 0 010 α → 001 1 011 α + 1 → 001 1 α 2 100 → 010 α α 2 + 1 101 → 010 α α 2 + α 110 → 011 α + 1 α 2 + α + 1 111 → 011 α + 1 P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 7 / 54

  13. Polynomial Functions f : F q → F q Every function is a polynomial function over F q Consider 1-bit right-shift operation Z [2 : 0] = A [2 : 0] >> 1 { a 2 a 1 a 0 } A → { z 2 z 1 z 0 } Z 000 0 → 000 0 001 1 → 000 0 010 α → 001 1 011 α + 1 → 001 1 α 2 100 → 010 α α 2 + 1 101 → 010 α α 2 + α 110 → 011 α + 1 α 2 + α + 1 111 → 011 α + 1 Z = ( α 2 + 1) A 4 + ( α 2 + 1) A 2 over F 2 3 where α 3 + α + 1 = 0 P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 7 / 54

  14. Verification Application: Elliptic Curve Cryptography Encryption, Decryption & Authentication using point addition: P + Q = R y 2 + xy = x 3 + ax 2 + b over F 2 k Compute Slope: y 2 − y 1 −R x 2 − x 1 R = P + Q Computation of Q inverses over F 2 k is expensive P R P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 8 / 54

  15. Point addition using Projective Co-ordinates Y 2 + XYZ = X 3 Z + aX 2 Z 2 + bZ 4 over F 2 k Curve: Let ( X 3 , Y 3 , Z 3 ) = ( X 1 , Y 1 , Z 1 ) + ( X 2 , Y 2 , 1) A = Y 2 · Z 2 1 + Y 1 E = A · C X 3 = A 2 + D + E B = X 2 · Z 1 + X 1 C = Z 1 · B F = X 3 + X 2 · Z 3 D = B 2 · ( C + aZ 2 1 ) G = X 3 + Y 2 · Z 3 Z 3 = C 2 Y 3 = E · F + Z 3 · G P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 9 / 54

  16. Point addition using Projective Co-ordinates Y 2 + XYZ = X 3 Z + aX 2 Z 2 + bZ 4 over F 2 k Curve: Let ( X 3 , Y 3 , Z 3 ) = ( X 1 , Y 1 , Z 1 ) + ( X 2 , Y 2 , 1) A = Y 2 · Z 2 1 + Y 1 E = A · C X 3 = A 2 + D + E B = X 2 · Z 1 + X 1 C = Z 1 · B F = X 3 + X 2 · Z 3 D = B 2 · ( C + aZ 2 1 ) G = X 3 + Y 2 · Z 3 Z 3 = C 2 Y 3 = E · F + Z 3 · G No inverses, just addition and multiplication Verify ECC hardware primitives: circuits for GF Multiplication and exponentiation Challenge: Large datapath size, from k = 163-bits to 1000+ bits P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 9 / 54

  17. Field polynomials of F q Theorem (Fermat’s Little Theorem over F q ) For any element α ∈ F q , then α q = α . Vanishing Polynomials The polynomial ( x q − x ) vanishes (= 0) on all points in F q . We call ( x q − x ) a vanishing polynomial of F q . P. Kalla (Univ. of Utah) Verify Datapath using Algebra & Geometry 10 / 54

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Commutative Algebra Lecture 2 Last time Course set-up: 5 homeworks What and Why of normal

Commutative Algebra Lecture 2 Last time Course set-up: 5 homeworks What and Why of normal

Commutative Algebra Lecture 2 Last time Course set-up: 5 homeworks What and Why of normal subgroups (quotients!) Homomorphisms preserve structure (will review) Commutative Rings can add and multiply Most important example: Z

262 views • 10 slides
Test sets of commutative languages t epn Holub Department of Algebra Charles University

Test sets of commutative languages t epn Holub Department of Algebra Charles University

Test sets of commutative languages t epn Holub Department of Algebra Charles University in Prague JM06, 29th August, Rennes t epn Holub Test sets of commutative languages Commutative languages Commutative closure of a word u

522 views • 39 slides
MA 526 Commutative Algebra / JanApril 2018 (MSc and Ph. D. Programmes) Mobile : 07975952079

MA 526 Commutative Algebra / JanApril 2018 (MSc and Ph. D. Programmes) Mobile : 07975952079

Department of Mathematics, IISc, Bangalore, Prof. Dr. D. P . Patil MA 526 Commutative Algebra / JanApril 2018 MA 526 Commutative Algebra / JanApril 2018 (MSc and Ph. D. Programmes) Mobile : 07975952079 E-mails : patil@iisc.ac.in Lectures :

350 views • 3 slides
based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

Finding Critical Clauses in SMT- based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king Still faces scaling issues, particularly for data-path properties Satisfiability Modulo Theories (SMT) can

605 views • 5 slides
Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

3/21/2011 Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting hardware designs right [using ideas from computer science] Mary Sheeran Verification Design verification is the task of establishing that a

598 views • 15 slides
Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting hardware designs right [using ideas from computer science] Mary Sheeran Verification Design verification is the task of establishing that a given

756 views • 30 slides
New reduction techniques in commutative algebra driven by logical methods an invitation

New reduction techniques in commutative algebra driven by logical methods an invitation

Summary The forcing model Revisiting the test cases New reduction techniques in commutative algebra driven by logical methods an invitation Ingo Blechschmidt Universit di Verona Logic Seminar Padova December 5st, 2018 0 / 7

633 views • 29 slides
Solving Multivariate Polynomial Systems and an Invariant from Commutative Algebra Alessio

Solving Multivariate Polynomial Systems and an Invariant from Commutative Algebra Alessio

Solving Multivariate Polynomial Systems and an Invariant from Commutative Algebra Alessio Caminata (Universitat de Barcelona) joint work with Elisa Gorla PQCrypto 2017 Utrecht, 2628 June 2017 Algebraic attack with Gr obner bases

376 views • 6 slides
SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta agupta@nec-labs.com NEC Laboratories America Princeton, U.S.A. Acknowledgements: Pranav Ashar, Malay Ganai, Zijiang Yang, Chao Wang, Akira Mukaiyama,

1.31k views • 118 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification Outline Open Source Hardware Verification 2019-03-07

189 views • 6 slides
Hardware description and verification Getting hardware designs right [using ideas from computer

Hardware description and verification Getting hardware designs right [using ideas from computer

Hardware description and verification Getting hardware designs right [using ideas from computer science] TECHNICAL VHDL PSL Gaislers 2 process method Writing VHDL code CTL (LTL) .... PSL circuit

386 views • 14 slides
1. Boolean Algebra 1.1 Boolean Algebra Basics Verification Technology AND-operation

1. Boolean Algebra 1.1 Boolean Algebra Basics Verification Technology AND-operation

Fachgebiet Rechnersysteme Technische Universitt Verification Technology Darmstadt 1. Boolean Algebra Fachgebiet Rechnersysteme 1 1. Boolean Algebra 3 1.1 Boolean algebra basics 1. Boolean Algebra 1.1 Boolean Algebra Basics

705 views • 18 slides
Local Rings and Completions Williams College SMALL REU Commutative Algebra Group Anna

Local Rings and Completions Williams College SMALL REU Commutative Algebra Group Anna

Background Previous Results Original Results Local Rings and Completions Williams College SMALL REU Commutative Algebra Group Anna Kirkpatrick, University of South Carolina Sander Mack-Crane, Case Western Reserve University August 1, 2013

398 views • 38 slides
FSMD%Block%Diagram FSM$Datapath*Systems Datapath%Elements

FSMD%Block%Diagram FSM$Datapath*Systems Datapath%Elements

FSMD%Block%Diagram FSM$Datapath*Systems Datapath%Elements FSMD%Example%Requires%RAM,%Comparator,%Counter Altera%LPM%library%has%many%elements%useful%for% building%common%datapath%functions LPM_RAM_DQ%%

649 views • 19 slides
CoCoALib a C++ library for Computations in Commutative Algebra John Abbott Universit di

CoCoALib a C++ library for Computations in Commutative Algebra John Abbott Universit di

CoCoALib a C++ library for Computations in Commutative Algebra John Abbott Universit di Genova, Italy John Abbott (Univ. di Genova) CoCoALib Linz 2007 1 / 7 Outline What is CoCoALib? The old and the new Current state Inheritance Twin

420 views • 7 slides
1 Boolean Algebra 1. Boolean Algebra Verification Technology Content 1.1 Boolean algebra basics

1 Boolean Algebra 1. Boolean Algebra Verification Technology Content 1.1 Boolean algebra basics

Fachgebiet Rechnersysteme 1. Boolean Algebra 1 1 Boolean Algebra 1. Boolean Algebra Verification Technology Content 1.1 Boolean algebra basics (recap) 1 2 Reasoning about Boolean expressions 1.2 Reasoning about Boolean expressions 1.

1.22k views • 69 slides
LREC/ZREC Year 4 RFP I nfo rma tio na l We b ina r Ma y 15, 2015 1 Program Overview Christie

LREC/ZREC Year 4 RFP I nfo rma tio na l We b ina r Ma y 15, 2015 1 Program Overview Christie

LREC/ZREC Year 4 RFP I nfo rma tio na l We b ina r Ma y 15, 2015 1 Program Overview Christie Bra dwa y, E ve rso urc e Ga ry Zie la nski, UI 2 Presentation Questions Sub mit q ue stio ns via e ma il o nly: L RE C.ZRE C@ e ve

1.01k views • 72 slides
One Community at a Time: Strengthening New Mexico by Boosting Local Economic Development

One Community at a Time: Strengthening New Mexico by Boosting Local Economic Development

One Community at a Time: Strengthening New Mexico by Boosting Local Economic Development Presentation to the Economic and Rural Development Interim Committee Friday, October 12, 2018 Presenters Grant Taylor, Economic Policy New Mexico

364 views • 19 slides
WEL WELCOME TO TAM AMPA BAY WEL WELCOME TO TAM AMPA BAY DY DYK? # 1 MARKET FOR FI RST TI

WEL WELCOME TO TAM AMPA BAY WEL WELCOME TO TAM AMPA BAY DY DYK? # 1 MARKET FOR FI RST TI

WEL WELCOME TO TAM AMPA BAY WEL WELCOME TO TAM AMPA BAY DY DYK? # 1 MARKET FOR FI RST TI ME HOME BUYERS Zillow # 1 BEST CI TI ES FOR W OMEN TO START A BUSI NESS Business.org TAMPA RANKS NAMED ONE OF AMONG TOP 2 5 MOST THE W

775 views • 28 slides
KIDS Data Use Webinar Dana Ansel, PhD | Camille Lemieux | Billie Jo Day, PhD 11/29/17 Meet the

KIDS Data Use Webinar Dana Ansel, PhD | Camille Lemieux | Billie Jo Day, PhD 11/29/17 Meet the

KIDS Data Use Webinar Dana Ansel, PhD | Camille Lemieux | Billie Jo Day, PhD 11/29/17 Meet the Presenters Dana Ansel, PhD Camille Lemieux Billie Jo Day, PhD Scientist Research Assistant Researcher REL Midwest REL Midwest REL Midwest

877 views • 48 slides
Market Overview: Senior Dental Brenton Pyle, FSA, MAAA Consulting Actuary CSG Actuarial, LLC

Market Overview: Senior Dental Brenton Pyle, FSA, MAAA Consulting Actuary CSG Actuarial, LLC

Market Overview: Senior Dental Brenton Pyle, FSA, MAAA Consulting Actuary CSG Actuarial, LLC www.csgactuarial.com Dental Market: Overview Senior Dental Market Overview Need For Care Market Size Product Design Projections

345 views • 19 slides
Elders in Public Housing: Elders in Public Housing: An opportunity for prevention An opportunity

Elders in Public Housing: Elders in Public Housing: An opportunity for prevention An opportunity

Elders in Public Housing: Elders in Public Housing: An opportunity for prevention An opportunity for prevention Judith A. Jones, DDS, MPH, DScD Judith A. Jones, DDS, MPH, DScD Professor and Chair Professor and Chair Department of General

280 views • 9 slides
Spatiotemporal Pattern Extraction by Spectral Analysis of Vector-valued Observables Dimitris

Spatiotemporal Pattern Extraction by Spectral Analysis of Vector-valued Observables Dimitris

Spatiotemporal Pattern Extraction by Spectral Analysis of Vector-valued Observables Dimitris Giannakis Center for Atmosphere Ocean Science Courant Institute of Mathematical Sciences New York University Geometry and Topology of Data ICERM,

845 views • 25 slides
Cryptanalysis of AES-PRF and Its Dual Patrick Derbez 1 Tetsu Iwata 2 Ling Sun 3 , 4 Siwei Sun 5

Cryptanalysis of AES-PRF and Its Dual Patrick Derbez 1 Tetsu Iwata 2 Ling Sun 3 , 4 Siwei Sun 5

Motivation Preliminary Overview Attacks on AES-PRF Attacks on Dual-AES-PRF Conclusion Cryptanalysis of AES-PRF and Its Dual Patrick Derbez 1 Tetsu Iwata 2 Ling Sun 3 , 4 Siwei Sun 5 Yosuke Todo 6 Haoyang Wang 4 Meiqin Wang 3 1. Univ Rennes,

534 views • 25 slides

More recommend