Downloaded on 2017-02-12T13:16:07Z HARDWARE DESIGNOF CRYPTOGRAPHIC ACCELERATORS

Downloaded on 2017-02-12T13:16:07Z HARDWARE DESIGNOF CRYPTOGRAPHIC ACCELERATORS

Title Hardware design of cryptographic accelerators Author(s) Baldwin, Brian John Publication date 2013 Original citation Baldwin, B.J., 2013. Hardware design of cryptographic accelerators. PhD Thesis, University College Cork. Type of publication Doctoral thesis Rights © 2013. Brian J. Baldwin http://creativecommons.org/licenses/by-nc-nd/3.0/ Embargo information No embargo required Item downloaded http://hdl.handle.net/10468/1112 from Downloaded on 2017-02-12T13:16:07Z HARDWARE DESIGN OF CRYPTOGRAPHIC ACCELERATORS by BRIAN BALDWIN Thesis submitted for the degree of PHD from the Department of Electrical Engineering National University of Ireland University College, Cork, Ireland May 7, 2013 Supervisor: Dr. William P. Marnane “What I cannot create, I do not understand” - Richard Feynman; on his blackboard at time of death in 1988. Contents 1 Introduction 1 1.1 Motivation...................................... 1 1.2 ThesisAims..................................... 3 1.3 ThesisOutline................................... 6 2 Background 9 2.1 Introduction.................................... 9 2.2 IntroductiontoCryptography. ...... 10 2.3 MathematicalBackground . ... 13 2.3.1 Groups ................................... 13 2.3.2 Rings .................................... 14 2.3.3 Fields.................................... 15 2.3.4 FiniteFields ................................ 16 2.4 EllipticCurves .................................. 17 2.4.1 TheGroupLaw............................... 18 2.4.2 EllipticCurvesoverPrimeFields . .... 19 2.5 CryptographicPrimitives&Protocols . ........ 19 2.5.1 Symmetric-KeyCryptography . .. 20 2.5.2 Public-KeyCryptography . 21 2.5.3 The Integer Factorisation Problem (IFP) . ....... 22 2.5.4 TheDiscreteLogarithmproblem(DLP) . .... 23 I 2.5.5 The Elliptic Curve Discrete Logarithm problem (ECDLP) ........ 23 2.5.6 DigitalSignatures .......... ........... ........ 24 2.5.7 CryptographicKeySizes . 25 2.6 HardwareOverview................................ 27 2.6.1 XilinxFPGA ................................ 28 2.6.2 MemoryandDSPBlocks ...... ........... ........ 29 2.6.3 FPGADesign................................ 30 2.7 Microblaze ..................................... 31 2.7.1 Microblaze Architecture & Implementation . ....... 31 2.7.2 FSLBus .................................. 33 2.8 HardwareArchitecture . ... 33 2.8.1 AdditionalHardware . 34 2.9 HardwareConstraints. ... 35 2.9.1 SideChannelAttacks. 36 2.9.2 Area,Speed,PowerandEnergy . 36 2.10 PerformanceMetrics . ... 38 2.11Conclusions.................................... 39 3 Elliptic Curve Cryptography 40 3.1 Introduction.................................... 40 3.2 DedicatedDoublingandAddition . ..... 43 3.2.1 AffineCoordinateSystem . 44 3.2.2 ProjectiveCoordinateSystem . ... 44 3.2.3 JacobianCoordinateSystem . .. 46 3.2.4 TwistedEdwardsCurves . 48 3.2.5 ExtendedTwistedEdwards. 50 3.2.6 DedicatedAlgorithmOverview . .. 51 3.3 EllipticCurveCryptographicProcessor . ......... 52 II 3.3.1 Control ................................... 52 3.3.2 ModularArithmetic ............................ 53 3.3.3 ModularMultiplication. .. 54 3.3.4 ModularInversion ............................. 56 3.3.5 SchedulingandEfficiency . 57 3.3.6 AlgorithmicCostofFieldOperations . ..... 61 3.3.7 AreaResults forDedicated Doublingand Addition . ........ 63 3.4 MeasuringthePowerDissipation. ...... 64 3.4.1 DedicatedDoublingandAdditionPower Results . ....... 67 3.4.2 Area-TimeandAreaEnergyProduct. ... 69 3.5 PowerAnalysisAttacks. ... 72 3.6 DummyArithmeticInstructions . ..... 73 3.7 UnifiedDoublingandAddition. .... 74 3.8 RegularScalarMultiplication. ....... 76 3.8.1 Co-ZArithmetic .............................. 78 3.8.2 CombinedDouble-AddOperation . .. 79 3.8.3 (X,Y)-onlyoperations . 79 3.9 AlgorithmicCostofSPASecureAlgorithms . ........ 82 3.10 Area and Power Results for SPA Secure Algorithms . .......... 83 3.10.1 Comparing Dedicated Addition & SPA Secure Algorithms........ 88 3.11 LargerKeyandFieldSizes . .... 89 3.12Conclusions.................................... 90 4 Hash Functions 92 4.1 Introduction.................................... 92 4.2 BackgroundtotheSHA-3HashFunctions . ...... 95 4.3 ImplementatingSHA-3HashFunctions . ...... 96 4.3.1 CubeHash.................................. 98 III 4.3.2 Shabal.................................... 100 4.4 SHA-3RoundTwoImplementations . .... 102 4.4.1 BLAKE................................... 102 4.4.2 Grøstl.................................... 103 4.4.3 JH...................................... 104 4.4.4 Keccak ................................... 106 4.4.5 Skein .................................... 107 4.5 HashInterface................................... 108 4.5.1 CommunicationsProtocol . 111 4.5.2 PaddingProtocol .............................. 112 4.6 RoundTwoResults ................................. 114 4.7 RoundThreeAnalysis .............................. 118 4.7.1 RoundThreeChanges ........ ........... ........ 118 4.7.2 ComparingDifferentRoundResults . .... 119 4.7.3 SHA-3PowerandEnergy . 120 4.8 ComparisonwithOtherWork. ... 123 4.8.1 ComparisonofRoundThreeResults. ... 126 4.9 Conclusions..................................... 130 5 Cryptographic Processor 132 5.1 Introduction.................................... 132 5.2 BackgroundtoSignatureAlgorithms. ....... 135 5.2.1 TheEllipticCurve DigitalSignatureAlgorithm . ......... 136 5.2.2 ECDSADomainParameters . 137 5.3 ImplementingECDSA ............................... 138 5.3.1 KeyPairGeneration ............................ 138 5.3.2 SignatureGeneration. 139 5.3.3 SignatureVerification. 139 IV 5.3.4 ECDSAImplementationOptions . 140 5.4 RandomKeyGeneration ........... ........... ....... 141 5.4.1 Entropy................................... 142 5.4.2 Fortuna ................................... 143 5.4.3 RandomNumberGeneratorBlock . 144 5.5 CryptoProcessorUsingMicroblaze . ...... 147 5.5.1 HashBlock................................. 147 5.5.2 EllipticCurveProcessorBlock. .... 150 5.5.3 CoordinateConversion . 150 5.6 ImplementingECCinSoftwareandCo-Design . ....... 153 5.6.1 DedicatedSoftwareResults . 154 5.6.2 InstructionSetExtensions . ... 155 5.7 ECDSADesign................................... 158 5.7.1 ECDSAResults............................... 160 5.8 ECDSAComparison ................................ 161 5.9 Conclusions..................................... 163 6 Conclusions 164 6.1 ContributionsofthisThesis. ...... 164 6.2 FutureResearchDirections . ..... 167 A Appendix - Elliptic Curve Cryptography 170 A.1 Double-and-AddAlgorithms . .... 170 A.2 EdwardsCurves................................... 173 A.3 Co-ZAlgorithms .................................. 175 A.4 Point Doubling Formulæ with Update in Homogeneous Coordinates.. 178 A.5 FullCoordinateRecovery. .... 180 A.6 PointDoublingandTriplingwithCo-ZUpdate . ........ 181 V A.7 FullPower,EnergyandTimingResults . ...... 182 B Appendix - Hash Functions 185 B.1 RoundTwoHashFunctionImplementationResults . ......... 185 B.2 RoundTwoHashFunctionResults . .... 187 B.3 RoundThreeFPGAPowerandTimingResults . ..... 193 VI List of Figures 1.1 Cost-Performance-Security Tradeoff . ......... 2 1.2 Hierarchical Model for Elliptic Curve Based Cryptography............ 4 2.1 PointOperationsonanEllipticCurve . ....... 18 2.2 MicroblazeProcessor. ... 32 2.3 SaseboGII ..................................... 34 2.4 MicroblazeDesignonXUPV5 . .. 35 2.5 SPAanalysisusingFPGA. .. 37 3.1 EllipticCurveProcessor . .... 53 3.2 ModularAdder-Subtracter . .... 54 3.3 ModularMultiplier ............................... .. 56 3.4 ClockCountforDedicatedDoublingandAddition . ......... 63 3.5 PowerWrapper ................................... 66 3.6 AveragePowerDissipation . .... 68 3.7 Area-TimeProduct ................................ 70 3.8 Area-EnergyProduct .. ........... ........... ...... .. 71 3.9 EstimatedDynamicVersusMeasuredResults . ........ 72 3.10 ClockCountforSPA Secure DoublingandAddition . ......... 84 3.11 AverageDynamicPower . .. 86 3.12 SPAResistantArea-TimeProduct . ...... 87 3.13 SPAResistantArea-EnergyProduct . ....... 87 VII 3.14 SPA Reistant Estimated Versus Measured Results . ........... 88 3.15 Area-Time Product: 192, 256 & 521 ........................ 90 4.1 GenericHashFunctionInternals . ...... 93 4.2 CubehashCompressionFunction. ..... 99 4.3 Shabal........................................ 100 4.4 BlakeArchitecture ............................... 103 4.5 GrøstlP/QPermutation . ... 104 4.6 JHArchitecture .................................. 105 4.7 Keccak f(1600) Architecture ............................ 107 4.8 SkeinArchitecture ............................... 108 4.9 HashWrapper.................................... 109 4.10PaddingBlock................................... 114 4.11 256-bitWrapperThroughput-Area . ....... 118 4.12 AveragePowerDissipationat25MHz . ...... 122 4.13 Area-EnergyProduct . ... 123 5.1 SecurityintheTCP/IPstack . .... 133 5.2 DigitalSignatureProcess . ..... 136 5.3 EllipticCurveDigitalSignatureAlgorithm. ........... 137 5.4 FortunaGenerator................................ 143 5.5 FortunaFlowDiagram . ........... ........... ....... 145 5.6 CryptographicProcessorusingMicroblaze . .......... 148 5.7 TimingDiagramforMicroblazeI/O . ..... 149 5.8 MicroblazewithHardwareMultiplier . ....... 156 5.9 MicroblazeSignaturePlatform . ...... 159 B.1 256-bitLong32-bitBusPaddingHardware . ....... 187 B.2 256-bitShort32-bitBusPaddingHardware . ........ 187 VIII B.3 512-bitLong32-bitBusPaddingHardware . ....... 188 B.4 512-bitShort32-bitBusPaddingHardware . ........ 188 B.5 256-bitLong32-bitBusPaddingSoftware

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    243 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us