Enhancing an embedded processor core for efficient and isolated execution of cryptographic algorithms

We propose enhancing a reconfigurable and extensible embedded RISC processor core with a protected zone for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory for storing sensitive data during cryptographic computations, and special-purpose and cryptographic registers to execute instructions securely. We outline the principles for secure software implementations of cryptographic algorithms in a processor equipped with the proposed protected zone. We demonstrate the efficiency and effectiveness of our proposed zone by implementing the most-commonly used cryptographic algorithms in the protected zone; namely RSA, elliptic curve cryptography, pairing-based cryptography, AES block cipher, and SHA-1 and SHA-256 cryptographic hash functions. In terms of time efficiency, our software implementations of cryptographic algorithms running on the enhanced core compare favorably with equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor. The proposed enhancements for the protected zone are realized on an FPGA device. The implementation results on the FPGA confirm that its area overhead is relatively moderate in the sense that it can be used in many embedded processors. Finally, the protected zone is useful against cold-boot and micro-architectural side-channel attacks such as cache-based and branch prediction attacks

Efficient and Side-Channel Resistant Implementations of Next-Generation Cryptography

The rapid development of emerging information technologies, such as quantum computing and the Internet of Things (IoT), will have or have already had a huge impact on the world. These technologies can not only improve industrial productivity but they could also bring more convenience to people’s daily lives. However, these techniques have “side effects” in the world of cryptography – they pose new difficulties and challenges from theory to practice. Specifically, when quantum computing capability (i.e., logical qubits) reaches a certain level, Shor’s algorithm will be able to break almost all public-key cryptosystems currently in use. On the other hand, a great number of devices deployed in IoT environments have very constrained computing and storage resources, so the current widely-used cryptographic algorithms may not run efficiently on those devices. A new generation of cryptography has thus emerged, including Post-Quantum Cryptography (PQC), which remains secure under both classical and quantum attacks, and LightWeight Cryptography (LWC), which is tailored for resource-constrained devices. Research on next-generation cryptography is of importance and utmost urgency, and the US National Institute of Standards and Technology in particular has initiated the standardization process for PQC and LWC in 2016 and in 2018 respectively. Since next-generation cryptography is in a premature state and has developed rapidly in recent years, its theoretical security and practical deployment are not very well explored and are in significant need of evaluation. This thesis aims to look into the engineering aspects of next-generation cryptography, i.e., the problems concerning implementation efficiency (e.g., execution time and memory consumption) and security (e.g., countermeasures against timing attacks and power side-channel attacks). In more detail, we first explore efficient software implementation approaches for lattice-based PQC on constrained devices. Then, we study how to speed up isogeny-based PQC on modern high-performance processors especially by using their powerful vector units. Moreover, we research how to design sophisticated yet low-area instruction set extensions to further accelerate software implementations of LWC and long-integer-arithmetic-based PQC. Finally, to address the threats from potential power side-channel attacks, we present a concept of using special leakage-aware instructions to eliminate overwriting leakage for masked software implementations (of next-generation cryptography)

Arithmetic for Public-Key Cryptography

Item does not contain fulltex

Optimizing Arithmetic for Public Key Cryptography

Public key cryptography describes a family of systems that allow for secure communication between two parties in the presence of eavesdroppers. We examine the history of cryptography and how the advent of public key cryptography irreversibly changed the science. The Diffie-Hellman key exchange protocol and the RSA cryptosystem and their applications are described in detail, as well as the mathematical theory behind them. The concept of radix representations and radix-sensitive arithmetic algorithms are explored. We create a simple arbitrary precision integer arithmetic system in Java and explore how arithmetic algorithm choices affect the performance of RSA implementations and RSA-related arithmetic functions

Tamper-Resistant Arithmetic for Public-Key Cryptography

Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines

Low-power multiplication method for public-key cryptosystem.

Esta tese estuda a utilização da aritmética computacional para criptografia de chave pública (PKC Public-Key Cryptography) e investiga alternativas ao nível da arquitetura de sistema criptográfico em hardware que podem conduzir a uma redução no consumo de energia, considerando o baixo consumo de potência e o alto desempenho em dispositivos portáteis com energia limitada. A maioria desses dispositivos é alimentada por bateria. Embora o desempenho e a área de circuitos consistem desafios para o projetista de hardware, baixo consumo de energia se tornou uma preocupação em projetos de sistema críticos. A criptografia de chave pública é baseada em funções aritméticas como a exponenciação e multiplicação módulo. PKC prove um esquema de troca de chaves autenticada por meio de uma rede insegura entre duas entidades e fornece uma solução de grande segurança para a maioria das aplicações que devem trocar informações sensíveis. Multiplicação em módulo é largamente utilizada e essa operação aritmética é mais complexa porque os operandos são números extremamente grandes. Assim, métodos computacionais para acelerar as operações, reduzir o consumo de energia e simplificar o uso de tais operações, especialmente em hardware, são sempre de grande valor para os sistemas que requerem segurança de dados. Hoje em dia, um dos mais bem sucedidos métodos de multiplicação em módulo é a multiplicação de Montgomery. Os esforços para melhorar este método são sempre de grande importância para os projetistas de hardware criptográfico e de segurança em sistemas embarcados. Esta pesquisa trata de algoritmos para criptografia de baixo consumo de energia. Abrange as operações necessárias para implementações em hardware da exponenciação e da multiplicação em módulo. Em particular, esta tese propõe uma nova arquitetura para a multiplicação em módulo chamado \"Parallel k-Partition Montgomery Multiplication\" e um projeto inovador em hardware para calcular a exponenciação em módulo usando o sistema numérico por resíduos (RNS).This thesis studies the use of computer arithmetic for Public-Key Cryptography (PKC) and investigates alternatives on the level of the hardware cryptosystem architecture that can lead to a reduction in the energy consumption by considering low power and high performance in energy-limited portable devices. Most of these devices are battery powered. Although performance and area are the two main hardware design goals, low power consumption has become a concern in critical system designs. PKC is based on arithmetic functions such as modular exponentiation and modular multiplication. It produces an authenticated key-exchange scheme over an insecure network between two entities and provides the highest security solution for most applications that must exchange sensitive information. Modular multiplication is widely used, and this arithmetic operation is more complex because the operands are extremely large numbers. Hence, computational methods to accelerate the operations, reduce the energy consumption, and simplify the use of such operations, especially in hardware, are always of great value for systems that require data security. Currently, one of the most successful modular multiplication methods is Montgomery Multiplication. Efforts to improve this method are always important to designers of dedicated cryptographic hardware and security in embedded systems. This research deals with algorithms for low-power cryptography. It covers operations required for hardware implementations of modular exponentiation and modular multiplication. In particular, this thesis proposes a new architecture for modular multiplication called Parallel k-Partition Montgomery Multiplication and an innovative hardware design to perform modular exponentiation using Residue Number System (RNS)