Master s Thesis Presentation Hoang Le Director: Dr. Kris Gaj

Transcription

1 Master s Thesis Presentation Hoang Le Director: Dr. Kris Gaj

2 Outline RSA ECM Reconfigurable Computing Platforms, Languages and Programming Environments Partitioning t ECM Code between HDLs and HLLs Implementation of ECM Using SRC Carte C and Celoxica Handel C Comparison of Results Discussion of Results Conclusions

3 RSA

4 History of RSA Invented by Rivest, Shamir, and Adleman in 1977 Most widely used public key cryptosystem Key length is variable depending on application RSA s key can be chosen long for enhanced security, or short for efficiency i

5 Operation of RSA m Public Key (e, n) c=f(m)=m e mod n c m=f 1 (c)=c d mod n Private Key (d, n)

6 Security of RSA Factoring a big number is difficult or infeasible Cost and time required to factor an n bit RSA modulus provide an upper bound on the security of n bit RSA Currently the size of key used is 1024 bits or Currently, the size of key used is 1024 bits or 309 digits

7 ECM

8 What is ECM? Elliptic Curve Method of Factoring Lenstra 1985 Phase 1 Brent, Montgomery Phase 2 q N < 50 bits Factoring time depends mainly on the size of factor q

9 ECM in NFS Polynomial Selection Rl Relation Collection Sieving bit numbers Mini Factoring (ECM) Linear Algebra Square Root

10 Elliptic Curve 2 3 Y = X + X + 1 mod p ( p = 23) + special point ϑ Points fullfiling the equation of the curve (point at infinity) P=(6,19) such that: Addition P + ϑ = ϑ+ P= P 15 Y P=(3,13) A Q=(7,12) D 2P=P+P=(7,11) P+P Doubling R=P+Q=(13,7) X P: P,2 P,3 P,..., np= ϑ,( n + 1) P= P, 2 P all points of the curve

11 Projective vs. Affine Coordinates affine coordinates P a = (x, y) addition and doubling require inversion projective coordinates P p = (x, y, z) addition and doubling can be done without inversion projective coordinates for Montgomery P pm = (x : : z) form of the curve addition and doubling do not require y coordinate

12 Scalar a Multiplication utp cato Q = k P = P + P + P + + P k times point Number (scalar) point

13 ECM Algorithm Inputs : N E P P 0 B 1 B 2 Outputs: q number to be factored elliptic curve point of the curve E : initial point smoothness bound for Phase1 smoothness bound for Phase2 factor of N, 1 < q N or FAIL

14 ECM Algorithm Phase 1 ei 1: k p such that p - consecutive primes B p 0 0 i 2: Q kp = ( x : : z ) 3: q gcd( z, N) i Q 0 Q Q 0 0 4: if q > 1 5: return q (factor of N) 6: else 7: go to Phase 2 8: end if i precomputations ei e - largest exponent such that p B i 1 main computations postcomputations i 1

15 ECM Algorithm Phase 2 09: d 1 10: for each prime p= B1 to B2 do 11: ( x, y, z ) pq pq pq pq : d d z (mod N) 13: end for pq 14: q gcd( d, N) 15: if q > 1 then 16: return q 17: else 18: return FAIL 19: end if 0 0 main computations postcomputations

16 ECM Phase 1 Example pe N = = E : y 2 = x x + 1 (mod ) P 0 = (5 : : 1) B 1 = 20 k = = kp 0 = ( : : ) gcd ( , ) = 1361

17 Hierarchy eac yof ECM Operations ECM Top level Medium level k P Scalar multiplication Elliptic curve point operations Point addition P+Q 2P Point doubling Low level x y mod p x+y mod p x-y mod p Moduar multiplication Modular addition Modular subtraction Modular arithmetic (field operations)

18 Reconfigurable Computing Platforms

19 FPGAs Configurable Logic Blocks Block RA AMs Block RA AMs I/O Blocks Block RAMs

20 Reconfigurable e Computer Microprocessor system Reconfigurable system μp... μp FPGA... FPGA μp Memory... μp FPGA Memory Memory... FPGA Memory I/O Interface Interface I/O

21 SRC MAP Reconfigurable Processor Source: [SRC, MAPLD04]

22 SRC CSystem SRC Hi Bar Switch SNAP Memory SNAP Memory MAP MAP Common Memory Common Memory μp PCI X Gig Ethernet etc. μp PCI X Chaining GPIO SRC 6 Disk Storage Area Network Local Area Network Customers Existing Networks Wide Area Network Source: [SRC, MAPLD04]

23 Reconfigurable Computing Languages and Programming Environments

24 Traditional Design Flow HDLs for Programming FPGAs Specification i HDL description HDL source code Synthesis Netlists Implementation Bitstream Configuration Functional Simulation Post synthesis Simulation i Timing Simulation On chip Testing

25 Traditional Design Flow HLLs for Programming µprocessor Software Extract the elements analysis requirements Precisely describe the software Customer Specification Abstract representation Architecture Coding Implementation Test all parts of the software Testing

26 APIs between ee FPGAs sand dµ µp Host Computer Main Program APIs FPGA Boards Vendor dependent No common standard.

27 SRC CCarte C +very easy to learn and use + standard ANSI C + hides implementation details + very well integrated environment + mature in production use for over 4 years with constant improvements subset of C legacy C code requires rewriting C limitations it ti in describing HW (paralellism, lli data types) closed environment, limited portability of code to HW platforms other than SRC

28 SRC CCarte C Design Flow Application sources Macro sources.c or.f files.mc or.mf files.vhdor.v files HDL sources.v files Logic synthesis μpcompiler MAP Compiler Netlists.ngo files Object files.o files.o files Place & Route Linker Application executable.bin files Configuration bitstreams

29 Celoxica Handel C +very easy to learn and use + super set of ANSI C + hides implementation details + very flexible, no limitation in parallelism and data type, extended operators for bit manipulation + well defined d timing i model + portable to a wide range of FPGA devices legacy C code requires rewriting each statement takes 1 clock cycle to execute

30 Celoxica Handel C Design Flow Executable Specification Handel C VHDL Synthesis EDIF EDIF Place & Route

31 Previous Work on Implementing Applications in HLLs for Reconfigurable Hardware (1) Vendor libraries of hardware macros developed and distributed by SRC Inc., including basic integer and floating point arithmetic digital signal processing User libraries of hardware macros developed by GWU/GMU/USC , including Secret key cipher encryption & breaking Binary Galois Field arithmetic (polynomial basis & normal basis representation) Elliptic Curve Arithmetic Long integer modular arithmetic (RSA) Sorting Image processing Bioinformatics

32 Previous Work on Implementing Applications in HLLs for Reconfigurable Hardware (2) N. Nguyen, K. Gaj, D. Caliga, T. El Ghazawi, "Implementation of Elliptic Curve Cryptosystems on a Reconfigurable Computer, FPT 2003 S. Bajracharya, C. Shu, K. Gaj, T. El Ghazawi, "Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer, FPL 2004 Vlad Kindratenko (NCSA), Accelerating Scientific Applications with Reconfigurable Computing, SC06 Viktor K. Prasanna, Gerald R. Morris, Sparse Matrix Computations on Reconfigurable Computer, RC Magazine, Mar 2007

33 Previous Work on Implementing Applications in HLLs for Reconfigurable Hardware (3) Esam El Araby, Mohamed Taher, Mohamed Abouellail, Tarek El Ghazawi, and Gregory B. Newby, Comparative Analysis of High Level Programming for Reconfigurable Computers: Methodology and Empirical Study, y, SPL2007

34 Partitioning ECM Code between HDLs and HLLs

35 General e Architecture e of ECM M1 Main Program Data Communication Module Control Unit & Mem M2 A/S

36 Coding Partition atto Scheme e 1 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ HLL HDL

37 Coding Partition atto Scheme e 2 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ HLL HDL

38 Coding Partition atto Scheme e 3 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ HLL

39 4 Implemented pe e tedschemes es SRC Carte C Scheme 1 (Entire ECM Unit as HDL core) Scheme 2 (Control Unit in Carte C) Scheme 2 Scheme 3 (Entire (Control Unit in ECM Unit in Celoxica Handel C Handel C) Handel C)

40 Implementation of ECM Using SRC Carte C

41 Carte C Partition atto Scheme e 1 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ Carte C VHDL

42 ECM Module Block Diagram a M1 M2 Local MEM Control Unit Instruction MEM A/S Unit 1 M1 M2 A/S Local MEM Unit T Global MEM

43 Result Place & Route Number of occupied Slices 30,996 out of 33,792 91% Frequency Execution Time (both Phases) 99 MHz 38 ms

44 Result # Lines of Codes Number of lines of Eti Estimated tdtime to codes Complete VHDL Carte C students x 1 semester

45 ECM Architecture Top Level View FPGA Instruction memory Control Unit Phase1 & Phase2 I/O Host computer Global memory ECM Units RAM Host computer pre computes E, P 0, k and post computes final gcds

46 Result Overall Time (µs) 2,249 1, , Legend: 81 1 General pre computations independent of N 2 Pre computations (μp) 3 Transfer in (μp FPGA) 4 Main computations (Phase 1 & 2) (FPGA) 5 Transfer out (FPGA μp) 6 Post computations (μp) µp & FPGA Percentage 3.6% 0.5% 95.3% 0.4% 0.2% 100%= 38,060 μs 100%= 36,611 μs Before optimization i i After optimization µp FPGA Percentage 0.5% 99.1% 0.4%

47 Carte C Partition atto Scheme e 2 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ Carte C VHDL

48 Result Place & Route Number of occupied Slices 33,114 out of 33,792 97% Frequency Execution Time 100 Mhz 69 ms

49 Result # Lines of Codes VHDL Carte C Number of lines of codes Estimated Time to Complete 1 students x 1 semester

50 Implementation of ECM Using Celoxica Handel C

51 Handel C Partition atto Scheme e 2 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ Handel C VHDL

52 Result Place & Route Number of occupied Slices 33,680 out of 33,792 99% Frequency Execution Time (both Phases) 22 MHz 160 ms

53 Result # Lines of Codes Numberof linesof EstimatedTime to codes Complete VHDL students x 1/2 Handel C 1400 semester

54 Handel C Partition atto Scheme e 3 M1 Main Program Data Communication Module Control Unit & Mem M2 A/S C/C++ Handel C

55 Result Place & Route Number of occupied Slices 33,790 out of 33,792 99% Frequency Execution Time (both Phases) 30 MHz 116 ms

56 Result # Lines of Codes Number of lines Estimated Time of codes to Complete VHDL 0 1 students x 1/3 Handel C 1600 semester

57 Comparison of Results

58 3 Possible Comparisons s 1 SRC Carte C Scheme 1 (Entire ECM Unit as HDL core) Scheme 2 (Control Unit in Carte C) Celoxica Handel C Scheme 2 (Control Unit in Handel C) Scheme 3 (Entire ECM Unit in Handel C) 2 3

59 Comparison of Results of 2 Schemes in SRC Resource Utilization Scheme 1 Scheme 2 Resourc e (CLB slices) # Units # Lines of Codes HDL HLL Coding Time 3 students 91% * x 1 semester 1 student 97% * x 1 semester Exe. Time 38 ms 69 ms Scheme 1: Entire ECM Unit in VHDL Scheme 2: Control Unit in Carte C

60 Comparison of Results of 2 Schemes in SRC # ECM Operations/sec Scheme Scheme x 3.42x 18x 1.8x Software 40 Scheme 1: Entire ECM Unit in VHDL Scheme 2: Control Unit in Carte C

61 Comparison of Results of 2 Schemes in Handel C Resource Utilization Resource # Lines of Coding (CLB # Units Codes Time slices) HDL HLL 1 student Scheme 2 99% x 1/2 semester 1 student Scheme 3 99% x 1/3 semester Scheme 2: Control Unit in Handel C Scheme 3: Entire ECM Unit in Handel C Exe. Time 160 ms 116 ms

62 Comparison of Results of 2 Schemes in Handel C # ECM Operations/sec Scheme 2 Scheme Software x 1.25x 22x 2.2x 10.9x VHDL 436 * Scheme 1: Control Unit in Handel C Scheme 2: Entire ECM Unit in Handel C * Reported in SHARCS, 2006

63 Cross Comparison Comparison between schemes in SRC and Handel C Resource Utilization SRC Scheme 2 Handel C Scheme 2 Resource # Units # Lines of Codes Coding HDL HLL Time 97% student x 1 semester 1 student 99% x 1/2 semester Exe. Time 69 ms 160 ms Note: the bold numbers are already adjusted to reflect the added resource Handel C and SRC Scheme: Control Unit in HLLs

64 Cross Comparison Comparison between schemes in SRC and Handel C # ECM Operations/sec Handel C Scheme 2 56 SRC Scheme 2 72 Software x 1.29x 18x 1.8x Handel C and SRC Scheme: Control Unit in HLLs

65 Discussion of Results 100% VHDL Eff ficien ncy Low High 50% SRC 1 SRC 2 Handel C 2 Handel C 3 0 Difficult 50% Ease of use Easy 100% SRC 1: Entire ECM Unit in VHDL Handel C 2: Control Unit in Handel C SRC 2: Control Unit in Carte C Handel C3: Entire ECM Unit in Handel C

66 Conclusions o s VHDL still gives out the best performance SRC 1 to SRC 2: 3.42x reduction in performance 1/3x reduction in development time Handel C 1 to Handel C x increase in performance 1/2x reduction in development time SRC 2 to Handel C x reduction in performance 1/2x reduction in development time

67 Future Work Run the whole ECM project written in Handel C using selected Celoxica boards Develop equivalent implementation i of ECM using other HLLs for RCs, such as: Impulse C, Mitrion C and DSPLogic; then compare all the results among each other. Tweak the Handel C ECM code to achieve higher clock frequency and port it to run on SRC (as hardware macro), Cray XD1, SGI, and other platforms that may not have a fixed running clock.

68 Thank you!!! Questions???