efficient fpga implementations of lowmc and picnic
play

Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD - PowerPoint PPT Presentation

Oct 17, 2022 •224 likes •499 views

SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian

  1. SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian Rechberger and Mario Werner #RSAC #RSAC

  2. #RSAC Post-Quantum Digital Signatures Shor‘s algorithm for factoring and discrete logarithm Quantum computer breaks: – Most asymmetric cryptography – RSA , DSA , ECDSA, … NIST Standardization Project for PQ Signatures – Currently second round – Picnic [Cha+17; Cha+19] (using LowMC [Alb+15]) – Performance optimized implementations required 2

  3. #RSAC Contribution First efficient VHDL implementation of LowMC First VHDL implementation of Picnic – Picnic1-L1-FS: 128 (64) bit security (PQ) – Picnic1-L5-FS: 256 (128) bit security (PQ) Coprocessors accessible via PCIe interface 3

  4. #RSAC #RSAC The LowMC Block Cipher

  5. #RSAC LowMC – Round Substitution-Permutation Network (SPN) with reduced SboxLayer: 5

  6. #RSAC LowMC – Details Designed to minimize AND gates (3 ANDs / Sbox) – 𝑇 𝑏, 𝑐, 𝑑 = 𝑏 ۩ 𝑐 ∧ 𝑑 , 𝑏 ۩ 𝑐 ۩ 𝑏 ∧ 𝑑 , 𝑏 ۩ 𝑐 ۩ 𝑑 ۩ 𝑏 ∧ 𝑐 Linear Layer: – State multiplied with matrix over GF (2) – 𝑜 × 𝑜 matrix per round 𝑜 … blocksize Roundkey schedule 𝑙 … keysize – Key multiplied with matrix over GF (2) – 𝑜 × 𝑙 matrix per round + inital key whitening 6

  7. #RSAC LowMC – Constants per Instance Naive implementaion: – L1: ~82 KiB – L5: ~617 KiB Impact on hardware utilization LowMC without opt. 𝑜 𝑙 𝑛 𝑠 nr. LUTs % LUTs L1 128 128 10 20 42 395 20.80% L5 256 256 10 38 209 348 102.72% 7

  8. #RSAC LowMC – Constants per Instance Naive implementaion: Optimizations by [Din+19]: – L1: ~82 KiB – L1: ~29 KiB – L5: ~617 KiB – L5: ~117 KiB Impact on hardware utilization LowMC without opt. with opt. Improv. 𝑜 𝑙 𝑛 𝑠 nr. % LUTs % LUTs LUTs % LUTs L1 128 128 10 20 42 395 20.80% 13 558 6.65% 68.02% L5 256 256 10 38 209 348 102.72% 44 431 21.8 % 78.78% 8

  9. #RSAC #RSAC The Picnic Signature Scheme

  10. #RSAC Picnic – Building Blocks FS transformed Σ -protocol Σ -protocol: ZKB++ or KKW 10

  11. #RSAC Picnic – Building Blocks FS transformed Σ -protocol Σ -protocol: ZKB++ or KKW Proof system: – Multi-party computation (MPC) of LowMC – Random oracle: SHAKE (Keccak) Keys: – Public Key: 𝑞𝑙 = (𝐷, 𝑞) – Secret Key: 𝑡𝑙 = 𝑙 11

  12. #RSAC Picnic – Proof System Communication per AND gate Publish 2 players in signature (based on challenge) 12

  13. #RSAC Picnic – MPC contd. MPC repeated 𝑈 times – Reduce probability to cheat – Picnic1-L1-FS: 𝑈 = 219 – Picnic1−L5−FS: 𝑈 = 438 Picnic signature: – Challenge – Published Players (based on challenge) – MPC Communication ( LowMC vs. AES ) 13

  14. #RSAC Picnic – MPC Implementation Optimized for speed: – 3 players calculated in parallel Further improvement – Precomputation of one share – Only 2 LowMC instances on FPGA Sign / Verify use same LUTs for matrices 14

  15. #RSAC Picnic – Other Submodulues Pseudorandomness for MPC Commitments – MPC Players commit to results Challenge creation (Random Oracle) ⇒ All using SHAKE – … different configurations 15

  16. #RSAC Picnic – Implementation Custom SHAKE implementation 3 players parallel per MPC run 𝑢 BRAM for intermediate values – ~400 KiB for Picnic1-L5-FS Picnic1-L1-FS and Picnic1-L5-FS implementations for – Sign / Verify only – Sign and Verify combined 16

  17. #RSAC #RSAC Practical Evaluation

  18. #RSAC FPGA and PCIe Xilinx Kintex-7 FPGA KC705 Evaluation Kit PCIe Wrapper – Manages FPGA/PC interface Developed C-Library for PC/FPGA communication 18

  19. #RSAC Hardware Utilization Lookup tables (LUTs) and BRAM utilization (% available) Design Part LUTs % BRAM % Picnic1-L1 90 037 44.18 % 52.5 11.80 % Picnic1-L1-Sign 76 472 37.52 % 52.5 11.80 % Picnic1-L1-Verify 68 614 33.67 % 33.5 7.53 % Picnic1-L5 167 530 82.20 % 98.5 22.13 % Picnic1-L5-Sign 149 456 73.33 % 98.5 22.13 % Picnic1-L5-Verify 138 547 67.98 % 62.5 14.04 % PCIe Wrapper 22 216 10.90 % 42.5 9.55 % 19

  20. #RSAC Runtime Comparison Software platform: – Ubuntu 18.04.1, GCC 7.3.0, 16 GB RAM – CPU: Intel i7-4790, 3.6 GHz Software clock clock FPGA C-Access Coprocessor frequency cycles runtime runtime SIMD No SIMD MHz k cycles ms ms ms ms ~ 31.3 Picnic1-L1-Sign 125 0.25 0.35 1.44 2.82 ~ 29.6 Picnic1-L1-Verify 125 0.24 0.40 1.15 2.34 ~ 154.5 Picnic1-L5-Sign 125 1.24 1.38 5.87 12.37 125 ~146.6 Picnic1-L5-Verify 1.17 2.13 4.92 10.59 20

  21. #RSAC Comparison of FPGA implementations Security Area f t Scheme FPGA Classic PQ LUT FF BRAM MHz ms Picnic1-L1-FS 128 64 K7 90 037 23 105 52.5 125 0.25 SPHINCS+-128 128 64 V7 11 438 3 335 ? 100 9.38 Picnic1-L5-FS 256 128 K7 167 530 33 164 98.5 125 1.24 SPHINCS-256 256 128 K7 19 067 38 132 36 525 1.53 ECDSA-256 128 X V7 6 816 4 442 0 225 1.49 ECDSA-256 128 X V4 34 869 32 430 176 375 0.04 RSA-2048 112 X V7 3 558 slices 0 399 5.68 21

  22. #RSAC Reducing LUT Utilization Implementation is optimized for speed LowMC matrices encoded in LUTs – 1 multiplication per clock cycle – High LUT utilization Reduce LUT utilization: – Store LowMC matrices in BRAM ... reduces performance – LowMC same matrix each round? – Alternatives to LowMC ? 22

  23. #RSAC Conclusion First efficient VHDL implementation LowMC First VHDL implementation of Picnic – Picnic1-L1-FS and Picnic1-L5-FS – Extended to FPGA-based coprocessor (PCIe Interface) Good runtime – Trade off with high hardware utilization 23

  24. #RSAC #RSAC Efficient FPGA Implementations of LowMC and Picnic Questions?

  25. #RSAC Bibliography I [Alb+15] Martin R. Albrecht, Christian Rechberger, Thomas Schneider, Tyge Tiessen, and Michael Zohner. Ciphers for MPC and FHE. EUROCRYPT (1). Vol. 9056. LNCS. Springer, 2015, pp. 430 – 454. [Cha19] André Chailloux. Quantum security of the fiat-shamir transform of commit and open protocols. ePrint, 2019:699, 2019. [Cha+17] Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives. ACM CCS. ACM, 2017, pp. 1825-1842.

  26. #RSAC Bibliography II [Cha+19] Melissa Chase et al. The Picnic Signature Scheme Design Document (version 2). 2019. URL: https://github.com/microsoft/Picnic/blob/master/spec/design-v2.0.pdf. [Din+19] Itai Dinur, Daniel Kales, Angela Promitzer, Sebastian Ramacher, and Christian Rechberger. Linear Equivalence of Block Ciphers with Partial Non-Linear Layers: Application to LowMC. EUROCRYPT (1). Vol. 11476. LNCS. Springer, 2019, pp. 343 – 372.

Recommend

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny Institute of Electronic Systems Warsaw University of Technology XL-th IEEE-SPIE Joint Symposium Wilga 2017 1/23 FPGA in DAQ FPGA chips are a

656 views • 23 slides
Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020

Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020

S C I E N C E P A S S I O N T E C H N O L O G Y Incentives for LowMC-Cryptanalysis in the Low-Data Scenario Christian Rechberger, Eurocrypt 2020 Rump Session 12.05.2020 > https://lowmcchallenge.github.io/ LowMC First cipher design

503 views • 9 slides
Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F. Santucci, M. Faccio University of LAquila, LAquila, Italy Outline Introduction Problem Definition Resolution Method FPGA

1.27k views • 22 slides
Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM DAVID DERLER SEBASTIAN RAMACHER STEVEN GOLDFEDER CHRISTIAN RECHBERGER JONATHAN KATZ DANIEL SLAMANIG VLAD KOLESNIKOV XIAO WANG CLAUDIO ORLANDI

577 views • 37 slides
An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage Scaling and Power-Gating He Qi, Oluseyi Ayorinde, and Benton H. Calhoun Charles L. Brown Department of Electrical and Computer Engineering University of

711 views • 20 slides
AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A

AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A

AR AROUND OUND THE PICNIC THE PICNIC TABLE ABLE Finance 2020 Update Leslie Backus Class A (nonalcoholic) Trustee General Service Board Treasurer 2019 A 2019 AUDIT UDIT RESUL RESULTS TS First draft of the Audit was completed on May

806 views • 70 slides
The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of Ensemble Based Methods In Sequential Data Assimilation: Accounting for Localization Elias D. Ni no-Ruiz Applied Math and Computer Science Laboratory

642 views • 50 slides
Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi

Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi

Towards Scalable and Efficient FPGA Stencil Accelerators el Deest 1 Nicolas Estibals 1 Tomofumi Yuki 2 Ga Steven Derrien 1 Sanjay Rajopadhye 3 1 IRISA / Universit 2 INRIA / LIP / ENS Lyon e de Rennes 1 / Cairn 3 Colorado State University

826 views • 38 slides
Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Technische Universitt Mnchen Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop, Chicago, May 27, 2016 Josef Weidendorfer, Jens Breitbart Chair for Computer Architecture Department of

258 views • 8 slides
FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

2/21/2012 Content FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers Distributed RAM History FPGA vs ASIC FPGA and Microprocessors Alternatives to FPGAs ETI135, Advanced Digital IC Design

123 views • 10 slides
Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum |

958 views • 40 slides
to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 ,

to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 ,

HeteroHalide: From Image Processing DSL to Efficient FPGA Acceleration Jiajie Li 1,2 , Yuze Chi 2 , Jason Cong 2 Tsinghua University 1 , University of California, Los Angeles 2 li-jj16@mails.tsinghua.edu.cn 1 ,{chiyuze,cong}@cs.ucla.edu 2 1 *Work

362 views • 12 slides
WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs Generic logic cells + Programmable switches Why do we use it? High performance & Flexible Shorter time to market Joachim Rodrigues

310 views • 8 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

1 / 20 Conclusion FSE 2014 LS-Designs G. Leurent (UCL,Inria) Motivation LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security Analysis LS-Designs . . . . . . . . . . . . . . . . . . Vincent

638 views • 27 slides
Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael Naehrig 2 , Martin Roetteler 3 , Fernando Virdia 4 1 Department of Materials, University of Oxford, UK 2 Microsoft Research, Redmond, WA, USA 3 Microsoft

696 views • 26 slides
Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Introduction Multiple Sequence Alignment Distributed Memory Shared Memory Computational Results Conclusions and Future Work Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F. A. Vasconcellos,

459 views • 21 slides
Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou and Arnaud Tisserand CNRS, IRISA, INRIA Centre Rennes - Bretagne Atlantique and Univ. Rennes 1 CHES 2015, Sept. 13 16 Karim Bigou and Arnaud

1.13k views • 30 slides
An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA? Field-programmable gate array (FPGA) are integrated circuits designed to be con fi gured after manufacturing for implementing arbitrary logic

429 views • 15 slides
FPGA language ( HDL ). Overview 3 4 Component-Based Software Design LMES Component-Based

FPGA language ( HDL ). Overview 3 4 Component-Based Software Design LMES Component-Based

11/05/2016 Agenda The topics that will be addressed are: Overview on basic characteristics of the FPGA; Scheduling tasks on Reconfigurable FPGA reconfiguration capabilities; FPGA architectures Timing analysis for reconfigurable

299 views • 10 slides
Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA :

Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA :

Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA : An integrated circuit (IC) designed to be configured by customer or designer after manufacturing -- Developed in ~80s -- Widely used (customer

303 views • 7 slides
Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation Lester Kalms Maximilian Hajduk Diana Ghringer Technische Universitt Technische Universitt Technische Universitt Dresden, Germany Dresden,

1.35k views • 25 slides

More recommend