Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer

Transcription

1 Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer Sashisu Bajracharya, Chang Shu, Kris Gaj George Mason University Tarek El-Ghazawi The George Washington University

2 What is a reconfigurable computer? Microprocessor system FPGA system P... P FPGA... FPGA P memory... P memory FPGA memory... FPGA memory I/O Interface Interface I/O

3 Why cryptography is a good application for reconfigurable computers? computationally intensive arithmetic operations unconventionally long operand sizes ( bits) multiple algorithms, parameters, key sizes, and architectures = need for reconfiguration

4 SRC Reconfigurable Computer

5 SRC-6E from SRC Computers, Inc.

6 SRC Hardware Architecture P3 (1 GHz) 8000 MB/s / P3 (1 GHz) 8000 MB/s / Control FPGA XC2V6000 ½ MAP Board / 528 MB/s 528 MB/s L2 800 MB/s MIOC L2 /800 MB/s PCI-X P Board / Computer Memory (1.5 GB) DDR Interface SNAP 800 MB/s / 8 bits flags / / 64 bits data FPGA 1 XC2V MB/s / (6x64 bits) On-Board Memory (24 MB) 4800 MB/s (6x 64 bits) / 2400 MB/s (192 bits) (108 bits) / / 4800 MB/s (6x 64 bits) / (108 bits) FPGA 2 XC2V6000 Chain Ports 2400 MB/s

7 SRC Programming SRC P system FPGA system HDL (VHDL) HLL (C) Library Developer Application Programmer

8 SRC Program Partitioning P system FPGA system for P for FPGAs VHDL macro for FPGAs HLL HDL

9 Elliptic Curve Cryptosystems

10 Elliptic Curve Cryptosystems (ECC) a family of cryptosystems, rather than a single cryptosystem = added security but need for reconfiguration public key (asymmetric) cryptosystems used for key agreement and digital signatures implementations must be optimized for minimum latency rather than maximum throughput = limited speed-up from parallel processing

11 Three Families of Elliptic Curves Arithmetic operations present in many libraries Elliptic curves built over K = GF(p) K = GF(2 n ) Polynomial basis representation Fast in hardware Secure n n= Our n n=233 Normal basis representation Compact in hardware

12 Hierarchy of functions High level kp Medium level P+Q 2P projective_to_affine (P2A) Low level 2 INV Low level 1 XOR MUL ROT

13 Investigated Partitioning Schemes

14 μp Software Only for P kp for FPGA VHDL macro Based on public-domain code by Rosing M., Implementing Elliptic Curve Cryptography, Manning, 1999

15 0HL1 Partitioning for µp 0 for FPGA P+Q 2P kp P+Q 2P P2A P2A INV H VHDL macros MUL4 ROT XOR MUL2 MUL VAR V_ROT ROT L1

16 0HL2 Partitioning for µp 0 for FPGA P+Q 2P kp P+Q 2P P2A P2A H VHDL macros MUL4 ROT XOR MUL2 V_ROT INV L2

17 0HM Partitioning 0 for µp for FPGA kp H VHDL macros P+Q 2P P2A M

18 00H Partitioning (VHDL only) for P 0 for FPGA 0 VHDL macro kp H

19 Results

20 Timing Measurements.c file.mc file MAP function MAP function MAP Alloc. FPGA Configure DMA Data In FPGA Computation DMA DataOut MAP Free End-to-End time (HW) End-to-End time (SW) MAP Allocation time Configuration time MAP Release Time

21 Results (Latency) System Level Architecture End-to-End Time (μs) Data Transfer In Time(μs) FPGA Computation Time (μs) Data Transfer Out Time (μs) Total Overhead (μs) Speedup vs. Software Slowdown vs. VHDL macro Software 772,519 0HL HL HM VHDL macro us End to End Time HL1 0HL2 0HM 00H (VHDL) Different Architectures FPGA Computation Time

22 Results (Area) System Level Architecture % of CLB slices (out of 33792) CLB increase vs. pure VHDL % of LUTs (out of 67,584) LUT increase vs. pure VHDL % of FFs (out of 67,584) FF count increase vs. pure VHDL Software N/A 0HL HL HM H % CLB slices LUT FF HL1 0HL2 0HM 00H Different Architectures

23 Number of lines of code Algorithm Partitioning Scheme VHDL Macro Wrapper MAP C Main C 0HL HL HM VHDL macro

24 Conclusions

25 Conclusions Assuming focus on: Timing Resources Ease of programming

26 Conclusions cont. The best implementation approach: for µp 0HL1 partitioning scheme 0 for MAP P+Q kp 2P P2A INV H VHDL macros MUL4 ROT XOR MUL2 MUL V_ROT L1 893 speedup vs. software and only 0.46 times slowdown versus pure VHDL with ease of implementation

27 Conclusions Elliptic Curve Cryptosystem implementation challenging for reconfigurable computers because of optimization for latency rather than throughput limited amount of parallelism First publication showing a 1000x speed-up for a reconfigurable computer application optimized for data latency