high performance ecc over nist primes on commercial fpgas
play

High Performance ECC over NIST Primes on Commercial FPGAs ECC 2008, - PowerPoint PPT Presentation

Nov 21, 2023 •158 likes •485 views

High Performance ECC over NIST Primes on Commercial FPGAs ECC 2008, Utrecht, September 22-24, 2008 Tim Gneysu Horst Grtz Institute for IT-Security Ruhr University of Bochum, Germany Agenda Introduction and Motivation Brief

  1. High Performance ECC over NIST Primes on Commercial FPGAs ECC 2008, Utrecht, September 22-24, 2008 Tim Güneysu Horst Görtz Institute for IT-Security Ruhr University of Bochum, Germany

  2. Agenda • Introduction and Motivation • Brief Survey on Reconfigurable Computing and FPGAs • Modern FPGA devices and Arithmetic Applications • Novel Architectures for ECC over NIST primes • Results and Conclusions

  3. Agenda • Introduction and Motivation • Brief Survey on Reconfigurable Computing and FPGAs • Modern FPGA devices and Arithmetic Applications • Novel Architectures for ECC over NIST primes • Results and Conclusions

  4. Introduction and Motivation • Some recent and future systems require high-speed cryptography facilities processing hundreds of asymmetric message signatures per second . – Car-to-car communication – Aggregators in wireless sensor node systems • Typical challenges: – Small and embedded systems providing high-speed asymmetric crypto � best choice seems to be ECC! – Small µP (Atmel/ARM) are too slow for high-performance ECC � use dedicated crypto hardware – ECC using binary curves in hardware is most efficient but patent situation on algorithms and implementations is unclear – National bodies prefer ECC over prime field (FIPS 186-2, Suite B)

  5. High Performance Hardware Implementations • Two main flavors of application- specific hardware chips Integrated – ASICs Circuit (IC) – FPGAs • This talk targets ECC on FPGAs – Reconfiguration feature enables adaption of security parameters and algorithms if necessary – Good choice for applications Field Programmable Application Specific Gate Arrays (FPGA) Integrated Circuit (ASIC) with low/medium market volume - reconfigurable logic - fixed logic - medium/high performance - very high performance - medium cost per chip - low cost per chip - quick/cheap development - expensive development

  6. History of ECC Implementation on FPGAs • First ECC implementation for prime fields with FPGAs in 2001: G. Orlando, C. Paar, A scalable GF(p) elliptic curve processor architecture for programmable hardware, CHES 2001 • Since this milestone several improvements were made: – Use of dedicated multipliers in FPGAs, e.g. in C. McIvor, M. McLoone, J. McCanny, An FPGA elliptic curve cryptographic accelerator over GF(p), Irish Signals and Systems Conference, ISSC 2004. – Algorithmic optimizations, e.g. use of fabric-based CIOS multipliers: K. Sakiyama, N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede, Reconfigurable Modular Arithmetic Logic Unit Supporting High-performance RSA and ECC over GF(p), International Journal of Electronics 2007.

  7. ECC over Prime Fields on FPGAs • Recent ECC solutions over primes fields on FPGAs are significantly slower than software-based approaches – FPGA designs run at much lower clock frequencies than µP • Typical ECC designs on FPGAs run at 40-100 MHz • Point multiplication on FPGAs takes more than 3ms for ECC-256 • Software-based ECC (Core2Duo) is far below 1ms ! – Many hardware implementations use wide adders or multipliers � slow carry propagation – Complex routing within and between arithmetic units � long signal paths slow down clock frequency • Our high-performance ECC core based on standardized NIST primes for Xilinx Virtex-4 FPGAs closes this performance gap! [CHES 2008]

  8. Changing the Implementation Concept • Our different concept how to accelerate ECC on FPGAs : Shift all field operations into arithmetic hardcore extensions of FPGAs! – Modern FPGAs integrate arithmetic hardcores originally designed to accelerate Digital Signal Processing (DSP) applications – Compute all field operations with DSP hardcores instead of using the generic logic – Allows for higher clock rates AND saves logical resources of the FPGA

  9. Agenda • Introduction and Motivation • Brief Survey on Reconfigurable Computing and FPGAs • Modern FPGA devices and Arithmetic Applications • Novel Architectures for ECC over NIST primes • Results and Conclusions

  10. Brief History of FPGAs • First FPGAs came up in mid 1980‘s with a gate complexity of 1200 gates (e.g., Xilinx XC2064 ) – Significantly too small for (asymmetric) crypto 1985 • Luckily, Moore‘s Law still holds true! – On average, the number of transistors per chip are (roughly) doubled each 18 months – With increasing chip complexity and features, FPGAs gained attractivity also for the cryptographic community – First ECC implementation over prime fields in 2001! • Todays (2008) FPGAs provide 2008 – Several millions of logic gates ( Xilinx Virtex-5 ) – Clock frequencies up to 550 MHz – Dedicated memories and function hardcores

  11. Generic FPGA Structure (simplified) IO IO IO IO IO IO IO IO IO IO Long CLB CLB CLB CLB IO IO Routes Switch matrix IO IO CLB CLB CLB CLB IO IO Input/output IO IO CLB CLB CLB CLB Configurable Logic IO IO Block IO IO CLB CLB CLB CLB IO IO IO IO IO IO IO IO IO IO

  12. Configurable Logic Block (simplified) SHIFTIN COUT CLB COUT Slice (3) Slice 4-input LUT 16 bit 4 Slice (1) LUT Switch Matrix FF COUT Interconnect to Neighbors CIN Slice (2) 1 bit Flipflop FF 16 bit 4 LUT Slice (0) CIN SHIFTOUT CIN • A Configurable Logic Block (Virtex4) consists of 4 slices each with – 4-to-1 bit Lookup Table (LUT) used as function generator (4 input, 1 output), 16-bit shift register, 16-bit RAM – Dedicated storage elements (1-bit flip flop) – Multiplexers, arithmetic gates for fast multipliers/carry logic – Connection to other FPGA elements either through switch matrix (long distance) and local routes (short distance)

  13. Hardware Applications on FPGAs • Most hardware applications are designed using Hardware Description Languages (no schematics anymore!!) • Description is translated and mapped using powerful tools into CLBs • Golden rules for high-performance hardware design (informal): – R1 : Exploit parallelism as much as possible (only then FPGAs can do better than Pentiums) – R2 : Use pipelining techniques (to reduce length of critical path) – R3 : Aim for uniform data flow (avoid conditional branches) Floorplan of a 32-bit Counting Application on a (tiny) Virtex-E FPGA (XCV50E)

  14. Example: Software vs. Hardware • Modular addition in software and hardware: C = A + B mod P A B P + - <0 PC C FPGA Approach in software : Approach in hardware (C-like syntax): { { C = A + B; S = A + B; [FA] if (C > P) then T = S - P; [FA] C = C - P; C = (T<0) ? S : T; [MUX] end if; } } conditional computation uniform data flow

  15. Agenda • Introduction and Motivation • Brief Survey on Reconfigurable Computing and FPGAs • Modern FPGA devices and Arithmetic Applications • Novel Architectures for ECC over NIST primes • Results and Conclusions

  16. Features of Modern FPGAs CLB CLB CLB CLB • Generic logic of FPGAs is great I/O CLB CLB CLB CLB but it introduces a lot of overhead CLB CLB CLB CLB DSP B • Performance penalty due to the CLB CLB CLB CLB 18K I/O dynamic logic w.r.t. to ASICs BRAM CLB CLB CLB CLB DSP A CLB CLB CLB CLB • Hence, modern devices provide I/O CLB CLB CLB CLB additional dedicated functions DSP B like block memories and arithmetic CLB CLB CLB CLB 18K hardcores to accelerate DSP BRAM CLB CLB CLB CLB applications I/O DSP A CLB CLB CLB CLB • Since 2003, DSP hardcores are I/O I/O I/O I/O CLK integrated, e.g., in Xilinx Virtex 4/5 and Altera Stratix II/II GX devices Structure of a modern Xilinx Virtex-4 FPGA

  17. DSP block of Virtex-4 Devices • Contains an 18 bit signed multiplier 18 18 DSP • 48 bit three-input adder/subtracter • Can be cascaded with neighboring DSP using direct routes From previous • Can operate at the maximum DSP i+1 device speed (500 MHz) 48 48 To next DSP • Supports several operation modes 48 – Adder/subtracter (ADD/SUB) – Multiplier (MUL) i – Multiply & accumulate (MACC) Multiply-Accumulate Mode (MACC) P = P i-1 ± (A · B + Carry)

  18. Additional Design Rules for DSP Blocks • For maximum performance , designs with DSP function blocks should obey additional rules: – R4: Use pipeline register in the DSPs to avoid performance penalty (they come for free since they are part of the actual hardcore) – R5: Use interconnects with neighboring DSPs wherever possible – R6: Put registers before all input and outputs of the DSPs � resolves placement dependencies between static components – R7: Use a separate clock domain for DSP-based computations • High frequency clock f (= 500 MHz) only for DSP units and their (directly) related inputs/outputs • Half frequency clock f/2 (= 250 MHz) for the remainder of the design, e.g., control logic, communication interfaces, etc.

  19. Agenda • Introduction and Motivation • Brief Survey on Reconfigurable Computing and FPGAs • Modern FPGA devices and Arithmetic Applications • Novel Architectures for ECC over NIST primes • Results and Conclusions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Portable Designs for Performance Using the Hybrid Task Graph Scheduler Tim Blattner NIST | ITL |

Portable Designs for Performance Using the Hybrid Task Graph Scheduler Tim Blattner NIST | ITL |

Portable Designs for Performance Using the Hybrid Task Graph Scheduler Tim Blattner NIST | ITL | SSD | ISG Disclaimer No approval or endorsement of any commercial product by NIST is intended or implied. Certain commercial software, products,

652 views • 62 slides
Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance

Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance

Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Toronto Whats the real goal? Build large-scale

1.1k views • 63 slides
High-Speed Computing &amp; Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are

High-Speed Computing &amp; Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are

High-Speed Computing &amp; Co-Processing with FPGAs FPGAs (Field Programmable Gate Arrays) are slowly becoming more and more advanced and practical as high-speed computing platforms. In this talk, David will provide an in-depth introduction into

478 views • 43 slides
Peak Performance Model for a Custom Precision Floating-Point Dot Product on FPGAs UCHPC -

Peak Performance Model for a Custom Precision Floating-Point Dot Product on FPGAs UCHPC -

Outline Motivation Architecture Experiments Dot-product performance model Conclusions Future work Peak Performance Model for a Custom Precision Floating-Point Dot Product on FPGAs UCHPC - UnConventional High performance Computing Workshop

403 views • 17 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides
2 1 Joppe W. Bos and Simon Friedberger Why these strange primes? 2 Quantum

2 1 Joppe W. Bos and Simon Friedberger Why these strange primes? 2 Quantum

Fast Arithmetic Modulo 2 1 Joppe W. Bos and Simon Friedberger Why these strange primes? 2 Quantum computers NIST call for PQC standards [1] [2] Post-Quantum Cryptography 3 Lattice-based Code-based MQ-based

524 views • 25 slides
NIST/DOE Workshop on Wide-Bandgap Power Electronics for Advanced Distribution Grids Al Hefner

NIST/DOE Workshop on Wide-Bandgap Power Electronics for Advanced Distribution Grids Al Hefner

NIST/DOE Workshop on Wide-Bandgap Power Electronics for Advanced Distribution Grids Al Hefner (NIST) http://www.nist.gov/pml/high_megawatt/ NIST High-Megawatt PCS Workshops High-Megawatt Converter Workshop: January 24, 2007 HMW PCS

345 views • 18 slides
with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in the Cloud Wider

Zsolt Istvn * , Gustavo Alonso, Ankit Singla Systems Group, Computer Science Dept., ETH Zrich * Now at IMDEA Software Institute, Madrid Providing Multi-tenant Services with FP FPGAs: Cas ase Stu tudy on on a a Key-Value Store FPGAs in

374 views • 15 slides
IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon Barnes, CIO Craig Schumacher, CISO Idaho Transportation Department September 2015 NIST Cybersecurity Framework National Institute of Standards

336 views • 11 slides
Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High Performance Computing Jack Dongarra I nnovative Computing Lab University of Tennessee and Computer Science and Math Division Oak Ridge Nat ional

380 views • 13 slides
Case Study in 3D FFT Ahmed Sanaullah Martin Herbordt Vipin Sachdeva Boston University Silicon

Case Study in 3D FFT Ahmed Sanaullah Martin Herbordt Vipin Sachdeva Boston University Silicon

OpenCL for FPGAs/HPC Case Study in 3D FFT Ahmed Sanaullah Martin Herbordt Vipin Sachdeva Boston University Silicon Therapeutics OpenCL for FPGAs/HPC: Case Study in 3D FFT 11/15/2017 What gives FPGAs high performance? Deep pipelines

499 views • 16 slides
RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1 Good news: - primes are fairly common: there are about N/ln N primes N Exercise: If looking for a 512-bit prime, how many randomly generated

358 views • 10 slides
Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined Radio Applications Rodger Hosking Rodger Hosking 1 Software Defined Radio Needs High-Performance Signal Processing DSP: filtering, FFTs,

859 views • 26 slides
Serial QDR LVDS High-Speed ADCs on Xilinx Series 7 FPGAs Bruno Valinoti, Rodrigo Melo April 10th

Serial QDR LVDS High-Speed ADCs on Xilinx Series 7 FPGAs Bruno Valinoti, Rodrigo Melo April 10th

Serial QDR LVDS High-Speed ADCs on Xilinx Series 7 FPGAs Bruno Valinoti, Rodrigo Melo April 10th to April 12th, 2019, Buenos Aires Outline Introduction ADC board characteristics High Speed ADCs and the evolution next to FPGAs Proposal and

476 views • 29 slides
HW/SW Codesign w/ FPGAs Data Flow Modeling III ECE 522 DFG Performance Modeling and

HW/SW Codesign w/ FPGAs Data Flow Modeling III ECE 522 DFG Performance Modeling and

HW/SW Codesign w/ FPGAs Data Flow Modeling III ECE 522 DFG Performance Modeling and Transformations We indicated earlier that Data Flow graphs (DFGs) are untimed , i.e., our analysis did not model the amount of time needed to complete a

221 views • 17 slides
Silvermere Lighting A Division of Silvermere Group High-Performance Skylights for Commercial

Silvermere Lighting A Division of Silvermere Group High-Performance Skylights for Commercial

Silvermere Lighting A Division of Silvermere Group High-Performance Skylights for Commercial Day-lighting. Raise Your Standard of Lighting! 1 Introduction of Silvermere Silvermere is a Minnesota USA based international distributor of US made

531 views • 14 slides
Complex Event Processing: DSL for High Frequency Trading Richard

Complex Event Processing: DSL for High Frequency Trading Richard

Complex Event Processing: DSL for High Frequency Trading Richard Tibbe-s StreamBase Systems QCon London 2011 1 Myth: High level domain specific languages

604 views • 24 slides
BeamCurrentMonitors JeanClaudeDenard (SynchrotronSOLEIL)

BeamCurrentMonitors JeanClaudeDenard (SynchrotronSOLEIL)

BeamCurrentMonitors JeanClaudeDenard (SynchrotronSOLEIL) DITANETSchoolonBeamDiagnosticTechniques 30March 3April2009 RoyalHollowayUniversityofLondon(UK) Summary Electromagnetic

628 views • 25 slides
Nanometer-Scale I nGaAs Field-Effect Transistors for THz and CMOS Technologies J. A. del Alamo

Nanometer-Scale I nGaAs Field-Effect Transistors for THz and CMOS Technologies J. A. del Alamo

Nanometer-Scale I nGaAs Field-Effect Transistors for THz and CMOS Technologies J. A. del Alamo Microsystems Technology Laboratories, MIT ESSDERC-ESSCIRC 2013 Bucharest, Romania, September 16-20, 2013 Acknowledgements: D. Antoniadis, A.

489 views • 38 slides
CANTO Conference Trinidad and Tobago, February 2018 Veena Rawat Senior Spectrum Advisor, GSMA

CANTO Conference Trinidad and Tobago, February 2018 Veena Rawat Senior Spectrum Advisor, GSMA

5G and WRC-19 CANTO Conference Trinidad and Tobago, February 2018 Veena Rawat Senior Spectrum Advisor, GSMA 5G USE CASES AND POSSIBILITIES FOR AFRICA 5G ENABLES DIGITAL TRANSFORMATION ACROSS GOVERNMENT AND MULTIPLE INDUSTRIES: eMBB Enhanced

451 views • 13 slides
Analogue black-holes in BECondensates instabilities in supersonic flows Antonin Coutant 1 ,

Analogue black-holes in BECondensates instabilities in supersonic flows Antonin Coutant 1 ,

Analogue black-holes in BECondensates instabilities in supersonic flows Antonin Coutant 1 , Stefano Finazzi 2 , and Renaud Parentani 1 1 LPT, Paris-Sud Orsay 2 Univ. de Trento Sminaire lIHES, le 26 janvier 2012. PRD 81 , 084042 (2010) AC +

1.39k views • 110 slides
LOW-LATENCY GPGPU A 5-minute intro and investigation Matheus Vitti Santos @ Meeting C++ 2019

LOW-LATENCY GPGPU A 5-minute intro and investigation Matheus Vitti Santos @ Meeting C++ 2019

LOW-LATENCY GPGPU A 5-minute intro and investigation Matheus Vitti Santos @ Meeting C++ 2019 Disclaimer These findings reflect the point of view of someone whos been courting only CUDA in a hobbyist setting since 2010, and in a

182 views • 15 slides
Wireless readout Hans Kris)an Soltveit On behalf of the WADAPT working group Wireless Allowing

Wireless readout Hans Kris)an Soltveit On behalf of the WADAPT working group Wireless Allowing

Wireless readout Hans Kris)an Soltveit On behalf of the WADAPT working group Wireless Allowing Data And Power Transmission GSI/Darmstadt 20-06-2017 OUTLINE Introduction to millimeter Wave Features of the 60 GHz Band Practical

830 views • 61 slides
Estimating the efficient price from the order flow Sylvain Delattre, Christian Robert and Mathieu

Estimating the efficient price from the order flow Sylvain Delattre, Christian Robert and Mathieu

Introduction and model Estimation procedures Elements of proof One numerical example Estimating the efficient price from the order flow Sylvain Delattre, Christian Robert and Mathieu Rosenbaum University Paris 7, University Lyon 1, University

605 views • 39 slides

More recommend