cryptographic applications kris gaj tarek el-ghazawi & gmu, gwu
TRANSCRIPT
![Page 1: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/1.jpg)
Cryptographic applications
Kris GajTarek El-Ghazawi
& GMU, GWU students
![Page 2: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/2.jpg)
Cipher
message
cryptographickey
K bits
ciphertext2
![Page 3: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/3.jpg)
Definition of a cipher
M C
family of encipheringtransformations
family of decipheringtransformations
K key K
message space ciphertext spacekey space
enciphering transformation EK(M)
deciphering transformation DK(C)
K ∈ K 3 DK(EK(M)) = MM ∈ M
![Page 4: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/4.jpg)
Substitution Cipher
Key =a b c d e f g h i j k l m n o p q r s t u v w x y z
f q i s h n c v j t y a u w d r e x l b m z o g k p
TO BE OR NOT TO BE
BD QH DX WDB BD QH
enciphering
decipheringTO BE OR NOT TO BE
Number of keys = 26! ≈ 4 ⋅ 1026
4
![Page 5: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/5.jpg)
Secret-key (Symmetric) Cryptosystems
key of Alice and Bob - KABkey of Alice and Bob - KAB
Network
DecryptionEncryptionBobAlice
5
![Page 6: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/6.jpg)
Key Distribution Problem
6
N - Users N · (N-1)2
Keys
Users Keys
5,0001001000 500,000
![Page 7: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/7.jpg)
Public Key (Asymmetric) Cryptosystems
Public key of Bob - KB Private key of Bob - kB
Alice Bob
Network
Encryption Decryption
7
![Page 8: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/8.jpg)
Key exchange for secret-key ciphers
Network
session key(random secret-key) BobAlice
Bob’s public key Bob’s private key
Session keyencrypted using Bob’s public key
Message encrypted using session key
8
![Page 9: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/9.jpg)
Digital SignatureAlice Bob
SignatureMessageSignatureMessage
9
Hash function
Public keycipher
Hash function
Alice’s public key
Hash value 1
Hash value 2
Hash value
Public key cipher
yes no
Alice’s private key
![Page 10: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/10.jpg)
High-throughput secret-key encryption
10
![Page 11: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/11.jpg)
High-Throughput Encryption. . . .
Mi
Mi+1
Mi+2
K0
11
Encryption
Encryption algorithms:
DES, 3DES, AES, RC5, IDEA, etc.
Ci
Ci+1
Ci+2
![Page 12: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/12.jpg)
Fully Pipelined Architecture
. . . .
. . . .
. . . .
Loop unrolling
Pipeline stages inside of cipher rounds
New input & new output every clock cycle
Round 1
Round 2
. . .. . . .
Round k
12
![Page 13: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/13.jpg)
Secret-key cipher breaking
13
![Page 14: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/14.jpg)
Secret-key cipher breaking
Given:
14
Looked for:
Method:
remaining plaintext
ciphertextguessed fragment of the plaintext
or key
successivekeys
exhaustive key search (brute-force) attack
cipher
![Page 15: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/15.jpg)
Secret-key breaking
Message – Ciphertext pair
C0M0
Negligibly smallinput/output
Huge amountof computations
K1 K2 K3 KN
Cipherbreaker
…
Generated by the cipher breakerCorrect key
15
![Page 16: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/16.jpg)
Public-key cryptography forkey exchange
and digital signatures
16
![Page 17: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/17.jpg)
RSA public-key encryption
C = f(M) = Me mod N C
PUBLIC KEYmessage ciphertext
M
M = f-1(C) = Cd mod N
PRIVATE KEY
P, Q - large prime numbersN = P ⋅ Q17e ⋅ d ≡ 1 mod ((P-1)(Q-1))
![Page 18: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/18.jpg)
RSA keysPUBLIC KEY PRIVATE KEY
{ e, N } { d, P, Q }
P, Q - large prime numbersP, Q:
N: N = P ⋅ Q
e: gcd(e, P-1) = 1 and gcd(e, Q-1) = 1
d:18
e ⋅ d ≡ 1 mod ((P-1)(Q-1))
![Page 19: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/19.jpg)
Why public-key cryptography is a good application for reconfigurable
computers?
• computationally intensive arithmetic operations
• unconventionally long operand sizes (160-2048 bits)
• multiple algorithms, parameters,key sizes, and architectures= need for reconfiguration
19
![Page 20: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/20.jpg)
Elliptic Curve Cryptosystems (ECC)
a family of cryptosystems, rather than a single cryptosystem = added security butneed for reconfigurationpublic key (asymmetric) cryptosystemsused for key agreement and digital signaturesimplementations must be optimized forminimum latency rather than maximumthroughput = limited speed-up fromparallel processing
20
![Page 21: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/21.jpg)
Classes of applications
1. input/output intensive applications• bulk data encryption
(DES, IDEA, and RC5 encryption)
2. computationally intensive applications• secret-key cipher breaking based on
the exhaustive key search (DES, IDEA, RC5 breakers)
• public-key cipher breaking based on factoring
3. latency-critical applications• cipher key agreement and signature
(ECC schemes, RSA)
21
![Page 22: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/22.jpg)
Secret key cipher libraries
1. Secret key cipher encryption and decryption
2. Secret key cipher breaking
• DES• IDEA• RC5
• DES• IDEA• RC5
22
![Page 23: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/23.jpg)
Public key cipher libraries1. Operations in the binary Galois Fields GF(2m)
a. polynomial basisb. normal basis
2. Multiprecision integer arithmetic
3. Elliptic Curve Operations
- addition- doubling- scalar multiplication
23
![Page 24: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/24.jpg)
Basic operations of ECCBasic operations in Galois Field GF(2m)
• addition and subtraction (xor): x+y, x-y (XOR)• multiplication, squaring: x ⋅ y, x2
• inversion: x-1
Basic operations on points of an Elliptic Curve• addition of points: P + Q• doubling a point: 2 P• projective to affine coordinate: P2A
Complex operations on points of an Elliptic Curve
24
• scalar multiplication: k ⋅ P = P + P + …+Pk times
![Page 25: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/25.jpg)
Hierarchy of functions
High level kP
P+Q 2P projective_to_affine(P2A)
MUL
INV
Medium level
Low level 2
ROTXORLow level 1
![Page 26: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/26.jpg)
SRC Program Partitioning
C function for µP
C function for MAP
VHDLmacro
µP system
FPGA system
HLL
HDL
26
![Page 27: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/27.jpg)
Investigated Partitioning Schemes
27
![Page 28: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/28.jpg)
µP Software Only
C function for µP kP
C function for FPGA
VHDLmacro
28
Based on public-domain code by Rosing M., Implementing Elliptic Curve Cryptography, Manning, 1999
![Page 29: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/29.jpg)
0HL1 PartitioningC function for µP
0
MUL4
C functionfor FPGA
VHDL macros
29
ROTROT XOR
H
L1V_ROTVARROT
kPP2A
kP
P+Q 2P
MUL2MUL2 MULMUL
INVINV
P2AP+Q2P
![Page 30: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/30.jpg)
0HL2 PartitioningC function for µP
0
MUL4
C functionfor FPGA
VHDL macros
ROTROT XOR
H
V_ROTINV
kPP2A
kP
P+Q 2P
MUL2MUL2
P2AP+Q2P
L2
30
![Page 31: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/31.jpg)
0HM Partitioning0C function
for µP
31
C function for FPGA
VHDL macros
P+QP+Q 2P2P P2AP2A
kPkP H
M
![Page 32: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/32.jpg)
00H Partitioning (VHDL only)
C function for µP 0
C function for FPGA 0
VHDLmacro kP H
32
![Page 33: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/33.jpg)
Results
33
![Page 34: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/34.jpg)
Timing Measurements
.c file.mc file
MAPAlloc.
MAPFree
DMA
DataOut
DMA
Data In
FPGA
Computation
End-to-End time (SW)
MAPfunction MAP function
FPGAConfigure
End-to-End time (HW)
Configuration time
MAPAllocation
time
MAP Release
Time
![Page 35: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/35.jpg)
Results (Latency)
0HL1 866 37 472 14 394 893 1.460HL2 863 37 469 14 394 895 1.450HM 592 37 201 12 391 1305 1VHDL macro 592 39 201 17 391 1305 1
System Level Architecture
Total Overhead
(µs)
Data Transfer
Out Time (µs)
Speedup vs.
Software
Slow-down vs. VHDL macro
Software
FPGA Compu-tation Time (µs)
Data Transfer
In Time(µs)
End-to-End Time (µs)
772,519
350
100
200
300
400
500
600
700
800
900
us
0HL1 0HL2 0HM 00H (VHDL)
Different Architectures
End to End Time
FPGA ComputationTime
![Page 36: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/36.jpg)
Results (Area)
Software N/A0HL1 99 1.68 57 1.3 68 2.610HL2 92 1.56 52 1.18 62 2.380HM 75 1.27 48 1.09 39 1.500H 59 1 44 1 26 1
System Level Architecture
% of CLB slices
(out of 33792)
CLB increase vs. pure VHDL
% of LUTs(out of 67,584)
LUT increase vs. pure VHDL
% of FFs
(out of 67,584)
FF count increase vs. pure VHDL
360
10
20
30
40
50
60
70
80
90
100
%
0HL1 0HL2 0HM 00HDifferent Architectures
CLB slicesLUTFF
![Page 37: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/37.jpg)
Number of lines of code
Algorithm Partitioning
Scheme
VHDL Macro Wrapper
MAP C Main C
0HL1 1007 260 371
349
185
78
153
153
153
153
1291 230
1744 160
36
0HM
1960
0HL2
VHDL macro
37
![Page 38: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/38.jpg)
Conclusions
38
![Page 39: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/39.jpg)
Conclusions
Assuming focus on:
Timing Resources
Ease of programming
![Page 40: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/40.jpg)
Conclusions – cont.The best implementation approach:
0HL1 partitioning scheme
MUL4
C functionfor MAP
VHDL macros
ROTROT XOR
C function for µP
0
H
L1V_ROTV_ROT
kP
INV
P2AP+Q 2P
kP
INV
P2AP+QP+Q 2P2P
MUL2MUL2 MULMUL
893 speedup vs. software and only 0.46 times slowdown versus pure VHDL with ease of
implementation
![Page 41: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/41.jpg)
Conclusions
• Elliptic Curve Cryptosystem implementation challenging for reconfigurable computers because of
• optimization for latency rather than throughput• limited amount of parallelism
• First publication showing a 1000x speed-up for a reconfigurable computer applicationoptimized for data latency
41
![Page 42: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/42.jpg)
General hierarchy of library files suggested
by SRC Computers Inc.
42
![Page 43: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/43.jpg)
Structure of the macro repository
< top of repository >
< macros >
<lib # 1 > <lib # 2 > <lib # 3 >
common rev_d rev_e
macro1 macro2 macro3
rev_f
DataSheethdlfile DebugCodeFileInfoFile BlkBoxFile43
![Page 44: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/44.jpg)
Files describing the macro
Platform independent– HDL file: macro.v or macro.vh
• Verilog or VHDL code defining the macro
– Debug Code File: macro.c • provides the equivalent C functionality for the macro
– Data sheet file: datasheet• contains the documentation for the macro
Platform dependent– Blk Box File: blackbox.v
• Interface (black box) definition for the macro in Verilog
– Info File: info• Info file entry for this macro
44
![Page 45: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/45.jpg)
Software libraries and their role in the development
of SRC libraries
45
![Page 46: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/46.jpg)
Roles of software libraries
1. source of test vectors for VHDL macros
2. emulation of hardware in the debug mode
3. performance comparison
46
![Page 47: Cryptographic applications Kris Gaj Tarek El-Ghazawi & GMU, GWU](https://reader035.vdocument.in/reader035/viewer/2022071602/613d575f736caf36b75c2edd/html5/thumbnails/47.jpg)
How to approach porting your application to reconfigurable computers?
1. Identify class of applications
2. Identify basic operations required by your applications
3. Determine the existence of the RC library of such operations
4. Determine the existence of the microprocessor library of such operations
5. Determine the right granularity for the requiredlibrary operations
47