four q on fpga
play

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve - PowerPoint PPT Presentation

Oct 06, 2022 •21 likes •831 views

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields K. Jrvinen 1 , A. Miele 2 , R. Azarderakhsh 3 , and P . Longa 4 1 Aalto University 2 Intel Corporation 3 Rochester Institute of

  1. Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields K. Järvinen 1 , A. Miele 2 , R. Azarderakhsh 3 , and P . Longa 4 1 Aalto University 2 Intel Corporation 3 Rochester Institute of Technology 4 Microsoft Research Contact: kimmo.jarvinen@aalto.fi, plonga@microsoft.com CHES 2016, Santa Barbara, CA, USA, August 17–19, 2016

  2. Introduction Four Q : ◮ Four Q is a high-performance elliptic curve with very good SW performance (2–3 × faster than Curve25519) ◮ Four Q has been shown to offer the fastest scalar multiplications on a wide range of software platforms: ◮ On several 32-bit ARM microarchitectures (SAC 2016) ◮ On several 64-bit Intel/AMD processors, low and high-end (ASIACRYPT 2015) ◮ Four Q employs four-dimensional scalar decompositions, requires extensive precomputation, complex control, etc. ⇒ Not clear how well it suits for HW implementation Four Q on FPGA CHES 2016 2/17

  3. Introduction Contributions: ◮ The first FPGA-based implementations of Four Q ◮ Four Q offers 2–2.5 × faster performance than Curve25519 ◮ Speed-area tradeoff is the primary optimization goal ◮ Protected against timing and SPA attacks ◮ We present three implementations: single-core, multi-core, and Montgomery ladder variant Four Q on FPGA CHES 2016 3/17

  4. Four Q Costello, Longa, ASIACRYPT’15 E / F p 2 : − x 2 + y 2 = 1 + dx 2 y 2 ◮ Twisted Edwards curve with # E ( F p 2 ) = 392 · ξ where ξ is a 246-bit prime ◮ Defined over F p 2 with the Mersenne prime p = 2 127 − 1 ◮ Complete addition formulas over extended twisted Edwards coordinates (Hisil et al. ASIACRYPT’08) Four Q on FPGA CHES 2016 4/17

  5. Four Q Costello, Longa, ASIACRYPT’15 E / F p 2 : − x 2 + y 2 = 1 + dx 2 y 2 ◮ Twisted Edwards curve with # E ( F p 2 ) = 392 · ξ where ξ is a 246-bit prime ◮ Defined over F p 2 with the Mersenne prime p = 2 127 − 1 ◮ Complete addition formulas over extended twisted Edwards coordinates (Hisil et al. ASIACRYPT’08) ◮ Two efficiently-computable endomorphisms ψ and φ ◮ Four-dimensional decomposition for the 256-bit scalar m with ( a 1 , a 2 , a 3 , a 4 ) such that a i ∈ [0 , 2 64 ) : [ m ] P = [ a 1 ] P + [ a 2 ] ψ ( P ) + [ a 3 ] φ ( P ) + [ a 4 ] ψ ( φ ( P )) Four Q on FPGA CHES 2016 4/17

  6. Scalar Multiplication Input: Point P , integer m ∈ [0 , 2 256 ) Output: [ m ] P 1 Decompose and recode m 2 Precompute lookup table T 3 Q ← T [ v 64 ] 4 for i = 63 to 0 do Q ← [2] Q 5 Q ← Q + m i T [ v i ] 6 Four Q on FPGA CHES 2016 5/17

  7. Scalar Multiplication Scalar decompose and recode Input: Point P , integer m ∈ [0 , 2 256 ) ◮ Decompose to a multi-scalar Output: [ m ] P ( a 1 , a 2 , a 3 , a 4 ) 1 Decompose and recode m ◮ Sign-aligned so that a 1 [ j ] ∈ {± 1 } 2 Precompute lookup table T and a i [ j ] ∈ { 0 , a 1 [ j ] } for 2 ≤ j ≤ 4 3 Q ← T [ v 64 ] ◮ Recode to signs m i ∈ {− 1 , 1 } 4 for i = 63 to 0 do and values v i ∈ [0 , 7] (point index) Q ← [2] Q 5 Q ← Q + m i T [ v i ] 6 Four Q on FPGA CHES 2016 5/17

  8. Scalar Multiplication Precomputation Input: Point P , integer m ∈ [0 , 2 256 ) ◮ Precompute 8 points: T [ u ] = P + Output: [ m ] P [ u 0 ] φ ( P )+[ u 1 ] ψ ( P )+[ u 2 ] ψ ( φ ( P )) 1 Decompose and recode m for u = ( u 2 , u 1 , u 0 ) ∈ [0 , 7] 2 Precompute lookup table T ◮ Store them with 5 coordinates 3 Q ← T [ v 64 ] ( X + Y, Y − X, 2 Z, 2 dT, − 2 dT ) ⇒ 4 for i = 63 to 0 do + T [ u ] : ( X + Y, Y − X, 2 Z, 2 dT ) Q ← [2] Q 5 − T [ u ] : ( Y − X, X + Y, 2 Z, − 2 dT ) Q ← Q + m i T [ v i ] 6 ◮ 68 M + 27 S and several additions Four Q on FPGA CHES 2016 5/17

  9. Scalar Multiplication Main for-loop Input: Point P , integer m ∈ [0 , 2 256 ) ◮ Fully regular and constant-time Output: [ m ] P ◮ Only 64 double-and-adds 1 Decompose and recode m ◮ Doubling: 2 Precompute lookup table T ( X, Y, Z, T a , T b ) ← ( X, Y, Z ) 3 Q ← T [ v 64 ] 4 for i = 63 to 0 do ◮ Addition: Q ← [2] Q ( X, Y, Z, T a , T b ) ← 5 Q ← Q + m i T [ v i ] 6 ( X, Y, Z, T a , T b ) × ( X + Y, Y − X, 2 Z, 2 dT ) Four Q on FPGA CHES 2016 5/17

  10. General Architecture Scalar Decomposition and Recoding Unit ◮ Decomposes and recodes the scalar ◮ Mainly multiplications with constants Field Arithmetic Unit (“the core”) ◮ Precomputation and the main for-loop ◮ Highly optimized for F p with the Mersenne prime Four Q on FPGA CHES 2016 6/17

  11. Scalar Unit ◮ Decomposition is computed with a truncated multiplier Y X (mainly multiplications with 195 264 constants) 17 ◮ The main component is a 264 17 × 264-bit multiplier FSM 17 × 264-bit row multiplier built 281 by using 11 DSPs + 264 281 ◮ Recoding is bit manipulations 17 and 64-bit additions 64 64 ◮ Outputs ( m 0 , v 0 ) first, scalar Z H Z L multiplication begins with ( m 64 , v 64 ) ⇒ Store in a LIFO buffer Four Q on FPGA CHES 2016 7/17

  12. Field Arithmetic Unit commands, responses do di 64 64 Interface logic 2 16 127 2 18 Dual-port RAM 127 Control 127 127 16 Datapath Four Q on FPGA CHES 2016 8/17

  13. Field Arithmetic Unit commands, responses do di 256 × 127-bit RAM (128 F p 2 elements) 64 64 4 BRAM Interface logic 2 16 127 2 18 Dual-port RAM 127 Control 127 127 16 Datapath Four Q on FPGA CHES 2016 8/17

  14. Field Arithmetic Unit commands, 127-bit datapath, responses do di optimized for 64 64 p = 2 127 − 1 Interface logic 2 16 127 2 18 Dual-port RAM 127 Control 127 127 16 Datapath Four Q on FPGA CHES 2016 8/17

  15. Field Arithmetic Unit commands, responses do di FSM + Program ROM 64 64 (6 BRAMs) Interface logic 2 16 127 2 18 Dual-port RAM 127 Control 127 127 16 Datapath Four Q on FPGA CHES 2016 8/17

  16. Field Arithmetic Unit: Datapath 128 63 64 129 64 + 64 × 64 -bit 128 multiplier 127 127 (pipelined) 63 127 64 c 64 a b 127 1 127 127 127 r 127 + / − 0 127 127 c 0 1 Four Q on FPGA CHES 2016 9/17

  17. Field Arithmetic Unit: Datapath Multiplier path 128 63 64 129 64 + 64 × 64 -bit 128 multiplier 127 127 (pipelined) 63 127 64 c 64 a b 127 1 127 127 127 r 127 + / − 0 127 127 c 0 1 Four Q on FPGA CHES 2016 9/17

  18. Field Arithmetic Unit: Datapath 128 63 64 129 64 + 64 × 64 -bit 128 multiplier 127 127 (pipelined) 63 127 64 c 64 a b 127 1 127 127 127 r 127 + / − 0 127 127 c 0 1 Adder path Four Q on FPGA CHES 2016 9/17

  19. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) Four Q on FPGA CHES 2016 10/17

  20. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) Multiplier pipeline Adders Dual-port RAM Input regs Four Q on FPGA CHES 2016 10/17

  21. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) R R 1 Four Q on FPGA CHES 2016 10/17

  22. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) 2 Four Q on FPGA CHES 2016 10/17

  23. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) 3 Four Q on FPGA CHES 2016 10/17

  24. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) R R 4 Four Q on FPGA CHES 2016 10/17

  25. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) R R 5 Four Q on FPGA CHES 2016 10/17

  26. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) 6 Four Q on FPGA CHES 2016 10/17

  27. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) + 7 Four Q on FPGA CHES 2016 10/17

  28. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) R R % 8 Four Q on FPGA CHES 2016 10/17

  29. Example: Multiplication in F p 2 3 multiplications, 2 additions and 3 subtractions in F p : a × b = ( a 0 , a 1 ) × ( b 0 , b 1 ) = ( a 0 · b 0 − a 1 · b 1 , ( a 0 + a 1 ) · ( b 0 + b 1 ) − a 0 · b 0 − a 1 · b 1 ) W + 9 Four Q on FPGA CHES 2016 10/17

Recommend

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

2/21/2012 Content FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers Distributed RAM History FPGA vs ASIC FPGA and Microprocessors Alternatives to FPGAs ETI135, Advanced Digital IC Design

123 views • 10 slides
WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs Generic logic cells + Programmable switches Why do we use it? High performance & Flexible Shorter time to market Joachim Rodrigues

308 views • 8 slides
An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA? Field-programmable gate array (FPGA) are integrated circuits designed to be con fi gured after manufacturing for implementing arbitrary logic

429 views • 15 slides
FPGA language ( HDL ). Overview 3 4 Component-Based Software Design LMES Component-Based

FPGA language ( HDL ). Overview 3 4 Component-Based Software Design LMES Component-Based

11/05/2016 Agenda The topics that will be addressed are: Overview on basic characteristics of the FPGA; Scheduling tasks on Reconfigurable FPGA reconfiguration capabilities; FPGA architectures Timing analysis for reconfigurable

299 views • 10 slides
Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA :

Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA :

Tips about an FPGA 02/09/2018 J.C. special topic FPGA ( field-programmable gate array ) FPGA : An integrated circuit (IC) designed to be configured by customer or designer after manufacturing -- Developed in ~80s -- Widely used (customer

303 views • 7 slides
GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray |

GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray |

GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray | jan@fpga.org | http://fpga.org CARRV2017: 2017/10/14 FPGA Datacenter Accelerators Are Almost Mainstream Catapult v2. Intel += Altera. OpenPOWER CAPI. AWS

508 views • 28 slides
Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G.

Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G.

Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G. NguyenThiHuong and Seon Wook Kim Microarchitecture and Compiler Laboratory School of Electrical Engineering Korea University Motivation

416 views • 19 slides
FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the

FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the

FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the performance of them, we Abstract choose different models for each platform to get fairer FIR filters find place in digital signal processing

569 views • 7 slides
The Spartan 3e FPGA The Spartan 3e FPGA Whats inside the chip? How does it implement

The Spartan 3e FPGA The Spartan 3e FPGA Whats inside the chip? How does it implement

The Spartan 3e FPGA The Spartan 3e FPGA Whats inside the chip? How does it implement random logic? What other features can you use? What do all these things mean? LUT, Slice, BRAM, DCM, IOB, CLB... Two important documents

278 views • 11 slides
Public FPGA based DM Public FPGA based DMA Atta A Attacking king UlfFrisk Agenda Background

Public FPGA based DM Public FPGA based DMA Atta A Attacking king UlfFrisk Agenda Background

Public FPGA based DM Public FPGA based DMA Atta A Attacking king UlfFrisk Agenda Background and Previous work Transmit and Receive PCIe TLPs DUMP memory FPGA Design Attack vulnerable vanilla Linux system Attack vulnerable UEFI Windows

359 views • 19 slides
Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical

Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical

Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical Model Checking Masahiro Fujita VLSI Design and Education Center (VDEC) University of Tokyo 1 2 Outline What Tsunami simulation means in

1.25k views • 44 slides
Fast FPGA prototyping with Software Development Kit for FPGA (SDK4FPGA) Andrea Suardi

Fast FPGA prototyping with Software Development Kit for FPGA (SDK4FPGA) Andrea Suardi

Fast FPGA prototyping with Software Development Kit for FPGA (SDK4FPGA) Andrea Suardi cas.ee.ic.ac.uk/projects/SDK4FPGA This research has been supported by EPSRC Impact Acceleration grant number EP/K503733/1 Outline What is SDK4FPGA ?

287 views • 18 slides
DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny

DMA implementations for FPGA- based data acquisition systems Presenter: Wojciech M. Zabootny Institute of Electronic Systems Warsaw University of Technology XL-th IEEE-SPIE Joint Symposium Wilga 2017 1/23 FPGA in DAQ FPGA chips are a

656 views • 23 slides
Contents Introduction Pipelined FPGA DNN accelerators Roof-line Model and optimizing

Contents Introduction Pipelined FPGA DNN accelerators Roof-line Model and optimizing

FPGA implementation of Quantized (Deep) Neural Network (QNN) Accelerators Biruk Seyoum Phd Student, Scoula Superiore SantAnna, Pisa Contents Introduction Pipelined FPGA DNN accelerators Roof-line Model and optimizing FPGA DNN

587 views • 23 slides
Processor Architecture Charles Eric LaForest J. Gregory Steffan ECE, University of Toronto FPGA

Processor Architecture Charles Eric LaForest J. Gregory Steffan ECE, University of Toronto FPGA

Octavo: An FPGA-Centric Processor Architecture Charles Eric LaForest J. Gregory Steffan ECE, University of Toronto FPGA 2012, February 24 Easier FPGA Programming We focus on overlay architectures Nios, MicroBlaze, Vector Processors

519 views • 38 slides
FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic algorithms and devices for real-world applications June 1-6, 2014, ibenik , Croatia Outline Introduction FPGA vs. ASIC FPGA application

443 views • 17 slides
RTLinux in an FPGA Alejandro Lucero alucero@os3sl.com www.os3sl.com RTLinux in a FPGA 1.

RTLinux in an FPGA Alejandro Lucero alucero@os3sl.com www.os3sl.com RTLinux in a FPGA 1.

RTLinux in an FPGA Alejandro Lucero alucero@os3sl.com www.os3sl.com RTLinux in a FPGA 1. OpenRTU Project 2. FPGAs and soft processors 3. uClinux 4. RTLinux in Microblaze www.os3sl.com RTLinux in a FPGA 1. OpenRTU Project Spanish

378 views • 33 slides
Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA

Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA

Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA Memories Available Resources Realizing memories in an HDL design Applications Examples Extra: Memory Controller Block Memories

692 views • 10 slides
Experience with FPGA HDK AMI and F1: (all statements are subject to large systematic

Experience with FPGA HDK AMI and F1: (all statements are subject to large systematic

Experience with FPGA HDK AMI and F1: (all statements are subject to large systematic uncertainties) Nhan SDA CCEL 2 PC Write host code Memory runs on CPU CPU PCI communicates through PCIe, Express must be streaming (AXI) FPGA

354 views • 13 slides
FPGA%Timing%Models Many%FPGA%and%CPLD%vendors%provide%a% timing model

FPGA%Timing%Models Many%FPGA%and%CPLD%vendors%provide%a% timing model

FPGA%Timing%Models Many%FPGA%and%CPLD%vendors%provide%a% timing model in%their%data%sheets%that%allow% estimation%of%path%delays. Some%example%path%delays%that%are%of%interest: Minimum%Pin%to%Pin%(combinational)%delay%

361 views • 23 slides
Current Trends in Hybrid FPGA/CPU Devices Hybrid FPGA/CPU Devices Xilinx Zynq Series Real

Current Trends in Hybrid FPGA/CPU Devices Hybrid FPGA/CPU Devices Xilinx Zynq Series Real

Current Trends in Current Trends in Hybrid FPGA/CPU Devices Hybrid FPGA/CPU Devices Xilinx Zynq Series Real Innovation or Temporary Hype? Stephanie Rupprich Introduction Stephanie Rupprich FPGA Embedded Processors Heidelberg

611 views • 43 slides
On the Sensitivity of FPGA Architectural Conclusions to Experimental Assumptions, Tools, and

On the Sensitivity of FPGA Architectural Conclusions to Experimental Assumptions, Tools, and

On the Sensitivity of FPGA Architectural Conclusions to Experimental Assumptions, Tools, and Techniques Andy Yan, Rebecca Cheng, Steve Wilton University of British Columbia Vancouver, B.C. stevew@ece.ubc.ca FPGA Experiments: Impressive

654 views • 49 slides
FPGA-CAPELLA: A REAL TIME AUDIO FX UNIT COSMA KUFA AND JUSTIN XIAO WHAT IS FPGA-CAPELLA?

FPGA-CAPELLA: A REAL TIME AUDIO FX UNIT COSMA KUFA AND JUSTIN XIAO WHAT IS FPGA-CAPELLA?

FPGA-CAPELLA: A REAL TIME AUDIO FX UNIT COSMA KUFA AND JUSTIN XIAO WHAT IS FPGA-CAPELLA? FPGA-capella is an audio FX unit Allows users to apply interesting audio FX to their sound Offers flexibility Gives musicians an interesting

379 views • 11 slides
Andrew Clinton, Matt Liberty, Ian Kuon FPGA Routing (Interconnect) FPGA routing consists of a

Andrew Clinton, Matt Liberty, Ian Kuon FPGA Routing (Interconnect) FPGA routing consists of a

Andrew Clinton, Matt Liberty, Ian Kuon FPGA Routing (Interconnect) FPGA routing consists of a network of wires and programmable switches Wire is modeled with a reduced RC network Drivers are modeled as a SPICE netlist 2-Level pass

673 views • 20 slides

More recommend