Analysis of GF (2m) Multiplication Algorithm: Classic Method v/s Karatsuba-Ofman Multiplication Method

In recent years, finite field multiplication in GF(2m) has been widely used in various applications such as error correcting codes and cryptography. One of the motivations for fast and area efficient hardware solution for implementing the arithmetic operation of binary multiplication , in finite field GF (2m), comes from the fact, that they are the most time-consuming and frequently called operations in cryptography and other applications. So, the optimization of their hardware design is critical for overall performance of a system. Since a finite field multiplier is a crucial unit for overall performance of cryptographic systems, novel multiplier architectures, whose performances can be chosen freely, is necessary. In this paper, two Galois field multiplication algorithms (used in cryptography applications) are considered to analyze their performance with respect to parameters viz. area, power, delay, and the consequent Area×Time (AT) and Power×Delay characteristics. The objective of the analysis is to find out the most efficient GF(2m) multiplier algorithm among those considered

Low-cost, low-power FPGA implementation of ED25519 and CURVE25519 point multiplication

Twisted Edwards curves have been at the center of attention since their introduction by Bernstein et al. in 2007. The curve ED25519, used for Edwards-curve Digital Signature Algorithm (EdDSA), provides faster digital signatures than existing schemes without sacrificing security. The CURVE25519 is a Montgomery curve that is closely related to ED25519. It provides a simple, constant time, and fast point multiplication, which is used by the key exchange protocol X25519. Software implementations of EdDSA and X25519 are used in many web-based PC and Mobile applications. In this paper, we introduce a low-power, low-area FPGA implementation of the ED25519 and CURVE25519 scalar multiplication that is particularly relevant for Internet of Things (IoT) applications. The efficiency of the arithmetic modulo the prime number 2 255 − 19, in particular the modular reduction and modular multiplication, are key to the efficiency of both EdDSA and X25519. To reduce the complexity of the hardware implementation, we propose a high-radix interleaved modular multiplication algorithm. One benefit of this architecture is to avoid the use of large-integer multipliers relying on FPGA DSP modules

Extension and implementation of the mod without mod algorithm to efficiently compute the modulus of a number in hardware

This thesis discusses a hardware implementation of modulo that does not require a multiplication. This implementation is based on the algorithm proposed in Mark A. Will's "Mod without mod" in which the an algorithm is presented to calculate the modulus of large values using shifting and adding. This allows our implementation to be comparable in clock cycles to other implementations without the need for a multiplier's delay. This algorithm is compared with others, such as Barret reduction, Montgomery reduction, and fast modular reduction. Our implementation of this modulo algorithm is shown to be faster in many cases. This paper proposes both a hardware implementation of this algorithm as well as synthesis results in soi12s0 45nm IBM Multi-threshold CMOS (MTCMOS) technology and ARM-based standard cells

Cryptographic primitives on reconfigurable platforms.

Tsoi Kuen Hung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 84-92).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- Objectives --- p.3Chapter 1.3 --- Contributions --- p.3Chapter 1.4 --- Thesis Organization --- p.4Chapter 2 --- Background and Review --- p.6Chapter 2.1 --- Introduction --- p.6Chapter 2.2 --- Cryptographic Algorithms --- p.6Chapter 2.3 --- Cryptographic Applications --- p.10Chapter 2.4 --- Modern Reconfigurable Platforms --- p.11Chapter 2.5 --- Review of Related Work --- p.14Chapter 2.5.1 --- Montgomery Multiplier --- p.14Chapter 2.5.2 --- IDEA Cipher --- p.16Chapter 2.5.3 --- RC4 Key Search --- p.17Chapter 2.5.4 --- Secure Random Number Generator --- p.18Chapter 2.6 --- Summary --- p.19Chapter 3 --- The IDEA Cipher --- p.20Chapter 3.1 --- Introduction --- p.20Chapter 3.2 --- The IDEA Algorithm --- p.21Chapter 3.2.1 --- Cipher Data Path --- p.21Chapter 3.2.2 --- S-Box: Multiplication Modulo 216 + 1 --- p.23Chapter 3.2.3 --- Key Schedule --- p.24Chapter 3.3 --- FPGA-based IDEA Implementation --- p.24Chapter 3.3.1 --- Multiplication Modulo 216 + 1 --- p.24Chapter 3.3.2 --- Deeply Pipelined IDEA Core --- p.26Chapter 3.3.3 --- Area Saving Modification --- p.28Chapter 3.3.4 --- Key Block in Memory --- p.28Chapter 3.3.5 --- Pipelined Key Block --- p.30Chapter 3.3.6 --- Interface --- p.31Chapter 3.3.7 --- Pipelined Design in CBC Mode --- p.31Chapter 3.4 --- Summary --- p.32Chapter 4 --- Variable Radix Montgomery Multiplier --- p.33Chapter 4.1 --- Introduction --- p.33Chapter 4.2 --- RSA Algorithm --- p.34Chapter 4.3 --- Montgomery Algorithm - Ax B mod N --- p.35Chapter 4.4 --- Systolic Array Structure --- p.36Chapter 4.5 --- Radix-2k Core --- p.37Chapter 4.5.1 --- The Original Kornerup Method (Bit-Serial) --- p.37Chapter 4.5.2 --- The Radix-2k Method --- p.38Chapter 4.5.3 --- Time-Space Relationship of Systolic Cells --- p.38Chapter 4.5.4 --- Design Correctness --- p.40Chapter 4.6 --- Implementation Details --- p.40Chapter 4.7 --- Summary --- p.41Chapter 5 --- Parallel RC4 Engine --- p.42Chapter 5.1 --- Introduction --- p.42Chapter 5.2 --- Algorithms --- p.44Chapter 5.2.1 --- RC4 --- p.44Chapter 5.2.2 --- Key Search --- p.46Chapter 5.3 --- System Architecture --- p.47Chapter 5.3.1 --- RC4 Cell Design --- p.47Chapter 5.3.2 --- Key Search --- p.49Chapter 5.3.3 --- Interface --- p.50Chapter 5.4 --- Implementation --- p.50Chapter 5.4.1 --- RC4 cell --- p.51Chapter 5.4.2 --- Floorplan --- p.53Chapter 5.5 --- Summary --- p.53Chapter 6 --- Blum Blum Shub Random Number Generator --- p.55Chapter 6.1 --- Introduction --- p.55Chapter 6.2 --- RRNG Algorithm . . --- p.56Chapter 6.3 --- PRNG Algorithm --- p.58Chapter 6.4 --- Architectural Overview --- p.59Chapter 6.5 --- Implementation --- p.59Chapter 6.5.1 --- Hardware RRNG --- p.60Chapter 6.5.2 --- BBS PRNG --- p.61Chapter 6.5.3 --- Interface --- p.66Chapter 6.6 --- Summary --- p.66Chapter 7 --- Experimental Results --- p.68Chapter 7.1 --- Design Platform --- p.68Chapter 7.2 --- IDEA Cipher --- p.69Chapter 7.2.1 --- Size of IDEA Cipher --- p.70Chapter 7.2.2 --- Performance of IDEA Cipher --- p.70Chapter 7.3 --- Variable Radix Systolic Array --- p.71Chapter 7.4 --- Parallel RC4 Engine --- p.75Chapter 7.5 --- BBS Random Number Generator --- p.76Chapter 7.5.1 --- Size --- p.76Chapter 7.5.2 --- Speed --- p.76Chapter 7.5.3 --- External Clock --- p.77Chapter 7.5.4 --- Random Performance --- p.78Chapter 7.6 --- Summary --- p.78Chapter 8 --- Conclusion --- p.81Chapter 8.1 --- Future Development --- p.83Bibliography --- p.8

Rapid hardware implementations of classical modular multiplication

Modular multiplication is a mathematical operation fundamental to the RSA cryptosystern, a public-key cryptosystem with many applications in privacy, security, and authenticity. However, cryptosecurity requires that the numbers involved be extremely large, typically ranging from 512-1024 bits in length. Calculations on numbers of this magnitude are cumbersome and lengthy; this limits the speed of RSA. This thesis examines the problem of speeding up modular multiplication of large numbers in hardware, using the classical (add-and-shift) multiplication algorithm. The problem is broken down, and it is shown that the primary computational bottleneck occurs in the modular reduction step performed on each cycle. This reduction consists of an integer division step, a broadcast step, and a multiplication step. Various methods of speeding up these steps are examined, both for the special case of radix-2 multipliers (those shifting a single bit at a time) and the general case of radix-2r multipliers (those shifting r bits on every cycle.) The impacts of these techniques, both on cycle time and on chip area, are discussed. The scalability of these systems is examined, and several implementations of modular multiplication found in the literature are analyzed. Most significantly, the technique of pipelining of modular multipliers is examined. It is shown that it is possible to pipeline the modular reduction sequence, effectively eliminating the cycle time's dependence on either the size of the modulus, or on the size of the radius. Furthermore, a technique for constructing such multipliers is given. It is demonstrated that this technique is scalable with respect to time, and that pipelining eliminates many of the disadvantages inherent in previous high-radix implementations. It is also demonstrated that such multipliers have an area requirement which is linear with respect to both radix and modulus size

Customisable arithmetic hardware designs

Imperial Users onl

Surcoût de l'authentification et du consensus dans la sécurité des réseaux sans fil véhiculaires

Les réseaux ad hoc sans fil véhiculaires (VANET) permettent les communications entre véhicules afin d'augmenter la sécurité routière et d'agrémenter l'expérience de conduite. Une catégorie d'applications ayant suscité un fort intérêt est celle liée à la sécurité du trafic routier. Un exemple prometteur est l'alerte de danger local qui permet d'accroitre la " ligne de vue " du conducteur en lui proposant un ensemble d'alertes afin d'anticiper des situations potentiellement dangereuses. En raison de leurs contraintes temporelles fortes et les conséquences critiques d'une mauvaise utilisation, il est primordial d'assurer des communications sécurisées. Mais l'ajout de services de sécurité entraîne un surcoût de calcul et réseau. C'est pourquoi l'objectif de notre travail est d'établir un cadre général (de manière analytique) du surcoût de la sécurité sur le délai de transfert d'une alerte. Parmi les mécanismes de sécurité conventionnels, le service d'authentification apparaît comme la pierre angulaire de la sécurité des VANETs. De plus, l'authentification est utilisée pour chaque message émis ou reçu. Il est donc potentiellement le service le plus consommateur. C'est pourquoi, nous nous focalisons sur ce service. Nous nous posons ainsi les questions suivantes : quel est le coût de l'authentification ? Quel est son impact sur l'application d'alerte de danger local ? La première contribution de cette thèse est l'élaboration d'une formule permettant le calcul du surcoût de la signature numérique. Mais l'authentification ne sera pas le seul mécanisme de sécurité déployé. Le consensus est notamment un des mécanismes fréquemment employés afin d'instaurer une confiance entre les véhicules. En effet, grâce à une méthode de décision et à partir d'un ensemble de messages, le consensus vise à obtenir un commun accord sur une valeur ou une action entre les véhicules. Ainsi, nous devons comprendre comment définir les paramètres de consensus afin de réduire l'impact de ce mécanisme sur le délai et la distance de freinage ? Comment s'intègre le consensus dans la formule globale de surcoût de l'authentification ? C'est notamment à ces questions que cette thèse répond. Notre deuxième contribution est une méthode de décision dynamique qui analyse l'environnement réseau courant (nombre de voisins à portée de communication), et explore le contenu des alertes. Il en résulte une réduction du nombre de paquets à examiner et donc une réaction plus rapide et plus adaptée à l'alerte.In 2007, road accidents have cost 110 deaths, 4600 injuries and €438 millions daily in the European Union. The damage is similarly devastating in the United States with 102 deaths, 7900 injuries and $630 millions daily. Therefore, industry consortia, governments, and automotive companies, have made the reduction of vehicular fatalities a top priority. To raise this challenge, a main idea is to make vehicles and roads smarter thanks to wireless communications. Indeed, wireless communications will increase the line-of-sight of the driver and make vehicles aware of their environment. Smart vehicles and roads will form a wireless vehicular network (VANET). The VSC Project details 75 applications that could be deployed on vehicular networks. Applications are divided in three categories: safety-related, traffic optimization and infotainment. Automotive safety-related applications aim to assist drivers in avoiding vehicular accidents, by providing advisories and early warnings to drivers, using broadcast vehicle-to-vehicle (V2V) communications. Vehicles typically communicate as per the Dedicated Short Range Communication standard (DSRC), and broadcast messages in response to certain notified events (emergency message) or periodically (beacon message). In this thesis, we focus on V2V communications in Local Danger Warning (LDW) application, which is considered one of the most promising active safety applications for inter-vehicle communication. Since drivers of vehicles participating in V2V communications are expected to act on messages received from other participants, it is clearly necessary that these messages be transmitted in a secure fashion. Unfortunately, security mechanisms come with overhead that impact the performance of the V2V communications, and hence that of the safety applications. The IEEE 1609.2 standard for vehicular ad hoc networks is based on the ECDSA algorithm for supporting the authentication mechanism. The main goal of this work is to define a formula, which assesses the authentication overhead in VANET. We also introduce the problem of consensus, which is an additional mechanism that impacts the total time overhead of ECDSA. Indeed, when you receive a message, you could legitimately ask: "Should I trust this message?". The consensus aims at increasing trust. But consensus mechanism comes with overheads. We investigate the network performance and propose new decision methods and techniques to reduce these overheads

Unified field multiplier for GF(p) and GF(2 n) with novel digit encoding

In recent years, there has been an increase in demand for unified field multipliers for Elliptic Curve Cryptography in the electronics industry because they provide flexibility for customers to choose between Prime (GF(p)) and Binary (GF(2")) Galois Fields. Also, having the ability to carry out arithmetic over both GF(p) and GF(2") in the same hardware provides the possibility of performing any cryptographic operation that requires the use of both fields. The unified field multiplier is relatively future proof compared with multipliers that only perform arithmetic over a single chosen field. The security provided by the architecture is also very important. It is known that the longer the key length, the more susceptible the system is to differential power attacks due to the increased amount of data leakage. Therefore, it is beneficial to design hardware that is scalable, so that more data can be processed per cycle. Another advantage of designing a multiplier that is capable of dealing with long word length is improvement in performance in terms of delay, because less cycles are needed. This is very important because typical elliptic curve cryptography involves key size of 160 bits. A novel unified field radix-4 multiplier using Montgomery Multiplication for the use of G(p) and GF(2") has been proposed. This design makes use of the unexploited state in number representation for operation in GF(2") where all carries are suppressed. The addition is carried out using a modified (4:2) redundant adder to accommodate the extra 1 * state. The proposed adder and the partial product generator design are capable of radix-4 operation, which reduces the number of computation cycles required. Also, the proposed adder is more scalable than existing designs.EThOS - Electronic Theses Online ServiceGBUnited Kingdo