hardware architectures for hecc
play

Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND - PowerPoint PPT Presentation

Nov 09, 2022 •176 likes •507 views

Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC IRISA HAH Project CryptArchi June, 2017 Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion

  1. Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS – Lab-STICC – IRISA HAH Project CryptArchi June, 2017

  2. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Summary Context & Motivations 1 HECC Operations 2 Efficient Multiplier 3 Architectures and Tools for HECC 4 Conclusion 5 G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 2 / 22

  3. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Summary Context & Motivations 1 HECC Operations 2 Efficient Multiplier 3 Architectures and Tools for HECC 4 Conclusion 5 G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 2 / 22

  4. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Public-Key Cryptography (PKC) Provides cryptographic primitives such as digital signature, key exchange and specific encryption schemes First PKC standard: RSA - ≥ 2000-bit keys recommended today - Too costly for embedded applications Elliptic Curve Cryptography (ECC): - Better performances and lower cost than RSA - Allows more advanced schemes Hyper-Elliptic Curve Cryptography (HECC): - Evolution of ECC focusing on larger sets of curves - Supposed to have a smaller cost than ECC G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 3 / 22

  5. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Operations Hierarchy in (H)ECC ADD and DBL built using F P operations Protocols Curve-Level Modular arithmetic in F P : Scalar Operations Multiplication - 100 · · · 200 bits elements for HECC [Software] [ k ] P b - Operations involve modular reduction - Choice for P : DBL(P) ADD(P ,Q) – Generic P : more flexible but slower P+P – Specific P ( e.g. pseudo-Mersenne): faster but more specific ... x ± y x x y Modular multiplication ( M ) and square ( S ): GF(p)/GF(2 m ) Operations - Most common and costly operations [Hardware] - Efficient dedicated units Main metric: numbers of M and S in F P G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 4 / 22

  6. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion ECC, HECC, Kummer-HECC F P elements size source ADD DBL ECC ℓ ECC 12 M + 2 S 7 M + 3 S [Bernstein and Lange] ℓ HECC ≈ 1 HECC 2 ℓ ECC 40 M + 4 S 38 M + 6 S [Lange, 2005] Kummer ℓ HECC 19 M + 12 S [Renes et al., 2016] ECC: - Size of F P elements 2 × larger - Simpler ADD and DBL operations HECC: - Smaller F P - More operations in F P for ADD / DBL Kummer-HECC is more efficient than ECC [Renes et al., 2016]: - ARM Cortex M0: up to 75% clock cycles reduction for signatures - AVR AT-mega: up to 32% cycles reduction for Diffie-Hellman G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 5 / 22

  7. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Summary Context & Motivations 1 HECC Operations 2 Efficient Multiplier 3 Architectures and Tools for HECC 4 Conclusion 5 G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 5 / 22

  8. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Curve-Level Operations in Kummer No ADD operation but still DBL Differential addition : xADD ( ± P , ± Q , ± ( P − Q )) → ± ( P + Q ) xADD and DBL can be combined: xDBLADD ( ± P , ± Q , ± ( P − Q )) → ( ± [2] P , ± ( P + Q )) For details see [Renes et al., 2016], [Gaudry, 2007] and [Bos et al., 2016] G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 6 / 22

  9. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion xDBLADD F P Operations cst cst cst var s a s s M M S M OUT var a s M M a a S M OUT var s a s s M M S M OUT var a s a a M M S OUT cst cst cst cst var s a S M a a S M OUT var a s S M s s S M OUT var s a a a S M S M OUT var a s S M s s S M OUT cst cst cst cst G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 7 / 22

  10. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Scalar Multiplication Montgomery ladder based crypto scalarmult [Renes et al., 2016]: Require: m -bit scalar k = � m − 1 i =0 2 i k i , point P b , cst ∈ F 4 P Ensure: V 1 = [ k ] P b , V 2 = [ k + 1] P b V 1 ← cst V 2 ← P b for i = m − 1 downto 0 do ( V 1 , V 2 ) ← CSWAP ( k i , ( V 1 , V 2 )) ( V 1 , V 2 ) ← xDBLADD ( V 1 , V 2 , P b ) ( V 1 , V 2 ) ← CSWAP ( k i , ( V 1 , V 2 )) end for return ( V 1 , V 2 ) CSWAP ( k i , ( X , Y )) returns ( X , Y ) if k i = 0, else ( Y , X ) Constant time, uniform operations (independent from key bits) Some parallelism between xDBLADD internal F P operations CSWAP : very simple but involves secret bits (to be protected) G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 8 / 22

  11. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Summary Context & Motivations 1 HECC Operations 2 Efficient Multiplier 3 Architectures and Tools for HECC 4 Conclusion 5 G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 8 / 22

  12. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Montgomery Modular Multiplication (MMM) R = A × B n × n → 2 n bits q = ( R × ( −P − 1 )) mod (2 n ) n × n → n bits q P = q × P n × n → 2 n bits A B Objective: A × B mod P R Proposed in [Montgomery, 1985] q q Variants are actual state-of-the-art for F P multiplication (with generic P ) R Final reduction step discards n LSBs S G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 9 / 22

  13. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion Modular Multiplication: Dependencies Problem In practice, MMM is interleaved - Operands are split into s words of w bits such that n = s × w - Iterations over partial products and reductions on words - Coarsely Integrated Operand Scanning (CIOS) from [Ko¸ c et al., 1996] Impact on hardware implementation - Dependencies → latencies between internal iterations - Hardware pipeline in DSP slices cannot be filled efficiently Proposed solution: Hyper-Threaded Modular Multiplier (HTMM) - Based on simple CIOS algorithm - Use idle stages to compute other independent MMMs in parallel G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 10 / 22

  14. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion HTMM Internal Architecture HTMM architecture: 3 hardware stages - Stages are fully pipelined (several clock cycles per stage) - 3 to 4 DSP slices in each stage q i = t 0 S = + t t = A i B + S q i A i STAGE 1 STAGE 2 STAGE 3 B G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 11 / 22

  15. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion HTMM Internal Architecture HTMM architecture: 3 hardware stages - Stages are fully pipelined (several clock cycles per stage) - 3 to 4 DSP slices in each stage B (3) A (4) A (3) B (4) A (5) B (0) A (1) A (0) B (1) A (2) OPERANDS B (2) B (5) STAGE 1 0 1 2 0 1 2 0 1 2 0 1 2 3 4 5 ... STAGE 2 0 1 2 0 1 2 0 1 2 0 1 2 3 4 STAGE 3 0 1 2 0 1 2 0 1 2 0 1 2 3 RESUL T P (0) P (1) P (2) time G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 11 / 22

  16. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion HTMM Implementations Xilinx FPGAs - Virtex 4 XC4VLX100 (V4) - Virtex 5 XC5VLX110T (V5) - Spartan 6 XC6SLX75 (S6) Comparison with fastest MMM implementation in literature - Design presented in [Ma et al., 2013] - Implemented on the same FPGAs for fair comparison 2 versions of HTMM: - HTMM DRAM : operands stored in FPGA slices (LUTs) - HTMM BRAM : operands stored in FPGA BRAMs Parameters for HTMM: - P→ 128 bits - w = 34 bits, s = 4 - Operands size n = s × w = 134 bits G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 12 / 22

  17. Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion HTMM Implementations Results Results for 3 independent multiplications: Version FPGA DSP BRAM FF LUT Slices Freq. Nb. Time 18K/9K (MHz) cycles (ns) V4 21 6/0 1311 1201 879 252 258 [Ma et al., 2013] V5 21 6/0 1310 1027 406 296 65 220 S6 21 0/6 1280 1600 540 210 309 V4 11 0/0 1638 1128 1346 330 239 HTMM DRAM V5 11 0/0 1616 652 517 400 79 198 S6 11 0/0 1631 1344 483 302 261 V4 11 2/0 615 364 449 328 241 HTMM BRAM V5 11 2/0 593 371 249 357 79 221 S6 11 0/2 587 359 180 304 260 S6: -47% DSPs, -66% BRAMs, -66% slices, -15% duration For only 1 single M , HTMM is less efficient (69 cycles against 25) G. Gallin - A. Tisserand Hardware Architectures for HECC CryptArchi 2017 13 / 22

Recommend

Architecture level Optimizations for Kummer based HECC on FPGAs Gabriel GALLIN Turku Ozlum

Architecture level Optimizations for Kummer based HECC on FPGAs Gabriel GALLIN Turku Ozlum

Architecture level Optimizations for Kummer based HECC on FPGAs Gabriel GALLIN Turku Ozlum CELIK Arnaud TISSERAND CNRS IRISA Univ. Rennes Lab-STICC December, 11 th Indocrypt 2017 ECC, HECC, Kummer-HECC size of GF ( P ) elems.

360 views • 31 slides
Motivation for Multithreaded Architectures Processors not executing code at their hardware

Motivation for Multithreaded Architectures Processors not executing code at their hardware

Motivation for Multithreaded Architectures Processors not executing code at their hardware potential late 70s: performance lost to memory latency 90s: performance not in line with the increasingly complex parallel hardware as

591 views • 32 slides
Outcomes Based Funding Update HECC FEBRUARY FULL COMMISSION MEETING 2/12/2015 Brian Fox,

Outcomes Based Funding Update HECC FEBRUARY FULL COMMISSION MEETING 2/12/2015 Brian Fox,

Outcomes Based Funding Update HECC FEBRUARY FULL COMMISSION MEETING 2/12/2015 Brian Fox, Administrator, Public University Budget & Finance PROCESS 2 OBF Technical Workgroup (TWG) formed in May, 2014 University Presidents, HECC

842 views • 44 slides
CS 356: Computer Network Architectures Lecture 14: Switching hardware, IP auxiliary functions,

CS 356: Computer Network Architectures Lecture 14: Switching hardware, IP auxiliary functions,

CS 356: Computer Network Architectures Lecture 14: Switching hardware, IP auxiliary functions, and midterm review [PD] chapter 3.4.1, 3.2.7 Xiaowei Yang xwy@cs.duke.edu Switching hardware Software switch Packets cross the bus twice

771 views • 55 slides
HB 3472 Update HOUSE COMMITTEE ON HIGHER EDUCATION AND WORKFORCE DEVELOPMENT Presented by: Rob

HB 3472 Update HOUSE COMMITTEE ON HIGHER EDUCATION AND WORKFORCE DEVELOPMENT Presented by: Rob

HB 3472 Update HOUSE COMMITTEE ON HIGHER EDUCATION AND WORKFORCE DEVELOPMENT Presented by: Rob Fullmer, HECC Commissioner & Pay It Forward Workgroup Chair Donna Lewelling, HECC Policy Analyst HB 3472: Pay It Forward HECC to consider

539 views • 12 slides
CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References: Chap 1.4, 1.5 of [PD] Xiaowei Yang xwy@cs.duke.edu Overview Application Programming Interface (cont.) Hardware and physical layer Nuts

775 views • 59 slides
Outline of Tutorial SoC Architectures for Hardware Designers Technology opportunities and

Outline of Tutorial SoC Architectures for Hardware Designers Technology opportunities and

Outline of Tutorial SoC Architectures for Hardware Designers Technology opportunities and limits What is a System-on-a-Chip SoC 3rd International Seminar on Application-Specific Multi-Processor SoC 7 - 11 July 2003, Hotel Alpina,

427 views • 19 slides
HPC Architectures Types of HPC hardware platforms currently in use Funding Partners bioexcel.eu

HPC Architectures Types of HPC hardware platforms currently in use Funding Partners bioexcel.eu

HPC Architectures Types of HPC hardware platforms currently in use Funding Partners bioexcel.eu Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License.

355 views • 20 slides
CompSci 356: Computer Network Architectures Lecture 3: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 3: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 3: Hardware and physical links References: Chap 1.4, 1.5 of [PD] Xiaowei Yang xwy@cs.duke.edu Overview Lab overview Application Programming Interface Hardware and physical layer

852 views • 53 slides
CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking, and programmable routers [PD] chapter 3.4 Xiaowei Yang xwy@cs.duke.edu Overview Switching hardware Software defined networking

1.07k views • 70 slides
Hardware/Software Vectorization for Closeness Centrality on Multi-/Many-Core Architectures uce,

Hardware/Software Vectorization for Closeness Centrality on Multi-/Many-Core Architectures uce,

Hardware/Software Vectorization for Closeness Centrality on Multi-/Many-Core Architectures uce, Erik Saule , Kamer Kaya, Ahmet Erdem Sary Umit V. C ataly urek The Ohio State University (BMI, CS, ECE) University of North Carolina at

848 views • 29 slides
HACC: Extreme Scaling and Performance Across Diverse Architectures HACC (Hardware/Hybrid

HACC: Extreme Scaling and Performance Across Diverse Architectures HACC (Hardware/Hybrid

HACC: Extreme Scaling and Performance Across Diverse Architectures HACC (Hardware/Hybrid Accelerated Salman Habib HEP and MCS Divisions Cosmology Code) Framework Argonne National Laboratory Vitali Morozov David Daniel 100M on Mira Nicholas

521 views • 14 slides
30. Parallel Programming I Moores Law and the Free Lunch, Hardware Architectures, Parallel

30. Parallel Programming I Moores Law and the Free Lunch, Hardware Architectures, Parallel

30. Parallel Programming I Moores Law and the Free Lunch, Hardware Architectures, Parallel Execution, Flynns Taxonomy, Multi-Threading, Parallelism and Concurrency, C++ Threads, Scalability: Amdahl and Gustafson, Data-parallelism,

879 views • 70 slides
Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization

Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization

Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization Technologies Cloud Computing relies heavily on the concept of virtualization In fact not possible without it. But they are separate

835 views • 32 slides
Hardware-Software Codesign 3. Mapping Applications To Architectures Lothar Thiele Computer

Hardware-Software Codesign 3. Mapping Applications To Architectures Lothar Thiele Computer

Hardware-Software Codesign 3. Mapping Applications To Architectures Lothar Thiele Computer Engineering Swiss Federal 3 - 1 Institute of Technology and Networks Laboratory System Design specification system synthesis estimation

541 views • 19 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Efficient Hardware Architectures and Algorithms for Embedded Vision Systems Eva Dokladalova 1 , 2

Efficient Hardware Architectures and Algorithms for Embedded Vision Systems Eva Dokladalova 1 , 2

Efficient Hardware Architectures and Algorithms for Embedded Vision Systems Eva Dokladalova 1 , 2 1 ESIEE Paris, Computer Science Department, France 2 Paris-Est University, LIGM (Gaspard Monge Computer Science Laboratory), A3SI team, CNRS UMR

776 views • 53 slides
High performance hardware architectures for Intra Block Copy and Palette Coding for HEVC Screen

High performance hardware architectures for Intra Block Copy and Palette Coding for HEVC Screen

High performance hardware architectures for Intra Block Copy and Palette Coding for HEVC Screen Content Coding extension Rishan Senanayake 1 , Namitha Liyanage 1 , Sasindu Wijeratne 1 , Sachille Atapattu 1 , Kasun Athukorala 1 , P.M.K. Tharaka 1 ,

239 views • 23 slides
Hyper-Threaded Multiplier for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC

Hyper-Threaded Multiplier for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC

Hyper-Threaded Multiplier for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC IRISA HAH Project Asilomar, Oct. 2017 Public-Key Cryptography (PKC) Provides cryptographic primitives such as digital signature, key exchange and

345 views • 16 slides
Hardware Architectures For Embedded Systems Design Prepared By: Hind Alsalem; HIND SALEM HIND

Hardware Architectures For Embedded Systems Design Prepared By: Hind Alsalem; HIND SALEM HIND

Real Time Embedded Systems (CPE746) Hardware Architectures For Embedded Systems Design Prepared By: Hind Alsalem; HIND SALEM HIND SALEM Supervised By: Dr. Loai Tawalbeh Jordan University of Science and Technology Embedded System

676 views • 45 slides
HECC S Standard A: N Need Providing Clear Evidence of Occupation Demand Kasena Dailey, CCWD

HECC S Standard A: N Need Providing Clear Evidence of Occupation Demand Kasena Dailey, CCWD

HECC S Standard A: N Need Providing Clear Evidence of Occupation Demand Kasena Dailey, CCWD Tim Pierce, Chemeketa C.C. May 31, 2019 Welcome and Objectives Standard A: Need Moving towards the future The Tools 2 Standard A:

479 views • 18 slides
Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018

Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018 Chair of Network Architectures and Services

531 views • 13 slides
Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectures Architectural styles Software architectures Architectures versus middleware Self-management in distributed systems 1 / 26 Architectures Architectural styles Architectural styles Basic idea Organize into

571 views • 33 slides
House Bill 2998: Implementation Update HECC October 2018 Meeting Patrick Crane, Director of

House Bill 2998: Implementation Update HECC October 2018 Meeting Patrick Crane, Director of

House Bill 2998: Implementation Update HECC October 2018 Meeting Patrick Crane, Director of Community Colleges and Workforce Development & Veronica Dujon, Director of Academic Planning and Policy October 10, 2018 HB 2998 Mandates

599 views • 13 slides

More recommend