FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

More documents

Recommendations

Info

Chapter 1 Introduction 1.1 Motivation Today there is a wide range of distributed systems, which use communication resources that can not be safeguarded against eavesdropping or unauthorized data alteration. Thus cryptographic protocols are applied to these systems in order to prevent information extraction or to detect data manipulation by unauthorized parties. In general, cryptographic methods can be subdivided into two categories: symmetric- and asymmetric cryptographic algorithms. In the case of symmetric cryptographic algorithms like DES [1] or AES [2] both communication partners use the same secret key to encrypt and decrypt messages. Compared to asymmetric cryptography these algorithms are considered to be faster and more efficient. However, the general problem of symmetric methods is the distribution of the secret key. Sender and recipient both have to possess the same secret key to process the message but no one else may have the key, because otherwise one would be able to decrypt or alter the message just like the original author and recipient. So secure channels have to be established in order to exchange the keys. With regard of this problem, asymmetric algorithms have been developed. These algorithms, which are also called public key algorithms, differ in the utilized set of keys consisting of a public- and a private key. This key pair can only be computed by the original creator of the keys. For all others both keys are virtually independent. The general principle of all public key schemes is then, that a message that is encrypted with one of the keys can only be decrypted with the other one. After publication of the public key, everyone can use this key, e.g. to encrypt a message. Afterwards, this message can only be decrypted with the corresponding private key which is exclusively known by the authorized recipient of the message. Alternatively, public key algorithms can be used to compute and verify digital signatures. The author of a message uses his secret, private key to compute a signature. By looking up the authors public key any recipient of the message-signature-pair is able to verify this signature subsequently. Public key algorithms provide much flexibility and a very high level of security. On the other hand, in comparison to symmetric methods, they are based on much more complex and expensive arithmetic operations. In practice a combination of both methods is frequently used. E.g. SSL [3]: public key methods are used for key exchange and authentication while symmetric algorithms are applied for the encryption of the data stream. The most prominent public key method is the widely-used RSA algorithm [4]. It is based on the problem
1.2. PREVIOUS WORK 2 of dividing a large number into it’s prime factors, a problem that is considered to be hard, meaning it can not be calculated in polynomial time. Unfortunately it is not known if this problem is really hard (though it’s quite probable). If someone would develop an algorithm to calculate the prime factors efficiently, the RSA scheme would become insecure immediately. This problematic leaded to the need of alternatives in public key cryptography. The main requirement for such alternatives is the use of different underlying mathematical problems, which should optimally be as well researched as the problem of dividing large numbers into prime factors. One of the most important alternative public-key schemes is based on the discrete logarithm problem (DLP) on elliptic curves (EC). In 1985 elliptic curve cryptography (ECC) has been first proposed by V. Miller [5] and N. Koblitz [6] independently. In the following a lot of research has been done and nowadays ECC is widely known and accepted. Because EC methods in general are believed to give a higher security per key bit in comparison to RSA (1024 RSA-bits are equivalent to 160 EC-bits), one can work with shorter keys in order to achieve the same level of security [7]. The smaller key size permits more cost-efficient implementations, which is of special interest for hardware implementations and systems with low computing power. ECC is based on a set of points on elliptic curves and their arithmetic operations EC-Add and EC-Double. These EC operations are in turn composed of arithmetic operations in the underlying finite field (FF). Here, the most expensive and complex operation is the field multiplication FF-Mult. The finite -. field , which is characteristic of and degree( extension is treated throughout this work. Each application has different demands on the utilized cryptosystem (e.g., in terms of required bandwidth, level of security, incurred cost per node and number of communicating partners). Corresponding to the growing number of ECC clients, there is also a need for high performance server implementations. Such an implementation should be capable of processing different cryptographic parameter sets (in special different bit widths) at high speed. Depending on the application, the performance of genuine SW implementations of EC cryptosystems may not be sufficient. In this work a generic and scalable architecture of an ECC coprocessor has been developed. The presented prototype implementations are based on different reconfigurable Field Programmable Gate Array (FPGA) devices from Xilinx [8] and Atmel [9]. The main focus of this work is the acceleration of the field multiplication FF-Mult. This is realized by combining a fast and resource efficient combinational multiplier with a novel scheme for sequential multiplication called multi-segment Karatsuba multiplication (MSK). A clever structuring of the datapath together with well fitting EC level algorithms leads to highly efficient implementations of EC cryptosystems. 1.2 Previous Work Concerning EC coprocessor designs, there is some previous work at the institute, on which this work is relying on. In contrast to the polynomial base representation treated here, this previous hardware implementation (documented in [10]) is based on an Optimal Normal Basis (ONB) representation of the field elements. The manner how basic arithmetic operations in have to be performed depends on the utilized field representation. Especially the multiplication in is completely different when comparing ONB against polynomial base arithmetic. However, the top-level EC algorithms do not depend on field representation and could therefore be partially reused within this work. The microEnable FPGA card, which is one of the utilized hardware platforms in Chap. 4, has been already used for the implementation of the ONB based design. The idea of using a generator approach to derive
Page 1 and 2: Fachbereich Informatik Integrierte
Page 3 and 4: Contents List of Figures iv 1 Intro
Page 5: List of Figures c)! #"%$ d)& #"'$ 2
Page 9 and 10: Chapter 2 Mathematical Background T
Page 11 and 12: Ymonpn _ #qkr9;=stPuiY[ v l _ wr9xK
Page 13 and 14: 2.2. FINITE FIELD ARITHMETIC 8 k P
Page 15 and 16: 2.2.4 Addition in-·‰¸º¹ » 2
Page 17 and 18: Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì
Page 19 and 20: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 21 and 22: 6 v |!6 v 3 5 3 î 8 ¾ v Yg5 î 8
Page 23 and 24: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 25 and 26: 3.2. REGISTER FILE 20 3.2 Register
Page 27 and 28: 3.4. FINITE FIELD ARITHMETIC 22 3.4
Page 29 and 30: Ì Ì Ì Ì Ì 3.4. FINITE FIELD AR
Page 31 and 32: 3.6. EVALUATION SOFTWARE 26 used fo
Page 33 and 34: 4.2. XILINX XCV405E 28 implementati
Page 35 and 36: Chapter 5 Conclusions and Outlook 5
Page 37 and 38: Bibliography [1] National Institute
Page 39 and 40: Ô Ô bY©®v @ | ò 6 6 Y©® v
Page 41: 3 m°e'Ỹ %jijY l Y Ym°5 l l $ƒm

FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?