Energy scalable reconfigurable cryptographic hardware for portable applications

The recent trends towards global networking and mobile computing have led to the proliferation of wireless networks which enable users to remain connected to the global web without being tied down to a fixed, wired link. The portable nature of these applications requires the development of energy-efficient hardware that is capable of providing a wide range of functionality in an energy-constrained environment that exhibits time-varying quality requirements. This work proposes utilizing an adaptive, energy-scalable approach that exposes the systems' energy source to the hardware so that it can dynamically adjust its operating point in order to satisfy the current system operating requirements. Thus, the energy consumption of the system is based on the average-case as opposed to the worst-case, leading to substantial improvements in the system's operating lifetime from a finite energy source. These results are verified through the development of an Energy Scalable Encryption Processor (ESEP) that features a high-efficiency embedded variable-output power converter. In addition, the lack of a coherent wireless network security architecture has resulted in many different types of cryptographic primitives being used, requiring some form of algorithm agility in order to maximize the portable systems' utility. Existing solutions are found to be inadequate: software is flexible but energy-intensive, hardware is energy-efficient but not algorithm agile, and programmable logic incurs too much overhead to be considered energy-efficient. This work proposes a restricted form of reconfigurability, denoted domain-specific reconfigurability, that enables the required range of functionality (i.e., asymmetric cryptography) to be implemented without incurring the high overhead associated with conventional programmable logic-based solutions (e.g., FPGA's). The benefits of this approach are verified through the development of the Domain Specific Reconfigurable Cryptographic Processor (DSRCP) which provides all of the flexibility of a software-based solution, while achieving, and in some instances surpassing, the energy efficiency of a dedicated hardware-based solution in the domain of interest. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)

[1]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[2]  Hikaru Morita,et al.  A Fast Modular-multiplication Algorithm based on a Higher Radix , 1989, CRYPTO.

[3]  Dan Zuras On squaring and multiplying large integers , 1993, Proceedings of IEEE 11th Symposium on Computer Arithmetic.

[4]  Elwyn R. Berlekamp,et al.  Bit-serial Reed - Solomon encoders , 1982, IEEE Transactions on Information Theory.

[5]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[6]  H. Zhang,et al.  A 1 V heterogeneous reconfigurable processor IC for baseband wireless applications , 2000, 2000 IEEE International Solid-State Circuits Conference. Digest of Technical Papers (Cat. No.00CH37056).

[7]  Wang Tao,et al.  Implementation of RSA cryptoprocessor based on Montgomery algorithm , 1998, 1998 5th International Conference on Solid-State and Integrated Circuit Technology. Proceedings (Cat. No.98EX105).

[8]  Hikaru Morita,et al.  Higher Radix Nonrestoring Modular Multiplication Algorithm and Public-key LSI Architecture with Limited Hardware Resources , 1994, ASIACRYPT.

[9]  Akashi Satoh,et al.  A High-Speed Small RSA Encryption LSI with Low Power Dissipation , 1997, ISW.

[10]  James H. Ellis,et al.  The History of Non-Secret Encryption , 1999, Cryptologia.

[11]  E. Dawson,et al.  A single-chip FPGA implementation of the data encryption standard (DES) algorithm , 1998, IEEE GLOBECOM 1998 (Cat. NO. 98CH36250).

[12]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[13]  Chin-Liang Wang,et al.  Design and implementation of an RSA public-key cryptosystem , 1999, ISCAS'99. Proceedings of the 1999 IEEE International Symposium on Circuits and Systems VLSI (Cat. No.99CH36349).

[14]  H.M. Heys,et al.  The FPGA implementation of the RC6 and CAST-256 encryption algorithms , 1999, Engineering Solutions for the Next Millennium. 1999 IEEE Canadian Conference on Electrical and Computer Engineering (Cat. No.99TH8411).

[15]  Anantha P. Chandrakasan,et al.  Low Power Digital CMOS Design , 1995 .

[16]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[17]  Paul G. Comba,et al.  Exponentiation Cryptosystems on the IBM PC , 1990, IBM Syst. J..

[18]  George Varghese,et al.  The design of a low energy FPGA , 1999, Proceedings. 1999 International Symposium on Low Power Electronics and Design (Cat. No.99TH8477).

[19]  Christof Paar,et al.  A super-serial Galois fields multiplier for FPGAs and its application to public-key algorithms , 1999, Seventh Annual IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00375).

[20]  Ferrell S. Wheeler,et al.  Signed Digit Representations of Minimal Hamming Weight , 1993, IEEE Trans. Computers.

[21]  Thomas D. Simon A low power video compression chip for portable applications , 1999 .

[22]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[23]  Thomas Blum,et al.  Montgomery modular exponentiation on reconfigurable hardware , 1999, Proceedings 14th IEEE Symposium on Computer Arithmetic (Cat. No.99CB36336).

[24]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[25]  An-Yeu Wu,et al.  A scalable low-complexity digit-serial VLSI architecture for RSA cryptosystem , 1999, 1999 IEEE Workshop on Signal Processing Systems. SiPS 99. Design and Implementation (Cat. No.99TH8461).

[26]  Anantha P. Chandrakasan,et al.  Low-power CMOS digital design , 1992 .

[27]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[28]  Mark Shand,et al.  Fast implementations of RSA cryptography , 1993, Proceedings of IEEE 11th Symposium on Computer Arithmetic.

[29]  R. McEliece Finite Fields for Computer Scientists and Engineers , 1986 .

[30]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[31]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[32]  N. Koblitz Introduction to Elliptic Curves and Modular Forms , 1984 .

[33]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[34]  Colin D. Walter,et al.  Hardware Implementation of Montgomery's Modular Multiplication Algorithm , 1993, IEEE Trans. Computers.

[35]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[36]  Christof Paar,et al.  Efficient Algorithms for Elliptic Curve Cryptosystems , 1997, CRYPTO.

[37]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[38]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[39]  A. Chandrakasan,et al.  Designing for wireless LAN communications , 1996 .

[40]  Tian-Sheuan Chang,et al.  A new RSA cryptosystem hardware design based on Montgomery's algorithm , 1998 .

[41]  Lawrence E. Bassham Efficiency Testing of ANSI C Implementations of Round 2 Candidate Algorithms for the Advanced Encryption Standard , 2000, AES Candidate Conference.

[42]  S. Davidson,et al.  An Ultra-high Speed Public Key Encryption Processor , 1992, 1992 Proceedings of the IEEE Custom Integrated Circuits Conference.

[43]  Jan M. Rabaey,et al.  Low-energy embedded FPGA structures , 1998, Proceedings. 1998 International Symposium on Low Power Electronics and Design (IEEE Cat. No.98TH8379).

[44]  Gordon B. Agnew,et al.  An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..

[45]  Dieter Gollmann,et al.  VLSI Design for Exponentiation in GF (2n) , 1990, AUSCRYPT.

[46]  W. J. Thron,et al.  Encyclopedia of Mathematics and its Applications. , 1982 .

[47]  Martin Christopher Rosner,et al.  Elliptic Curve Cryptosystems on Reconfigurable Hardware , 1999 .

[48]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[49]  S. Sutikno,et al.  An implementation of ElGamal elliptic curves cryptosystems , 1998, IEEE. APCCAS 1998. 1998 IEEE Asia-Pacific Conference on Circuits and Systems. Microelectronics and Integrating Systems. Proceedings (Cat. No.98EX242).

[50]  A. Tiountchik Systolic modular exponentiation via Montgomery algorithm , 1998 .

[51]  K. Ohyama,et al.  A single-chip RSA processor implemented in a 0.5 /spl mu/m rule gate array , 1994, Proceedings Seventh Annual IEEE International ASIC Conference and Exhibit.

[52]  Hugh C. Williams,et al.  A modification of the RSA public-key encryption procedure (Corresp.) , 1980, IEEE Trans. Inf. Theory.

[53]  S. Sutikno,et al.  Design and implementation of arithmetic processor F/sub 2//sup 155/ for elliptic curve cryptosystems , 1998, IEEE. APCCAS 1998. 1998 IEEE Asia-Pacific Conference on Circuits and Systems. Microelectronics and Integrating Systems. Proceedings (Cat. No.98EX242).

[54]  Anantha Chandrakasan,et al.  Network-driven motion estimation for wireless video terminals , 1997, IEEE Trans. Circuits Syst. Video Technol..

[55]  Etienne Vanzieleghem,et al.  A Single Chip 1024 Bits RSA Processor , 1990, EUROCRYPT.

[56]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[57]  Anantha P. Chandrakasan,et al.  Dynamic voltage scaling techniques for distributed microsensor networks , 2000, Proceedings IEEE Computer Society Workshop on VLSI 2000. System Design for a System-on-Chip Era.

[58]  Gadiel Seroussi,et al.  Table of low-weight binary irreducible polynomials , 1998 .

[59]  P. A. Wang,et al.  New VLSI architectures of RSA public-key cryptosystem , 1997, Proceedings of 1997 IEEE International Symposium on Circuits and Systems. Circuits and Systems in the Information Age ISCAS '97.

[60]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[61]  Hilarie K. Orman,et al.  Fast Key Exchange with Elliptic Curve Systems , 1995, CRYPTO.

[62]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over All Finite Fields , 1993, CRYPTO.

[63]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[64]  Christof Paar,et al.  Fast Arithmetic Architectures for Public-Key Algorithms over Galois Fields GF((2n)m) , 1997, EUROCRYPT.

[65]  Dieter Gollmann,et al.  Algorithm engineering for public key algorithms , 1989, IEEE J. Sel. Areas Commun..

[66]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[67]  Whitfield Diffie,et al.  Multiuser cryptographic techniques , 1976, AFIPS '76.

[68]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[69]  G. S. Taylor Architecture For A Low Complexity Rate-Adaptive Reed-Solomon Encoder , 1995 .

[70]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[71]  J6rg Sauerbrey,et al.  A Modular Exponentiation Unit Based on Systolic Arrays , 1992, AUSCRYPT.

[72]  Holger Sedlak,et al.  The RSA Cryptography Processor , 1987, EUROCRYPT.

[73]  Tadahiro Kuroda,et al.  Variable supply-voltage scheme for low-power high-speed CMOS digital design , 1998, IEEE J. Solid State Circuits.

[74]  Holger Orup,et al.  VICTOR an Efficient RSA Hardware Implementation , 1991, EUROCRYPT.

[75]  Kris Gaj,et al.  Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware , 2000, AES Candidate Conference.

[76]  Christof Paar,et al.  Fast DES Implementation for FPGAs and Its Application to a Universal Key-Search Machine , 1998, Selected Areas in Cryptography.

[77]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[78]  D. J. Beauregard,et al.  Efficient Algorithms for Implementing Elliptic Curve Public-Key Schemes , 1996 .

[79]  Juan Carlos López,et al.  Design and implementation of a coprocessor for cryptography applications , 1997, Proceedings European Design and Test Conference. ED & TC 97.

[80]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[81]  Alfred Menezes,et al.  Public-Key Cryptosystems with Very Small Key Length , 1992, EUROCRYPT.

[82]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[83]  Wai Lee,et al.  Delay balanced multipliers for low power/low voltage DSP core , 1995, 1995 IEEE Symposium on Low Power Electronics. Digest of Technical Papers.

[84]  Wayne P. Burleson,et al.  VLSI array algorithms and architectures for RSA modular multiplication , 1997, IEEE Trans. Very Large Scale Integr. Syst..

[85]  Vijay V. Vazirani,et al.  Efficient and Secure Pseudo-Random Number Generation , 1984, CRYPTO.

[86]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[87]  J. Pollard,et al.  The fast Fourier transform in a finite field , 1971 .

[88]  Carl Pomerance,et al.  The Quadratic Sieve Factoring Algorithm , 1985, EUROCRYPT.

[89]  Christof Paar,et al.  An FPGA Implementation and Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists , 2000, AES Candidate Conference.

[90]  ÇETIN K. KOÇ,et al.  Montgomery Multiplication in GF(2k) , 1998, Des. Codes Cryptogr..

[91]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[92]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[93]  Ronald C. Mullin,et al.  Optimal normal bases in GF(pn) , 1989, Discret. Appl. Math..

[94]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[95]  Naofumi Takagi,et al.  A Radix-4 Modular Multiplication Hardware Algorithm for Modular Exponentiation , 1992, IEEE Trans. Computers.

[96]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[97]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[98]  Bart Preneel,et al.  On the Performance of Signature Schemes Based on Elliptic Curves , 1998, ANTS.

[99]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[100]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[101]  Shuzo Yajima,et al.  Modular Multiplication Hardware Algorithms with a Redundant Representation and Their Application to RSA Cryptosystem , 1992, IEEE Trans. Computers.

[102]  A.P. Chandrakasan,et al.  Ultra low power control circuits for PWM converters , 1997, PESC97. Record 28th Annual IEEE Power Electronics Specialists Conference. Formerly Power Conditioning Specialists Conference 1970-71. Power Processing and Electronic Specialists Conference 1972.

[103]  Cheng-Wen Wu,et al.  A systolic RSA public key cryptosystem , 1996, 1996 IEEE International Symposium on Circuits and Systems. Circuits and Systems Connecting the World. ISCAS 96.

[104]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[105]  Holger Orup,et al.  Simplifying quotient determination in high-radix modular multiplication , 1995, Proceedings of the 12th Symposium on Computer Arithmetic.

[106]  Gu-Yeon Wei,et al.  A low power switching power supply for self-clocked systems , 1996, ISLPED '96.

[107]  Peter Kornerup High-radix modular multiplication for cryptosystems , 1993, Proceedings of IEEE 11th Symposium on Computer Arithmetic.

[108]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[109]  C. D. Walter,et al.  Systolic Modular Multiplication , 1993, IEEE Trans. Computers.

[110]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[111]  Servaas Vandenberghe,et al.  A Fast Software Implementation for Arithmetic Operations in GF(2n) , 1996, ASIACRYPT.

[112]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.