hardware arithmetic units and cryptoprocessors for
play

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic - PowerPoint PPT Presentation

Feb 07, 2023 •172 likes •591 views

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS IRISA Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS Lab-STICC Introduction 1 HTMM

  1. Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS – IRISA – Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS – Lab-STICC

  2. Introduction 1 HTMM – Hyper-Threaded Modular Multipliers 2 Hardware cryptoprocessors for HECC 3 Conclusion and Perspectives 4 G.Gallin Ph.D. Defense 29.11.2018 2 / 34

  3. Introduction Cybersecurity Challenges ◮ Digital systems are widely used in many applications ◮ economy: credit cards, online payments, ... ◮ medical: medical files, e-Health devices, ... ◮ Internet of Things (IoT): self-driving cars, smart homes, ... ◮ communications: telephony, emails, social networks, ... ◮ ... ◮ Strong needs for efficent digital security ◮ fast for user convinience ◮ reduced power consumption for battery-based systems ◮ small circuit area for embedded systems ◮ resistant to attacks: theoretical, logical and physical G.Gallin Ph.D. Defense 29.11.2018 3 / 34

  4. Introduction Example: Simplified Payment with Credit Cards Credit Card Terminal Bank Cryptographic primitives: ◮ authentication : asserts identity of user, credit card and bank ◮ integrity : ensures exchanged data are complete and unmodified ◮ confidentiality : asserts secrecy of exchanded data G.Gallin Ph.D. Defense 29.11.2018 4 / 34

  5. Introduction Overview on Cryptography: Symmetric Cryptography ◮ Also called secret-key cryptography ◮ Encryption and decryption with shared secret key key key x x o o 9 9 l l l l e d d e H . . H 5 5 message message Encryption Decryption sender receiver ◮ Very efficient and wildely used to ensure confidentiality ◮ Problems with symmetric cryptography ◮ secret key must be shared between sender and receiver ◮ communications with several parties → many keys to manage G.Gallin Ph.D. Defense 29.11.2018 5 / 34

  6. Introduction Overview on Cryptography: Asymmetric Cryptography ◮ Also known as public-key cryptography (PKC) ◮ uses a pair of private key and public key ◮ extensively used for digital signatures and key exchanges ◮ more expensive than symmetric cryptography ◮ First PKC: RSA proposed by Rivest, Shamir and Adleman in 1978 ◮ huge commercial success and still widely used ◮ large keys ( > 2000 bits recommended) and very costly for embedded applications ◮ E lliptic C urve C ryptography by Miller in 1985 and Koblitz in 1987 ◮ 200 to 500 bits keys recommended: better performances than RSA ◮ current PKC standard for various secured applications e.g. french passports or secured Internet browsing G.Gallin Ph.D. Defense 29.11.2018 6 / 34

  7. Introduction H yper- E lliptic C urve C ryptography ◮ HECC proposed by Koblitz in 1988 ◮ size of internal values divided by 2 but more arithmetic operations ◮ before late 2000s, HECC was less efficient than ECC ◮ New HECC cryptosystem proposed by Gaudry [1] in 2007 ◮ requires less arithmetic operations ◮ more efficient than ECC in theory ◮ size of internal values is around 128 bits (equiv. to ECC 256b) ◮ µ Kummer proposed by Renes et al. [6] in 2016 ◮ software implementation of Gaudry’s HECC on microcontrollers ◮ -75% and -35% time for digital signature and key exchange ◮ Very few recent hardware implementations of recent HECC cryptosystems G.Gallin Ph.D. Defense 29.11.2018 7 / 34

  8. Introduction HAH Project ◮ H ardware and A rithmetic for H ECC ◮ 3-year labex project (2014-2017) involving ◮ IRISA / Lab-STICC funded by labex CominLabs and Britanny region ◮ IRMAR lab. for mathematics funded by labex Lebesgue G.Gallin Ph.D. Defense 29.11.2018 8 / 34

  9. Introduction HAH Project: Objectives ◮ Propose new units for basic arithmetic operations in HECC ◮ modular arithmetic for 128–300-bit operands ◮ design small circuits with high frequencies and low computation time ◮ Design new hardware cryptoprocessors for HECC ◮ implement best state-of-the-art HECC cryptosystems ◮ explore various performance vs. cost tradeoffs ◮ confirm efficiency of HECC vs. ECC in hardware ◮ Robust against physical attacks: SPA (Simple Power Analysis) ◮ Flexible designs to support different curves and parameters G.Gallin Ph.D. Defense 29.11.2018 9 / 34

  10. HTMM – Hyper-Threaded Modular Multipliers Summary Introduction 1 HTMM – Hyper-Threaded Modular Multipliers 2 Hardware cryptoprocessors for HECC 3 Conclusion and Perspectives 4 G.Gallin Ph.D. Defense 29.11.2018 10 / 34

  11. HTMM – Hyper-Threaded Modular Multipliers Modular Operations in HECC ◮ HECC requires to compute arithmetic operations ( ± , × ) in GF( P ) ◮ operands and results ∈ { 0 , 1 , ..., P − 1 } ◮ P is a 100–300-bit prime ◮ Most frequent and costly operation: modular multiplication (MM) e.g. 75% of overall computation time in µ Kummer [6] ◮ Example: multiplications modulo small P = 23 2 × 10 = 20 2 × 10 mod 23 = 20 9 × 18 = 162 9 × 18 mod 23 = 1 4 × 10 = 40 4 × 10 mod 23 = 17 19 × 17 = 323 19 × 17 mod 23 = 1 G.Gallin Ph.D. Defense 29.11.2018 11 / 34

  12. HTMM – Hyper-Threaded Modular Multipliers Modular Reduction ◮ Fast reduction modulo specific primes with specific structures ◮ e.g. Mersenne prime P = 2 127 − 1 ∗ used in µ Kummer: ◮ limited to very few primes: not possible with flexibility constraints ◮ Reduction modulo generic primes ◮ more complex but supports all primes of a given max. size ◮ several efficient algorithms for operations modulo generic P ∗ 2 127 − 1 = (111111111111111111111111 ... 111111111111111111111111) 2 G.Gallin Ph.D. Defense 29.11.2018 12 / 34

  13. HTMM – Hyper-Threaded Modular Multipliers Modular Multiplication: Montgomery’s Algorithm ◮ M ontgomery M odular M ultiplication proposed in 1985 [5] ◮ best MM algorithm for generic primes P ◮ max. size of P : m − 2 bits G.Gallin Ph.D. Defense 29.11.2018 13 / 34

  14. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  15. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  16. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  17. HTMM – Hyper-Threaded Modular Multipliers Interleaved MMM ◮ MMM operands are split into s words of w bits ( s × w = m ) ◮ CIOS ( Coarsely Integrated Operand Scanning ) from Koc et al. [2] ◮ iterations over small partial products with partial reduction steps ◮ strong dependencies between iterations G.Gallin Ph.D. Defense 29.11.2018 14 / 34

  18. HTMM – Hyper-Threaded Modular Multipliers Hyper-Threading: Principle ◮ Dependencies in CIOS → idle stages in the pipeline time ◮ Our solution: fill idle pipeline stages with independent MMMs time ◮ H yper- T hreaded M odular M ultiplier ◮ HTMM: physical unit computing σ independent MMMs concurrently ◮ hardware ressources are shared among σ Logical Multipliers (LMs) G.Gallin Ph.D. Defense 29.11.2018 15 / 34

  19. HTMM – Hyper-Threaded Modular Multipliers HTMM Architecture ◮ Based on 3 pipelined blocks (1 for each partial product in CIOS) ◮ Width of internal words fixed to w = 34 bits → only 9 DSP slices ◮ 3 to 4 stages in DSP slices to reach high frequencies RAM RAM Task 3 Task 2 0 Task 1 G.Gallin Ph.D. Defense 29.11.2018 16 / 34

  20. HTMM – Hyper-Threaded Modular Multipliers Tools for Architectures Exploration ◮ Many HTMM parameters to explore: size of P ( e.g. 128 or 256 bits), w , number of LMs, configurations of memories and DSP slices, algorithmic optimizations, ... ◮ We designed a software HTMM generator ◮ allows fast generation of VHDL codes for many HTMM specifications ◮ and optimized for various FPGAs ( e.g. pipeline config. in DSP slices) ◮ available as open-source 1 ◮ HTMM generator also offers support for some third-party softwares ◮ Xilinx tools for implementation, simulation and evaluation ◮ Sage mathematics software 2 for numerical validation of HTMM 1 HTMM generator available at https://sourcesup.renater.fr/htmm/ 2 available as open-source at http://www.sagemath.org/ G.Gallin Ph.D. Defense 29.11.2018 17 / 34

Recommend

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a

Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a

1. Introduction 2. Binary Representation Lecture 6 Arithmetic Operators 3. Hardware and Softw are 4. High Level Languages C has a number of arithmetic operators which are used to 5. Standard input and output combine variables and

403 views • 3 slides
Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

COMPUTER ORGANIZATION AND DESIGN 5 th Edition The Hardware/Software Interface Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers Operations on integers Addition and subtraction

719 views • 57 slides
Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU)

Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU)

Section 4 Section 4 Arithmetic Units a 4-1 1 ALU ALU a 4-2 2 Arithmetic Logic Unit (ALU) Arithmetic Logic Unit (ALU) Data Arithmetic Unit LD0 32-bits 16 16 8 8 8 8 R7 R7.H R7.L R6 R6.H R6.L LD1 32-bits R5 R5.H R5.L

629 views • 61 slides
Basic hardware The main units Csernyi G abor Department of English Linguistics University of

Basic hardware The main units Csernyi G abor Department of English Linguistics University of

Basic hardware The main units Csernyi G abor Department of English Linguistics University of Debrecen Csernyi G abor (DE IEAS) Basic hardware 1 / 19 Table of contents Hardware division 1 The central unit 2 The micropocessor The

543 views • 21 slides
Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations

Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations

Lecture 11: Hardware for Arithmetic Todays topics: Logic for common operations Designing an ALU 1 Boolean Algebra Equations involving two values and three primary operators: OR : symbol + , X = A + B X is true if at

240 views • 22 slides
Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth

Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth

Convolutional feature extraction and Neural Arithmetic Logic Units for Stock Prediction Shangeth Rajaa Jajati Keshari Sahoo Department of Mathematics, BITS Pilani Goa Campus Introduction Stock Prediction as a Pattern Recognition Task Deep

756 views • 16 slides
HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University

HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University

HARDWARE FOR ARITHMETIC Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 3810: Computer Organization Overview Past lectures High-level stuff mostly on ISA, Assembly, and number representation This

487 views • 20 slides
Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for

Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for

Hardware-accelerated Galois Field Arithmetic on the ARMv8 Architecture Markus Ongyerth Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen September 30, 2014 Markus Ongyerth:

514 views • 20 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic

Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic

Summary Introduction Exotic Number Systems Basic number systems for Hardware Arithmetic Operators integer and fixed point floating point Arnaud Tisserand Exotic number systems logarithmic number system (LNS) CNRS, IRISA

534 views • 18 slides
Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and

Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and

Lecture 11: Wrap-up and Farewell Were Almost Done Weve covered Arithmetic and logical operations Branches for loops and conditions Memory Functions Stack Calling conventions Talking To Hardware Input and Output

310 views • 19 slides
Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course Requirements Required English Language Arts 4 Units Mathematics 4 Units Science 3 Units Social Studies 3 Units Health .5 Units Physical Education

251 views • 24 slides
Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course

Welcome to Elyria High School Complete 21 course credits Units Our Districts Course Requirements Required English Language Arts 4 Units Mathematics 4 Units Science 3 Units Social Studies 3 Units Health .5 Units Physical Education

419 views • 25 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
EE 109 Appendix G Emulating FP 2 USING INTEGERS TO EMULATE DECIMAL/FRACTION ARITHMETIC 3 FP

EE 109 Appendix G Emulating FP 2 USING INTEGERS TO EMULATE DECIMAL/FRACTION ARITHMETIC 3 FP

1 EE 109 Appendix G Emulating FP 2 USING INTEGERS TO EMULATE DECIMAL/FRACTION ARITHMETIC 3 FP Emulation Low-end microprocessors (like the Arduino) may not have hardware for floating point ( float and double ) operations If you do use

468 views • 11 slides
Highly Efficient GF (2 8 ) Inversion Circuit Based on Redundant GF Arithmetic and Its Application

Highly Efficient GF (2 8 ) Inversion Circuit Based on Redundant GF Arithmetic and Its Application

Saint-Malo, September 13th, 2015 Cryptographic Hardware and Embedded Systems Highly Efficient GF (2 8 ) Inversion Circuit Based on Redundant GF Arithmetic and Its Application to AES Design Rei Ueno 1 , Naofumi Homma 1 , Yukihiro Sugawara 1 ,

445 views • 26 slides
Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical &

Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical &

Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical & Computer Engineering University of Massachusetts, Amherst ciesiel@ecs.umass.edu Outline Introduction Hardware verification methods, focus on

1.02k views • 82 slides
The Arithmetic of Life - The Beauty and the Angst of Living by Numbers David Gordon Director of

The Arithmetic of Life - The Beauty and the Angst of Living by Numbers David Gordon Director of

The Arithmetic of Life - The Beauty and the Angst of Living by Numbers David Gordon Director of Strategic Planning Intel Part I Living by Numbers Ice Cream Please inject: 27 / 4 = 7 units The Prick The bloody insight Bedtime Correction:

643 views • 30 slides
Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Are your scores improving each week? You will need to subtract 100 from the hundreds column. 800 -

461 views • 20 slides
Overview Respondent pool makeup 50-99 Other / 0-49 units multiple units 7% types

Overview Respondent pool makeup 50-99 Other / 0-49 units multiple units 7% types

Study NMHC / Kingsley 2014 Package Delivery Study Overview Respondent pool makeup 50-99 Other / 0-49 units multiple units 7% types Townhouse High-rise 500+ 9% (9+ stories) units 3% 7% 7% 100-199 300-499 units Mid-rise units

532 views • 23 slides
Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

9/9/2012 For Next Time Read Chapter 4 Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in normal mathematics: Operator Operation * and / are applied before + and + Addition Parentheses

152 views • 3 slides
Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Try to improve your score each week! You will need to add 100 to the hundreds column. 400 + 100 = 500

361 views • 19 slides

More recommend