FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

More documents

Recommendations

Info

3.4. FINITE FIELD ARITHMETIC 23 Thus, we can calculate the number of gates of an+ -bit CKM with the following recurrences: e)'U 3 K+ˆ 6+* I + 6 c 3 K+ˆ†¦«+ ´ c e('U 8 K+ˆ 6+* I + 6 c c:)?þe('U 8 K+ˆ†¦ + ´ c +¢)Wþe)'pU € 3 K+ˆ 6+* c + 6 c þ v € 3 K+ˆ†¦«+ ´ c e)'U $ K+ˆ 6+* I + 6 c + _ ¨)?þe)'pU-$PK+ˆ†¦ + ´ c v With the master method [19] it can easily be shown that all of these recurrences belong to the complexity õ7K+¨öø÷Cù 8 class . The ofv € 3 number gates exactly+¨öø÷Cù 8 is . By substituting a 3-input XOR by e('U 3 two and a 4-input XOR threee)'pU 3 by gates, an upper bound on requirede('U 3 the count is be given k+Nöø÷Cù 8 by . Some gate counts for multipliers of various operand bit widths are summarized in Tab. 3.1 and illustrated in Fig. 3.4. v € 3 e('U 3 e('U 8 e('U-$ Table 3.1: Bit Width 1 2 4 8 16 32 64 1 3 9 27 81 243 729 0 2 10 38 130 422 1330 0 0 2 12 50 180 602 0 1 4 13 40 121 364 ,! 1 6 25 90 301 966 3025 3500 3000 2500 2000 gate count 1500 1000 500 0 4 8 16 bit width 32 64 AND2 gate type XOR4 XOR3 SUM XOR2 Figure 3.4: Combinational Karatsuba Multiplier gate count 3.4.5 MSK Pattern Generation As detailed in Sec. 2.3.3 there are three different MSK patterns which are build based on the output of the CKM. A simplified illustration of the corresponding architecture is shown in part (e) of Fig. 3.2. In practice, the pattern creation is implemented by various multiplexers. Moreover, in case of the& œ" 8 scheme, the patterns will exceed the bit width( of the affiliated"!ƒe 8 #Y and therefore have to be reduced before they
Ì Ì Ì Ì Ì 3.4. FINITE FIELD ARITHMETIC 24 can be added to the intermediate result. This leads to approximately k+ additional e)'U 3 gates for a ! #" 8 design. In general, an optimized multiplexer structure leads to the following resource requirement: 3 K+ˆ 6 + -!-e 3$#YZK+ˆ 6 k+ v € 3 K+ˆ 6 k+ e('U 3.4.6 Interleaved Polynomial Reduction A first naive design approach may perform the polynomial reduction after the calculation of the complete multiplication. According to Eqn. 2.9, such a architecture would requirek( ) >#e('U 3 gates. Furthermore, this would lead to datapaths and multiplexers of sizek( _ c . To keep the datapaths on a maximum size of ( a method of interleaved reduction has been developed. When utilizing the MSK multiplication scheme based on + a -bit CKM the maximum degree of each intermediate is( )Q+ result with+/. ( , . only( )Q+ Therefore, bit values have to be reduced in each iteration. Regarding this fact Eqn. 2.9 reads as } 6 = Yª ô Ì Ò ±K5 ± Ü = Y ±ÈÇÉ® Ò ±z5 ± ) P Yª ô ±ÈÇÉ® ±–Ç Ò ±CK5 ±. ),5 ãª ±. Í7ÏÐ @ (3.1) which results in a total of onlyk+]e('U 3 gates for the polynomial reduction. The particular terms (1...3) of Eqn. 3.1 are structured according to Fig. 3.5 in order to calculate the reduction. Within the MSK scheme, this kind of interleaved reduction of degree ( )²+ polynomials is performed each time the intermediate result is shifted left by+ bit. n−1 0 (1) n−1+m (3) n−1+m (2) n n 6 = Y ±ÈÇÉ®#Ò ±5 ± ±–ÇÉ®Ò ±ª 5 ãª ± ±ÈÇÉ®Ò ±ª 5 ± ) ô Y ) ô Y åYºæ å3 æ å8 æ ¢ £h¤ ¥ ¢ £h¤ ¥ ¢ £h¤ ¥ Result Register (n bit) Figure 3.5: Structure of the polynomial reduction of(*),+ bit The gatecount calculation for part (f) of Fig. 3.2 is as follows: As already mentioned, the reduction of degree()*+ polynomials takesk+!e)'pU 3 gates. Additionally,+ ¯(:K(œ@ ñ + _ Fe)'U 3 gates are required to perform the accumulation of the actual MSK pattern to the current result value. Finallyþk(D"!ƒe 3$#Y are needed to choose if the result of an addition, square or multiply operation is stored in the result register. Summing up, this results in the following resource requirement: npn%K(b 6 ( e('U 3 K+ˆ 6 + ¯(:K(œ@ ñ + _ `)?k+ -!-e 3$#YBK(b 6dñ (
Page 1 and 2: Fachbereich Informatik Integrierte
Page 3 and 4: Contents List of Figures iv 1 Intro
Page 5 and 6: List of Figures c)! #"%$ d)& #"'$ 2
Page 7 and 8: 1.2. PREVIOUS WORK 2 of dividing a
Page 9 and 10: Chapter 2 Mathematical Background T
Page 11 and 12: Ymonpn _ #qkr9;=stPuiY[ v l _ wr9xK
Page 13 and 14: 2.2. FINITE FIELD ARITHMETIC 8 k P
Page 15 and 16: 2.2.4 Addition in-·‰¸º¹ » 2
Page 17 and 18: Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì
Page 19 and 20: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 21 and 22: 6 v |!6 v 3 5 3 î 8 ¾ v Yg5 î 8
Page 23 and 24: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 25 and 26: 3.2. REGISTER FILE 20 3.2 Register
Page 27: 3.4. FINITE FIELD ARITHMETIC 22 3.4
Page 31 and 32: 3.6. EVALUATION SOFTWARE 26 used fo
Page 33 and 34: 4.2. XILINX XCV405E 28 implementati
Page 35 and 36: Chapter 5 Conclusions and Outlook 5
Page 37 and 38: Bibliography [1] National Institute
Page 39 and 40: Ô Ô bY©®v @ | ò 6 6 Y©® v
Page 41: 3 m°e'Ỹ %jijY l Y Ym°5 l l $ƒm

FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

Create successful ePaper yourself

Delete template?

Save as template?