hig igh performance and lo low power applications
play

hig igh-performance and lo low-power applications Real World - PowerPoint PPT Presentation

Jun 09, 2023 •257 likes •861 views

Four -based cryptography for hig igh-performance and lo low-power applications Real World Cryptography Conference 2017 January 4-6, New York, USA Patrick Longa Microsoft Research Next-generation elliptic curves New IETF Standards

  1. Four ℚ -based cryptography for hig igh-performance and lo low-power applications Real World Cryptography Conference 2017 January 4-6, New York, USA Patrick Longa Microsoft Research

  2. Next-generation elliptic curves New IETF Standards • The Crypto Forum Research Group (CFRG) selected two elliptic curves: Bernstein’s Curve25519 and Hamburg’s Ed448 -Goldilocks • RFC 7748: “Elliptic Curves for Security” (published on January 2016) • Curve details; generation • DH key exchange for both curves • Ongoing work: signature scheme • draft-irtf-cfrg-eddsa- 08, “Edwards -curve Digital Signature Algorithm (EdDSA )” 1/23

  3. Next-generation elliptic curves Farrel-Moriarity-Melkinov-Paterson [NIST ECC Workshop 2015]: “… the real motivation for work in CFRG is the better performance and side - channel resistance of new curves developed by academic cryptographers over the last decade.” Plus some additional requirements such as: • Rigidity in curve generation process. • Support for existing cryptographic algorithms. 2/23

  4. Next-generation elliptic curves Farrel-Moriarity-Melkinov-Paterson [NIST ECC Workshop 2015]: “… the real motivation for work in CFRG is the better performance and side - channel resistance of new curves developed by academic cryptographers over the last decade.” Plus some additional requirements such as: • Rigidity in curve generation process. • Support for existing cryptographic algorithms. 2/23

  5. State-of-the-art ECC: Four ℚ [Costello-L, ASIACRYPT 2015] • CM endomorphism [GLV01] and Frobenius ( ℚ -curve) endomorphism [GLS09, Smi16, GI13] Four ℚ • Edwards form [Edw07] using efficient Edwards coordinates [BBJ+08, HCW+08] • Arithmetic over the Mersenne prime 𝑞 = 2 127 − 1 Features: • Support for secure implementations and top performance. • Uniqueness: only curve at the 128-bit security level with properties above. 3/23

  6. State-of-the-art ECC: Four ℚ [Costello-L, ASIACRYPT 2015] • CM endomorphism [GLV01] and Frobenius ( ℚ -curve) endomorphism [GLS09, Smi16, GI13] Four ℚ • Edwards form [Edw07] using efficient Edwards coordinates [BBJ+08, HCW+08] • Arithmetic over the Mersenne prime 𝑞 = 2 127 − 1 Features: • Support for secure implementations and top performance. • Uniqueness: only curve at the 128-bit security level with properties above. 3/23

  7. State-of-the-art ECC: Four ℚ [Costello-L, ASIACRYPT 2015] Speed (in thousands of cycles) to compute variable-base scalar multiplication on different computer classes. Four ℚ Platform Curve25519 Speedup ratio Intel Haswell processor, desktop class 56 162 2.9x ARM Cortex-A15, smartphone class 132 315 2.4x ARM Cortex-M4, microcontroller class 531 1,424 2.7x 4/23

  8. State-of-the-art ECC: Four ℚ [Costello-L, ASIACRYPT 2015] Speed (in thousands of cycles) to compute variable-base scalar multiplication on different computer classes. Four ℚ Platform Curve25519 Speedup ratio Intel Haswell processor, desktop class 56 162 2.9x ARM Cortex-A15, smartphone class 132 315 2.4x ARM Cortex-M4, microcontroller class 531 1,424 2.7x 4/23

  9. State-of-the-art ECC: Four ℚ [Costello-L, ASIACRYPT 2015] 𝐹/𝔾 𝑞 2 : −𝑦 2 + 𝑧 2 = 1 + 𝑒𝑦 2 𝑧 2 𝑒 = 125317048443780598345676279555970305165𝑗 + 4205857648805777768770 , 𝑞 = 2 127 − 1, 𝑗 2 = −1 , #𝐹 = 392 ∙ 𝑂 , where 𝑂 is a 246 -bit prime. 5/23

  10. State-of-the-art ECC: Four ℚ (Costello-L, ASIACRYPT 2015) 𝐹/𝔾 𝑞 2 : −𝑦 2 + 𝑧 2 = 1 + 𝑒𝑦 2 𝑧 2 𝑒 = 125317048443780598345676279555970305165𝑗 + 4205857648805777768770 , 𝑞 = 2 127 − 1, 𝑗 2 = −1 , #𝐹 = 392 ∙ 𝑂 , where 𝑂 is a 246 -bit prime. • Fastest (large char) ECC addition laws are complete on 𝐹 • 𝐹 is equipped with two endomorphisms: • 𝐹 is a degree-2 ℚ -curve: endomorphism 𝜔 • 𝐹 has CM by order of 𝐸 = −40 : endomorphism 𝜚 5/23

  11. State-of-the-art ECC: Four ℚ (Costello-L, ASIACRYPT 2015) 𝐹/𝔾 𝑞 2 : −𝑦 2 + 𝑧 2 = 1 + 𝑒𝑦 2 𝑧 2 𝑒 = 125317048443780598345676279555970305165𝑗 + 4205857648805777768770 , 𝑞 = 2 127 − 1, 𝑗 2 = −1 , #𝐹 = 392 ∙ 𝑂 , where 𝑂 is a 246 -bit prime. • Fastest (large char) ECC addition laws are complete on 𝐹 • 𝐹 is equipped with two endomorphisms: • 𝐹 is a degree-2 ℚ -curve: endomorphism 𝜔 • 𝐹 has CM by order of 𝐸 = −40 : endomorphism 𝜚 • 𝜔 𝑄 = 𝜇 𝜔 𝑄 and 𝜚 𝑄 = 𝜇 𝜚 𝑄 for all 𝑄 ∈ 𝐹[𝑂] and 𝑛 ∈ [0, 2 256 ) 𝑛 ↦ 𝑏 1 , 𝑏 2 , 𝑏 3 , 𝑏 4 𝑛 𝑄 = 𝑏 1 𝑄 + 𝑏 2 𝜚 𝑄 + 𝑏 3 𝜔 𝑄 + 𝑏 4 𝜔(𝜚 𝑄 ) 5/23

  12. Optimal 4-Way Scalar Decompositions 𝑛 ↦ 𝑏 1 , 𝑏 2 , 𝑏 3 , 𝑏 4 2 256 , decomposition yields four 𝑏 𝑗 ∈ [0, 2 64 with 𝑏 1 odd. ۧ Proposition: for all 𝑛 ∈ [0, ൿ 𝑛 = 42453556751700041597675664513313229052985088397396902723728803518727612539248 𝑏 1 = 13045455764875651153 𝑄 𝜚 𝑄 𝑏 2 = 9751504369311420685 𝜔 𝑄 𝑏 3 = 5603607414148260372 𝜔 𝜚 𝑄 𝑏 4 = 8360175734463666813 6/23

  13. Optimal 4-Way Scalar Decompositions 𝑛 ↦ 𝑏 1 , 𝑏 2 , 𝑏 3 , 𝑏 4 2 256 , decomposition yields four 𝑏 𝑗 ∈ [0, 2 64 with 𝑏 1 odd. ۧ Proposition: for all 𝑛 ∈ [0, ൿ 𝑛 = 42453556751700041597675664513313229052985088397396902723728803518727612539248 𝑏 1 = 13045455764875651153 𝑄 𝜚 𝑄 𝑏 2 = 9751504369311420685 𝜔 𝑄 𝑏 3 = 5603607414148260372 𝜔 𝜚 𝑄 𝑏 4 = 8360175734463666813 6/23

  14. Multi-Scalar Recoding Step 1: recode 𝑏 1 to signed non-zero representation Step 2: recode 𝑏 2 , 𝑏 3 and 𝑏 4 by “sign - aligning” columns 𝑏 1 = 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1 𝑏 2 = 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1 𝑏 3 = 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0 𝑏 4 = 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1 𝑏 1 = 1, ത 1, 1, ത 1, 1, 1, ത 1, 1, ത 1, 1, ത 1, ത 1, ത 1, ത 1, 1, ത 1, 1, ത 1, 1, 1, ത 1, ത 1, ത 1, 1, ത 1, ത 1, 1, 1, 1, ത 1, ത 1, 1, 1, ത 1, ത 1, 1, 1, 1, 1, 1, 1, ത 1, ത 1, 1, 1, 1, 1, 1, ത 1, ത 1, ത 1, ത 1, 1, ത 1, 1, ത 1, ത 1, ത 1, ത 1, 1, ത 1, 1, ത 1, ത 1, ത 1 𝑏 2 = 1, ത 1, 0, 0, 0, 1, 0, 0, ത 1, 1, 0, ത 1, ത 1, 0, 1, 0, 0, 0, 1, 1, ത 1, 0, ത 1, 1, 0, ത 1, 0, 0, 1, 0, ത 1, 1, 1, 0, ത 1, 1, 0, 0, 1, 1, 1, ത 1, ത 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, ത 1, ത 1, 0, 0, 1, ത 1, 0, 0, ത 1, ത 1 𝑏 3 = 0, 0, 1, 0, 1, 0, ത 1, 1, 0, 0, ത 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, ത 1, ത 1, ത 1, 0, ത 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, ത 1, 0, ത 1, 0, 0, 1, ത 1, 0, 0, 0, 1, ത 1, 1, ത 1, 0, 0 𝑏 4 = 1, ത 1, 0, ത 1, 1, 1, ത 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, ത 1, 0, 0, 0, 0, ത 1, 0, 0, 1, ത 1, 0, 1, 0, ത 1, ത 1, 0, 1, 0, 0, 0, 1, ത 1, 0, 0, 0, 1, 1, 1, ത 1, ത 1, ത 1, ത 1, 0, ത 1, 1, 0, ത 1, ത 1, 0, 0, 0, 0, 0, ത 1, ത 1 7/23

Recommend

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Introduction Arithmetic in GF ( 2 m ) Summary - results, comments, future prospects Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power consumption - security tradeoffs Danuta Pamua 17th December 2012

695 views • 32 slides
Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1

Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1

Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1 R. Tripiccione 1 S. F 1 INFN Ferrara and Universit degli Studi di Ferrara, Italy UnConventional High Performance Computing 2015 Euro-Par

481 views • 47 slides
Analyzing Performance of QtQuick Applications Thomas McGuire KDAB thomas@kdab.com Performance:

Analyzing Performance of QtQuick Applications Thomas McGuire KDAB thomas@kdab.com Performance:

Analyzing Performance of QtQuick Applications Thomas McGuire KDAB thomas@kdab.com Performance: Multiple Aspects Startup Duration Smooth Rendering / Frames per Second Responsiveness Boot Duration Power Usage Memory Usage

546 views • 39 slides
Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem?

Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem?

NsimPower: Interconnect Simulator for Power and Performance Prediction Koji Inoue Kyushu University, Japan 1 Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem? Roughly 10 to 30 % of

381 views • 10 slides
Performance Questions How to characterize the performance of applications and systems?

Performance Questions How to characterize the performance of applications and systems?

Performance Questions How to characterize the performance of applications and systems? Users requirements in performance and cost? How about performance measurement? How will system perform when having more resources or How will

262 views • 15 slides
Si CMOS for RF Power Applications J. A. del Alamo MIT Workshop on Advanced Technologies for

Si CMOS for RF Power Applications J. A. del Alamo MIT Workshop on Advanced Technologies for

Si CMOS for RF Power Applications J. A. del Alamo MIT Workshop on Advanced Technologies for Next Generation of RFIC 2005 RFIC Symposium June 12, 2005 Sponsors: DARPA, IBM, SRC RF power applications Power vs. frequency GaAs HEMT 50 InP

699 views • 42 slides
LOW-POWER HIGH-PERFORMANCE ASYNCHRONOUS GENERAL PURPOSE ARMv7 PROCESSOR FOR MULTI-CORE

LOW-POWER HIGH-PERFORMANCE ASYNCHRONOUS GENERAL PURPOSE ARMv7 PROCESSOR FOR MULTI-CORE

LOW-POWER HIGH-PERFORMANCE ASYNCHRONOUS GENERAL PURPOSE ARMv7 PROCESSOR FOR MULTI-CORE APPLICATIONS 13 th International Forum on Embedded MPSoC and Multicore July 15-19 th 2013, Otsu, Japan Octasic Inc, Montral, Canada Michel Laurence

680 views • 52 slides
Analog Power Inc. Analog Power Target Markets & Applications Consumer Electronics

Analog Power Inc. Analog Power Target Markets & Applications Consumer Electronics

Analog Power Inc. Analog Power Target Markets & Applications Consumer Electronics Communication, PoE Notebook Computers Mobile Phone Handset Desktop/Servers HDDs, Data Storage Battery Packs & Chargers LCD

513 views • 16 slides
6/24/2013 WHAT IS THIS TALK ABOUT ? Study of power and energy profile of different

6/24/2013 WHAT IS THIS TALK ABOUT ? Study of power and energy profile of different

6/24/2013 WHAT IS THIS TALK ABOUT ? Study of power and energy profile of different optimization ANALYZING OPTIMIZATION techniques used in heterogeneous applications TECHNIQUES FOR POWER Evaluation of power/performance of such

97 views • 7 slides
Unparalleled Power Performance Confidential Information 1 Broadest Portfolio of Low Power

Unparalleled Power Performance Confidential Information 1 Broadest Portfolio of Low Power

Unparalleled Power Performance Confidential Information 1 Broadest Portfolio of Low Power Differentiated IP Unparalleled Power Performance Confidential Information 2 Corporate Background Focused on differentiated low power mixed-signal IP

125 views • 11 slides
Innovative Power Control for Ultra Low-Power and High- Ultra Low Power and High Performance

Innovative Power Control for Ultra Low-Power and High- Ultra Low Power and High Performance

Innovative Power Control for Ultra Low-Power and High- Ultra Low Power and High Performance System LSIs Hiroshi Nakamura (Univ. of Tokyo) Hideharu Amano (Keio Univ.) Masaaki Kondo (Univ. of Electro-Communications) Mitaro Namiki (Tokyo

369 views • 22 slides
Binding Performance and Power of Dense Linear Algebra Operations Maria Barreda, Manuel F. Dolz,

Binding Performance and Power of Dense Linear Algebra Operations Maria Barreda, Manuel F. Dolz,

10th IEEE International Symposium on Parallel and Distributed Processing with Applications Binding Performance and Power of Dense Linear Algebra Operations Maria Barreda, Manuel F. Dolz, Rafael Mayo, Enrique S. Quintana-Ort , Ruym an

522 views • 27 slides
Performance, Power CS301 Prof Szajda Performance Metrics (How do we compare two machines?)

Performance, Power CS301 Prof Szajda Performance Metrics (How do we compare two machines?)

Performance, Power CS301 Prof Szajda Performance Metrics (How do we compare two machines?) What to Measure? Which airplane has the best performance? 3 Performance One size does not fit all Depends on application domain

653 views • 36 slides
MRT9 Specifications Features Feat es Performance Performance Engine Power with

MRT9 Specifications Features Feat es Performance Performance Engine Power with

MRT9 Specifications Features Feat es Performance Performance Engine Power with 19mm restrictor Yamaha YZF-600R, 4 cylinder, 600cc 100 bhp at the flywheel Garrett GT-12 Turbocharger E-85 Bio-ethanol fuel

308 views • 4 slides
Decision Support for Solar Power Deployment: Geospatial Applications Green Power Labs: About Us

Decision Support for Solar Power Deployment: Geospatial Applications Green Power Labs: About Us

Decision Support for Solar Power Deployment: Geospatial Applications Green Power Labs: About Us Green Power Labs is a company of solar resource experts and solar engineers Founded in 2003; o ffi ces in Halifax (Canada), San Jose

207 views • 18 slides
POWER FACTOR CORRECTION POWER FACTOR CORRECTION Design considerations for optimizing performance

POWER FACTOR CORRECTION POWER FACTOR CORRECTION Design considerations for optimizing performance

POWER FACTOR CORRECTION POWER FACTOR CORRECTION Design considerations for optimizing performance & cost of continuous mode boost PFC circuits by Supratim Basu,Tore.M.Undeland All rectified ac sine wave voltages with capacitive filtering

447 views • 23 slides
CSCI341 Lecture 38, Introduction to Multicore Architectures GOAL: PERFORMANCE Recall: Power as

CSCI341 Lecture 38, Introduction to Multicore Architectures GOAL: PERFORMANCE Recall: Power as

CSCI341 Lecture 38, Introduction to Multicore Architectures GOAL: PERFORMANCE Recall: Power as the overriding issue. Performance, heat, power efficiency. PIPELINING Exploits potential parallelism among instructions.

471 views • 25 slides
POWER-AWARE JOB SCHEDULING Maximizing Data Center Performance

POWER-AWARE JOB SCHEDULING Maximizing Data Center Performance

POWER-AWARE JOB SCHEDULING Maximizing Data Center Performance Under Strict Power Budget Osman Sarood, Akhil Langer , Abhishek Gupta, Laxmikant Kale Parallel

802 views • 25 slides
Investigative powers and Power of intervention for DLT applications #DLTm Presented by Trevor

Investigative powers and Power of intervention for DLT applications #DLTm Presented by Trevor

Investigative powers and Power of intervention for DLT applications #DLTm Presented by Trevor Sammut Public DLT/blockchain applications (i) Run over multiple machines (called nodes); (ii) connected in an ad hoc manner; (iii) typically

567 views • 35 slides
Xylem Water Solutions (India) Pvt. Ltd. PERFORMANCE TESTING OF VERTICAL TURBINE PUMPS FOR POWER

Xylem Water Solutions (India) Pvt. Ltd. PERFORMANCE TESTING OF VERTICAL TURBINE PUMPS FOR POWER

Xylem Water Solutions (India) Pvt. Ltd. PERFORMANCE TESTING OF VERTICAL TURBINE PUMPS FOR POWER PLANT APPLICATIONS Ron Sassoon Cell : + 91 7738083550 Email : ron.sassoon@xyleminc.com April 2012 Xylem Water Solutions (India) Pvt. Ltd.,

445 views • 20 slides
Performance, Power, Die Yield CS301 Prof Szajda Administrative HW #1 assigned w Due

Performance, Power, Die Yield CS301 Prof Szajda Administrative HW #1 assigned w Due

Performance, Power, Die Yield CS301 Prof Szajda Administrative HW #1 assigned w Due Wednesday, 9/3 at 5:00 pm Performance Metrics (How do we compare two machines?) What to Measure? Which airplane has the best performance? 4

489 views • 37 slides
m MaxPak Enables High Current, Voltage & Speed Power Devices Optimum Performance

m MaxPak Enables High Current, Voltage & Speed Power Devices Optimum Performance

m MaxPak Power Package by Semiconductor Packaging Solutions Near Chip-Scale SMD Enabling High Speed & Efficient Power for Wide- Band-Gap Devices, and even Hi- Performance Silicon Devices January 2016 SPS CONFIDENTIAL 1 m MaxPak Enables

703 views • 20 slides
Performance Rails Writing Rails applications with sustainable performance Ruby en Rails 2006

Performance Rails Writing Rails applications with sustainable performance Ruby en Rails 2006

0/58 Performance Rails Writing Rails applications with sustainable performance Ruby en Rails 2006 Stefan Kaes www.railsexpress.de skaes@gmx.net Back Close The most boring talk, ever! 1/58 No DHTML visual effects!

1.13k views • 59 slides
Machine Learning for Performance and Power Modeling/Prediction Lizy K. John University of Texas

Machine Learning for Performance and Power Modeling/Prediction Lizy K. John University of Texas

PACT 2010 Machine Learning for Performance and Power Modeling/Prediction Lizy K. John University of Texas at Austin Simulation Challenges Simulation Based Performance Models eg: SimOS, SIMICS, GEM5, SimpleScalar Power modeling eg:

778 views • 39 slides

More recommend