Hardware SLE solvers: Efficient building blocks for cryptographic and cryptanalyticapplications

Abstract Solving systems of linear equations (SLEs) is a very common computational problem appearing in numerous research disciplines and in particular in the context of cryptographic and cryptanalytic algorithms. In this work, we present highly efficient hardware architectures for solving (small and medium-sized) systems of linear equations over F 2 k . These architectures feature linear or quadratic running times with quadratic space complexities in the size of an SLE, and can be clocked at high frequencies. Among the most promising architectures are one-dimensional and two-dimensional systolic arrays which we call triangular systolic and linear systolic arrays. All designs have been fully implemented for different sizes of SLEs and concrete FPGA implementation results are given. Furthermore, we provide a clear comparison of the presented SLE solvers. The significance of these designs is demonstrated by the fact that they are used in the recent literature as building blocks of efficient architectures for attacking block and stream ciphers (Bogdanov et al., 2007 [5] ; Geiselmann et al., 2009 [17] ) and for developing cores for multivariate signature schemes (Balasubramanian et al., 2008 [2] ; Bogdanov et al., 2008 [6] ).

[1]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[2]  Dinesh Manocha,et al.  LU-GPU: Efficient Algorithms for Solving Dense Linear Systems on Graphics Hardware , 2005, ACM/IEEE SC 2005 Conference (SC'05).

[3]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[4]  John W. Auer,et al.  Linear algebra with applications , 1996 .

[5]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[6]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.

[7]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[8]  Martin R. Albrecht,et al.  Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[9]  Igor A. Semaev,et al.  Solving Multiple Right Hand Sides linear equations , 2008, Des. Codes Cryptogr..

[10]  Chin-Liang Wang,et al.  A Systolic Architecture for Computing Inverses and Divisions in Finite Fields GF(2^m) , 1993, IEEE Trans. Computers.

[11]  Andrey Bogdanov,et al.  Linear Slide Attacks on the KeeLoq Block Cipher , 2007, Inscrypt.

[12]  Andrey Bogdanov,et al.  A Parallel Hardware Architecture for fast Gaussian Elimination over GF(2) , 2006, 2006 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[13]  Andrey Bogdanov,et al.  Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? , 2008, IACR Cryptol. ePrint Arch..

[14]  Rainer Steinwandt,et al.  PET SNAKE: A Special Purpose Architecture to Implement an Algebraic Attack in Hardware , 2010, Trans. Comput. Sci..

[15]  Patrice Quinton,et al.  Systolic Gaussian Elimination over GF(p) with Partial Pivoting , 1989, IEEE Trans. Computers.

[16]  M. Hestenes,et al.  Methods of conjugate gradients for solving linear systems , 1952 .

[17]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[18]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[19]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[20]  Bo-Yin Yang,et al.  On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis , 2004, ICICS.

[21]  Andrey Bogdanov,et al.  A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations , 2007, CHES.

[22]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[23]  Andrey Bogdanov,et al.  Fast Multivariate Signature Generation in Hardware: The Case of Rainbow , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[24]  Johann Großschädl,et al.  Cryptographic Hardware and Embedded Systems --- CHES 2007 , 2007 .

[25]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[26]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[27]  Marvin C. Wunderlich,et al.  A compact algorithm for Gaussian elimination over GF(2) implemented on highly parallel computers , 1984, Parallel Comput..