Systematic Design of RSA Processors Based on High-Radix Montgomery Multipliers

This paper presents a systematic design approach to provide the optimized Rivest-Shamir-Adleman (RSA) processors based on high-radix Montgomery multipliers satisfying various user requirements, such as circuit area, operating time, and resistance against side-channel attacks. In order to involve the tradeoff between the performance and the resistance, we apply four types of exponentiation algorithms: two variants of the binary method with/without Chinese Remainder Theorem (CRT). We also introduces three multiplier-based datapath-architectures using different intermediate data forms: 1) single form, 2) semi carry-save form, and 3) carry-save form, and combined them with a wide variety of arithmetic components. Their radices are parameterized from 28 to 2128. A total of 242 datapaths for 1024-bit RSA processors were obtained for each radix. The potential of the proposed approach is demonstrated through an experimental synthesis of all possible processors with a 90-nm CMOS standard cell library. As a result, the smallest design of 861 gates with 118.47 ms/RSA to the fastest design of 0.67 ms/RSA at 153\thinspace 862 gates were obtained. In addition, the use of the CRT technique reduced the RSA operation time of the fastest design to 0.24 ms. Even if we employed the exponentiation algorithm resistant to typical side-channel attacks, the fastest design can perform the RSA operation in less than 1.0 ms.

[1]  Francis M. Crowe,et al.  A scalable dual mode arithmetic unit for public key cryptosystems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[2]  M. McLoone,et al.  Fast Montgomery modular multiplication and RSA cryptographic processor architectures , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[3]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[4]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Thomas Blum,et al.  Montgomery modular exponentiation on reconfigurable hardware , 1999, Proceedings 14th IEEE Symposium on Computer Arithmetic (Cat. No.99CB36336).

[7]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[8]  William P. Marnane,et al.  Efficient architectures for implementing montgomery modular multiplication and RSA modular exponentiation on reconfigurable logic , 2002, FPGA '02.

[9]  Sanu Mathew,et al.  An improved unified scalable radix-2 Montgomery multiplier , 2005, 17th IEEE Symposium on Computer Arithmetic (ARITH'05).

[10]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[11]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[12]  Yasuo Takahashi,et al.  A multiple-valued logic and memory with combined single-electron and metal-oxide-semiconductor transistors , 2003 .

[13]  Christof Paar,et al.  High-Radix Montgomery Modular Exponentiation on Reconfigurable Hardware , 2001, IEEE Trans. Computers.

[14]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[15]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[16]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[17]  Israel Koren Computer arithmetic algorithms , 1993 .

[18]  Çetin Kaya Koç,et al.  A Scalable Architecture for Modular Multiplication Based on Montgomery's Algorithm , 2003, IEEE Trans. Computers.

[19]  Erkay Savas,et al.  A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2000, CHES.

[20]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  Behrooz Parhami,et al.  Computer arithmetic - algorithms and hardware designs , 1999 .

[23]  Akashi Satoh,et al.  A Scalable Dual-Field Elliptic Curve Cryptographic Processor , 2003, IEEE Trans. Computers.

[24]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[25]  Akashi Satoh,et al.  Systematic design of high-radix Montgomery multipliers for RSA processors , 2008, 2008 IEEE International Conference on Computer Design.