View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by PORTO Publications Open Repository TOrino Politecnico di Torino Porto Institutional Repository [Doctoral thesis] Automatic generation of high speed elliptic curve cryptography code Original Citation: Canavese, Daniele (2016). Automatic generation of high speed elliptic curve cryptography code. PhD thesis Availability: This version is available at : http://porto.polito.it/2652694/ since: October 2016 Published version: DOI:10.6092/polito/porto/2652694 Terms of use: This article is made available under terms and conditions applicable to Open Access Policy Arti- cle ("Creative Commons: Attribution 3.0") , as described at http://porto.polito.it/terms_and_ conditions.html Porto, the institutional repository of the Politecnico di Torino, is provided by the University Library and the IT-Services. The aim is to enable open access to all the world. Please share with us how this access benefits you. Your story matters. (Article begins on next page) POLITECNICO DI TORINO SCUOLA DI DOTTORATO Dottorato in Ingegneria Informatica e dei Sistemi { XVII ciclo Tesi di Dottorato Automatic generation of high speed elliptic curve cryptography code Daniele Canavese Tutore Coordinatore del corso di dottorato Antonio Lioy Matteo Sonza Reorda Maggio 2016 Contents List of Figures vi List of Tables viii List of Algorithms ix Introduction x 1 High speed cryptography 1 1.1 Real world applications....................................1 1.1.1 Domain name system security............................1 1.1.2 Google encrypted search...............................3 1.1.3 Mobile phone protection...............................4 1.2 Related works..........................................6 1.2.1 Cryptography-aware DSLs and compilers.....................6 1.2.2 Elliptic curve cryptography.............................7 1.2.3 Other high speed cryptographic techniques.................... 10 2 Elliptic curve cryptography 11 2.1 Mathematical background.................................. 11 2.1.1 Groups......................................... 11 2.1.2 Fields.......................................... 12 2.1.3 Elliptic curves..................................... 13 2.1.4 Security of elliptic curve crypto-systems...................... 16 2.1.5 ECDH.......................................... 18 2.2 Algorithmic background.................................... 19 2.2.1 Binary field arithmetic................................ 20 2.2.2 Elliptic curve arithmetic............................... 25 2.2.3 ECDH.......................................... 31 2.2.4 Summary of decisions................................. 32 3 Implicit computational complexity 33 3.1 Logic background........................................ 34 3.1.1 Classical logic..................................... 34 3.1.2 Intuitionistic logic................................... 34 3.1.3 Linear logic....................................... 35 3.1.4 λ-calculus........................................ 36 3.1.5 Dual light affine logic................................. 38 3.1.6 Typeable functional assembly............................ 38 III 3.2 Multiplicative inversion in TFA............................... 38 3.2.1 Data representations................................. 38 3.2.2 Basic operations.................................... 39 3.2.3 Functional BEA.................................... 41 3.2.4 DCEA.......................................... 43 4 Architecture 45 4.1 Code compilation........................................ 46 4.1.1 Front-end stage.................................... 47 4.1.2 Middle-end stage................................... 47 4.1.3 Back-end stage..................................... 48 4.2 Performance evaluation.................................... 48 4.3 Library building........................................ 50 4.4 UI................................................. 50 5 Languages and representations 52 5.1 Domain specific languages.................................. 52 5.1.1 HRL........................................... 52 5.1.2 aXiom.......................................... 55 5.1.3 Test cases........................................ 59 5.2 HR................................................ 59 6 Optimizations 61 6.1 Analysis algorithms...................................... 62 6.1.1 Control flow graph analysis............................. 62 6.1.2 Live variable analysis................................. 63 6.1.3 DAG analysis..................................... 64 6.1.4 Operator chain analysis............................... 66 6.2 Transformation algorithms.................................. 66 6.2.1 Constant folding.................................... 68 6.2.2 Algebraic simplification................................ 68 6.2.3 Copy propagation................................... 70 6.2.4 Dead code elimination................................ 70 6.2.5 Strength reduction.................................. 71 6.2.6 Common sub-expression elimination........................ 73 6.3 Translation algorithms.................................... 75 6.3.1 Bit vector packing................................... 75 6.3.2 Loop unrolling..................................... 75 6.3.3 Use of target idioms.................................. 76 6.4 Optimization example..................................... 77 7 Experimental results 80 7.1 Impact of optimizations.................................... 81 7.2 Performance........................................... 82 7.2.1 Results on the i7 processor............................. 83 7.2.2 Results on the ARMv7 processor.......................... 84 7.3 Comparison against standard libraries........................... 84 7.4 Comparison against other curves.............................. 86 8 Conclusions and future work 88 IV A Proof rules 90 A.1 CL rules............................................. 90 A.2 IL rules.............................................. 91 A.3 LL rules............................................. 91 A.4 DLAL rules........................................... 92 A.5 TFA rules............................................ 93 B Grammars 94 B.1 HRL grammar......................................... 94 B.2 aXiom.............................................. 95 C Annotations 99 D Additional results 101 D.1 CryptoGen code performance................................ 101 D.2 Library code performance................................... 101 Notations 105 Acronyms 108 Index 112 Bibliography 115 V List of Figures 1 Suggested key lengths for 2016................................ xi 1.1 DNS security time-line.....................................2 1.2 Google encrypted search time-line..............................3 1.3 Mobile phone security time-line................................5 2.1 Plots of two elliptic curves over R.............................. 14 2.2 Point addition and doubling in E~R............................. 15 2.3 Steps of the ECDH protocol.................................. 18 2.4 Man-in-the-middle attack on the ECDH protocol..................... 19 2.5 Algorithm choices for the scalar multiplication implementation............. 32 3.1 Example of functional right shift............................... 40 3.2 BEA and DCEA in comparison................................ 43 4.1 General architecture of the framework............................ 45 4.2 Architecture of the cryptographic compiler......................... 47 4.3 Architecture of the C back-end................................ 48 4.4 A sample library configuration file.............................. 51 5.1 Two equivalent snippets, in C and HRL........................... 54 5.2 Two equivalent snippets, in C and aXiom.......................... 57 5.3 An aXiom snippet and its output HRL code........................ 58 5.4 The modular reduction algorithm in aXiom........................ 58 5.5 UML class diagram of HR................................... 60 6.1 Example of a control flow graph............................... 63 6.2 DAG representation for the (2 ⋅ x + x)~y expression.................... 65 6.3 Example of the DAG for a basic block............................ 65 6.4 Example of the DAG for some tuple instructions..................... 66 6.5 Example of an operator chain................................. 66 6.6 Constant folding example................................... 68 6.7 Algebraic simplification example............................... 69 6.8 Copy propagation example................................... 70 6.9 Dead code elimination example................................ 71 6.10 Example of hidden strength reduction possibilities.................... 72 6.11 Strength reduction example.................................. 72 6.12 Common sub-expression elimination example........................ 74 6.13 Bit vector packing example.................................. 75 6.14 Loop unrolling example..................................... 76 VI 7.1 Comparison of various scalar multiplication implementations.............. 85 7.2 Comparison of the B-233 and B-283 curve performance against similar curves.... 87 VII List of Tables 1.1 Supposed TLS 1.2 cipher-suite priorities for Google Search in 2016..........4 1.2 Protocol supports of the ECC algorithms..........................9 2.1 Elliptic curve formulas for various coordinate systems.................. 28 2.2 Elliptic curve costs for various coordinate systems..................... 29 2.3 Elliptic curve costs for various scalar multiplication algorithms............. 31 5.1 The instructions available in the HRL language.....................