implementation of rsa 2048 on gpus
play

Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL LACAL - PowerPoint PPT Presentation

Jun 11, 2023 •372 likes •710 views

Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL LACAL Nov. 4, 2010 Motivation NIST Recommendations for Key Management (SP 800-57) NIST DRAFT recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes (SP

  1. Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL – LACAL Nov. 4, 2010

  2. Motivation NIST Recommendations for Key Management (SP 800-57) NIST DRAFT recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes (SP 800-131) RSA 1024 Deprecated from January 1, 2011 RSA 2048 8x Computational Effort 2 2

  3. Object Use GPUs as cryptographic accelerators to offload work from the CPU. Low latency Parallel implementation Generic implementation OpenCL Server application Speed 3 3

  4. RSA 2048 Decryption Decryption d m  p  q e  d  1 mod  (m) z  c mod m dP  e  1 mod (p - 1) Precomputed values dQ  e  1 mod (q - 1) ( p , q, dP, dQ, qInv)  1 dInv  q mod p Chinese Remainder Theorem dP z 1  c mod p Mod Exp 1024 moduli dQ z 2  c mod q (32 limbs of 32-bits) s  32 32 B  2 h  qInv  ( z 1  z ) mod p 2 z  z  h  q 2 4 4

  5. Montgomery Multiplication General overview Ordinary Representation Montgomery Representation ~ u u ~ v v ~  ~ u  v u v     ~ z z Sequential multiplications performed in Montgomery representation 5

  6. Montgomery Multiplication R  B s  m , gcd(R, m)  1 Montgomery radix Ordinary Representation Montgomery Representation  (   ,  ) ( , * )  ~ u u  u  R mod m Isomorphic ~ ~ ~ ~ u  v  ( u  v ) mod m  1 u * v  u  v  R mod m ~ v v  v  R mod m

  7. Montgomery Multiplication Definition: m : large odd integer ~ ~ , gcd(m, B)  1 u , v  Z / m Z ~ ~ ~ ~ u * v  u  v  R  1 mod m s ( usually R  B ) R  m

  8. Sequential Computation on CPU ~ ~ ~ ~  1 u * v  u  v  R mod m m Algorithm ~ u ~ v ~  * z 0; ~ for (i  0; i  s - 1; i   ) z { ~ ~ ~ ~ z  z  u  v ; i ~  1 q  (  z  m ) mod B; M 0 0 ~ ~ ~ ~  1 ( z  (  z  m mod B)  m) mod B  z  ( z  q M  m ) div B; 0 0 } ~ ~  1  ( z  (  z  m  m mod B)) mod B ~ ~ ~ 0 0 if z  m then z  z - m; ~ ~  ( z  z ) mod B  0 0

  9. Sequential Computation on CPU ~ ~ ~ ~  1 u * v  u  v  R mod m m Algorithm ~ u ~ v ~  * z 0; ~ for (i  0; i  s - 1; i   ) z { ~ ~ ~ ~ z  z  u  v ; i ~  1 i  0 q  (  z  m ) mod B; M 0 0 ~ z  m  ( B  1 ) ~ ~ z  ( z  q M  m ) div B; } m  ( B  1 )  m  ( B  1 ) ~ z  ~ ~ ~ if z  m then z  z - m; B 2  m  ( B  1 )   2 m B

  10. Sequential Computation on CPU ~ ~ ~ ~  1 u * v  u  v  R mod m m Algorithm ~ u ~ v ~  * z 0; ~ for (i  0; i  s - 1; i   ) z { ~ ~ ~ ~ z  z  u  v ; i ~  1 q  (  z  m ) mod B; M 0 0 ~ ~ z  ( z  q M  m ) div B; } ~ ~ ~ if z  m then z  z - m;

  11. Sequential Computation on CPU ~ ~ ~ ~  1 u * v  u  v  R mod m m Algorithm ~ u ~ v ~  * z 0; ~ for (i  0; i  s - 1; i   ) z { ~ ~ ~ ~ i  1 z  z  u  v ; i ~ 0  z  2  m ~  1 q  (  z  m ) mod B; M 0 0 ~ ~ ~ z  2  m  m  ( B  1 ) z  ( z  q M  m ) div B; } 2  m  m  ( B  1 )  m  ( B  1 ) ~ z  ~ ~ ~ if z  m then z  z - m; B m  ( 2  B  1  B  1 )   2  m B

  12. Fermi architecture Specifications: 3 billon transistors 16 Streaming Multiprocessors (SM) 6 x 64-bit memory partitions Up to total 6GB GDDR5 with ECC GigaThread global scheduler Shared L2 Cache (768KB) Source: NVIDIA’s next Generation CUDA TM Compute Architecture: Fermi 12 12

  13. Fermi architecture Streaming Multiprocessor 32 CUDA Cores (16 x 32 = 512) Dual warp scheduler 16 LD/ST Units 4 Special Function Units (SFU) 64KB of configurable Shared Memory and L1 Cache (48KB/16KB) CUDA Core Pipelined ALU and FPU ALU supports 32-bit int FPU single precision (512 FMA ops / clock) Source: NVIDIA’s next Generation CUDA TM Compute Architecture: Fermi 1K 32-bit registers per core 13 13

  14. Representation of Integers Parallel version Sequential version x x x 31 31 31  x x x x  0  31 2 1   x x x x 0 x x 31 x 2 1 2 2 2  x x x x x x x 31 0 2 1 1 1 1 x x x 0 0 0 • Low Latency • High Latency • Cryptography • Cryptanalysis 14 14

  15. Representation of Integers To avoid barriers (mem fence) try to fit entire operand within a block of 32 threads (Warps) Data coherence is maintained within a warp. Each thread operates in one limb in radix B=2 32 Possible representations: Avizienis representation (signed-digit) Residue Number System Carry-save  c c c c 31 2 1 0  x x x x 31 0 2 1 15 15

  16. Montgomery Multiplication ~ ~ ~ ~  1 u * v  u  v  R mod m  M m m m m 31 2 1 0 Algorithm  a a A a a 31 0 2 1 ~ ~ A :  u ; B :  v ; M :  m;  b b B b b 31 0 2 1 T  : 0; for (i  0; i  s - 1; i   )  H(a b ) H(a b ) H(a b ) H(a b ) 31 0 2 0 1 0 0 0 {  L(a b ) L(a b ) L(a b ) L(a b ) T :  T  b A; 31 0 1 0 1 0 0 0 i -1 q :  t  (  m ) mod B; M 0 0 T :  ( T  q M  M ) div B; }  c c c c if T  M then Z :  T - M; 30 0 31 1 else Z :  T; T  t t t t t t t t 31 0 0 30 2 1 31 1 16

  17. Montgomery Multiplication ~ ~ ~ ~  1 u * v  u  v  R mod m  M m m m m 31 2 1 0 Algorithm  a a A a a 31 0 2 1 ~ ~ A :  u ; B :  v ; M :  m;  b b B b b 31 0 2 1 T  : 0; for (i  0; i  s - 1; i   )  H(a b ) H(a b ) H(a b ) H(a b ) 31 0 2 0 1 0 0 0 {  L(a b ) L(a b ) L(a b ) L(a b ) T :  T  b A; 31 0 1 0 1 0 0 0 i -1 q :  t  (  m ) mod B; M 0 0     T :  ( T  q M  M ) div B;     }  c c c c if T  M then Z :  T - M; 30 0 31 1 else Z :  T; T  q t t t t t t t t 31 0 0 M 30 2 1 31 1 17

  18. Montgomery Multiplication ~ ~ ~ ~  1 u * v  u  v  R mod m  M m m m m 31 2 1 0 Algorithm  a a A a a 31 0 2 1 ~ ~ A :  u ; B :  v ; M :  m;  b b B b b 31 0 2 1 T  : 0; for (i  0; i  s - 1; i   )  H(a b ) H(a b ) H(a b ) H(a b ) 31 0 2 0 1 0 0 0 { T :  T  b A; i -1 q :  t  (  m ) mod B;  H(m q ) H(m q ) H(m q ) H(m q ) M 0 0 31 M 2 M 0 M 1 M T :  ( T  q M  M ) div B;  L(m q ) L(m q ) L(m q ) L(m q ) 31 M 0 M 2 M 1 M }  c c c c if T  M then Z :  T - M; 30 0 31 1 else Z :  T; T  q t t t t 31 0 M 2 1 18

  19. Montgomery Multiplication ~ ~ ~ ~  1 u * v  u  v  R mod m  M m m m m 31 2 1 0 Algorithm  a a A a a 31 0 2 1 ~ ~ A :  u ; B :  v ; M :  m;  b b B b b 31 0 2 1 T  : 0; for (i  0; i  s - 1; i   )  H(a b ) H(a b ) H(a b ) H(a b ) 31 0 2 0 1 0 0 0 { T :  T  b A; i -1 q :  t  (  m ) mod B;  H(m q ) H(m q ) H(m q ) H(m q ) M 0 0 31 M 2 M 0 M 1 M T :  ( T  q M  M ) div B;  L(m q ) L(m q ) L(m q ) L(m q ) 31 M 0 M 2 M 1 M }           c c c c if T  M then Z :  T - M; 30 0 31 1 else Z :  T; T  q t t t t 31 0 M 2 1 19

  20. Montgomery Multiplication ~ ~ ~ ~  1 u * v  u  v  R mod m  M m m m m 31 2 1 0 Algorithm  a a A a a 31 0 2 1 ~ ~ A :  u ; B :  v ; M :  m;  b b B b b 31 0 2 1 T  : 0; for (i  0; i  s - 1; i   )  H(a b ) H(a b ) H(a b ) H(a b ) 31 0 2 0 1 0 0 0 { T :  T  b A; i -1 q :  t  (  m ) mod B;  H(m q ) H(m q ) H(m q ) H(m q ) M 0 0 31 M 2 M 0 M 1 M T :  ( T  q M  M ) div B;        }   c c c c if T  M then Z :  T - M; 30 0 31 1 else Z :  T; T  q t t t t 31 0 M 2 1 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multi-parameter Waveform Inversion with GPUs for the Cloud A Pipelined Implementation Huy Le*,

Multi-parameter Waveform Inversion with GPUs for the Cloud A Pipelined Implementation Huy Le*,

Multi-parameter Waveform Inversion with GPUs for the Cloud A Pipelined Implementation Huy Le*, Stewart A. Levin, and Robert G. Clapp Geophysics Department, Stanford University March 28, 2018 Huy Le Multi-parameter Waveform Inversion with GPUs

531 views • 24 slides
Making Change in 2048 David Eppstein 9th International Conference on Fun With Algorithms (FUN

Making Change in 2048 David Eppstein 9th International Conference on Fun With Algorithms (FUN

Making Change in 2048 David Eppstein 9th International Conference on Fun With Algorithms (FUN 2018) La Maddalena, Italy, June 2018 2048 game 16 squares that can be filled by power-of-two tiles Each turn: slide all squares in one of four

487 views • 14 slides
High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA Ahmad

High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA Ahmad

High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA Ahmad Al Badawi ahmad@u.nus.edu National University of Singapore (NUS) Sept 10 th 2018 CHES 2018 FHE The holy grail of Cryptography FHE

1.05k views • 20 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted

The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted

The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted standards. D. J. Bernstein, U. Illinois Chicago Obviously infeasible to break & T. U. Eindhoven by best attacks in literature. Tanja Lange, T.

1.65k views • 142 slides
Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs Molecular Dynamics or Matrix Factorization? Determinism and Numerical Stability Dynamic Range for both MD and NNs Latest AMBER PME Numbers

1.18k views • 90 slides
NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J.

NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J.

NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Obviously infeasible to break Tanja Lange, T. U. Eindhoven by best attacks in literature. Joint work

1.46k views • 133 slides
Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are great... high compute throughput increasingly energy efficient high density but? http://onu.io

639 views • 16 slides
Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement

Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement

PhD Defense Optimizing Communication for Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement GPUs and Networks in the Wild GPUs are everywhere in HPC, Big Data, Machine Learning, and beyond

1.07k views • 61 slides
MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com Agenda MD5 on GPUs Dec 2008: rogue CA certificate on PS3 cluster MD5 birthday search Results & performance MD5 on GPUs MD5 is

448 views • 18 slides
(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg

(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg

(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg Austin, TX, 14.12.12 jeudi 13 dcembre 2012 A few words about GPUs Cache and control replaced by calculation units Large number of

500 views • 31 slides
Virtual Reality Features of NVIDIA GPUs Mark Kilgard, July 27, 2016 Mark Kilgard My Background

Virtual Reality Features of NVIDIA GPUs Mark Kilgard, July 27, 2016 Mark Kilgard My Background

Virtual Reality Features of NVIDIA GPUs Mark Kilgard, July 27, 2016 Mark Kilgard My Background Principal System Software Engineer OpenGL driver implementation & API evolution Other interests Programmable shading languages, original Cg

446 views • 42 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Korrel Kanoy, Ph.D. Peace College kkanoy@peace.edu; 919-508-2048 Derek Mann, Ph.D. MHS

Korrel Kanoy, Ph.D. Peace College kkanoy@peace.edu; 919-508-2048 Derek Mann, Ph.D. MHS

Korrel Kanoy, Ph.D. Peace College kkanoy@peace.edu; 919-508-2048 Derek Mann, Ph.D. MHS derek.mann@mhs.com 416.613.2862 Retention and Graduation Key predictors of success What is Emotional Intelligence? How does emotional

952 views • 27 slides
Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 ,

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 ,

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 , Yige Hu 1 , Emmett Witchel 1 , Mark Silberstein 2 1.The University of Texas at Austin 2.Technion-Israel Institute of Technology Outline Can GPUs

869 views • 60 slides
Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not

Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not

Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not virtualizing GPUs at the hypervisor?. USENIX ATC 14. Hangchen Yu 1 , Christopher J. Rossbach 1,2 1 The University of Texas at Austin 2 VMware

880 views • 40 slides
( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very sensitive to exposure or loss exposure makes the whole system untrustable loss makes system inaccessible " extra copies increases

329 views • 4 slides
An Algebraic Approach to the Design of Block Ciphers Jos Valena scar Pereira Tiago

An Algebraic Approach to the Design of Block Ciphers Jos Valena scar Pereira Tiago

An Algebraic Approach to the Design of Block Ciphers Jos Valena scar Pereira Tiago Oliveira { jmvalenca, oscar, tfaoliveira }@di.uminho.pt HASLab, INESC TEC & Univ. of Minho (PT) Mathematical Methods for Cryptography Svolvr,

403 views • 15 slides
Linear congruences: ax b (mod n ) for x Z a x = b in Z n (in particular x {

Linear congruences: ax b (mod n ) for x Z a x = b in Z n (in particular x {

Linear congruences: ax b (mod n ) for x Z a x = b in Z n (in particular x { 0 , 1 , . . . , n 1 } ) [ a ] n [ x ] n = [ b ] n in Z n x Z satisfies ax b (mod n ) if and only if there is y Z such that ax

357 views • 10 slides
LinBox Lab University of Delaware D. Saunders, Z. Wan, D. Roche, C. Devore (A. Duran, E.

LinBox Lab University of Delaware D. Saunders, Z. Wan, D. Roche, C. Devore (A. Duran, E.

LinBox Lab University of Delaware D. Saunders, Z. Wan, D. Roche, C. Devore (A. Duran, E. Schrag, R. Seagraves, B. Hovinen, ...). Thanks to the National Science Foundation 1 Tools for exact linear algebra http://linalg.org/ Mirror sites are

343 views • 17 slides
A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

Abelian Varieties and Pairing-Based Cryptography Constructing Pairing-Friendly Abelian Varieties Analyzing the Algorithm A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties David Freeman Stanford

537 views • 16 slides
Mod 2 linear algebra and tabulation of rational eigenforms Kiran S. Kedlaya Department of

Mod 2 linear algebra and tabulation of rational eigenforms Kiran S. Kedlaya Department of

Mod 2 linear algebra and tabulation of rational eigenforms Kiran S. Kedlaya Department of Mathematics, University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org/slides/ (see also this SageMathCloud project) Automorphic forms:

821 views • 71 slides
Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science

Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science

High Performance Computing Systems (CMSC714) Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science Announcements ELMS/Canvas page for the course is up: myelms.umd.edu

184 views • 17 slides
F r e e R T O S a n d T C P / I P c o mmu n i c a t i o n : t h e l

F r e e R T O S a n d T C P / I P c o mmu n i c a t i o n : t h e l

A d v a n c e d S c h o o l o n P r o g r a mma b l e S y s t e m- o n - C h i p f o r S c i e n t i f i c I n s t r u me n t a t i o n F r e e R T O S a n d T C P / I

392 views • 27 slides

More recommend