Reconfigurable elliptic curve cryptography

Elliptic Curve Cryptosystems (ECC) have been proposed as an alternative to other established public key cryptosystems such as RSA (Rivest Shamir Adleman). ECC provide more security per bit than other known public key schemes based on the discrete logarithm problem. Smaller key sizes result in faster computations, lower power consumption and memory and bandwidth savings, thus making ECC a fast, flexible and cost-effective solution for providing security in constrained environments. Implementing ECC on reconfigurable platform combines the speed, security and concurrency of hardware along with the flexibility of the software approach. This work proposes a generic architecture for elliptic curve cryptosystem on a Field Programmable Gate Array (FPGA) that performs an elliptic curve scalar multiplication in 1.16milliseconds for GF (2163), which is considerably faster than most other documented implementations. One of the benefits of the proposed processor architecture is that it is easily reprogrammable to use different algorithms and is adaptable to any field order. Also through reconfiguration the arithmetic unit can be optimized for different area/speed requirements. The mathematics involved uses binary extension field of the form GF (2n) as the underlying field and polynomial basis for the representation of the elements in the field. A significant gain in performance is obtained by using projective coordinates for the points on the curve during the computation process

Bit Serial Systolic Architectures for Multiplicative Inversion and Division over GF(2^m)

Systolic architectures are capable of achieving high throughput by maximizing pipelining and by eliminating global data interconnects. Recursive algorithms with regular data flows are suitable for systolization. The computation of multiplicative inversion using algorithms based on EEA (Extended Euclidean Algorithm) are particularly suitable for systolization. Implementations based on EEA present a high degree of parallelism and pipelinability at bit level which can be easily optimized to achieve local data flow and to eliminate the global interconnects which represent most important bottleneck in todays sub-micron design process. The net result is to have high clock rate and performance based on efficient systolic architectures. This thesis examines high performance but also scalable implementations of multiplicative inversion or field division over Galois fields GF(2m) in the specific case of cryptographic applications where field dimension m may be very large (greater than 400) and either m or defining irreducible polynomial may vary. For this purpose, many inversion schemes with different basis representation are studied and most importantly variants of EEA and binary (Stein's) GCD computation implementations are reviewed. A set of common as well as contrasting characteristics of these variants are discussed. As a result a generalized and optimized variant of EEA is proposed which can compute division, and multiplicative inversion as its subset, with divisor in either polynomial or triangular basis representation. Further results regarding Hankel matrix formation for double-basis inversion is provided. The validity of using the same architecture to compute field division with polynomial or triangular basis representation is proved. Next, a scalable unidirectional bit serial systolic array implementation of this proposed variant of EEA is implemented. Its complexity measures are defined and these are compared against the best known architectures. It is shown that assuming the requirements specified above, this proposed architecture may achieve a higher clock rate performance w. r. t. other designs while being more flexible, reliable and with minimum number of inter-cell interconnects. The main contribution at system level architecture is the substitution of all counter or adder/subtractor elements with a simpler distributed and free of carry propagation delays structure. Further a novel restoring mechanism for result sequences of EEA is proposed using a double delay element implementation. Finally, using this systolic architecture a CMD (Combined Multiplier Divider) datapath is designed which is used as the core of a novel systolic elliptic curve processor. This EC processor uses affine coordinates to compute scalar point multiplication which results in having a very small control unit and negligible with respect to the datapath for all practical values of m. The throughput of this EC based on this bit serial systolic architecture is comparable with designs many times larger than itself reported previously

Reducing the Overhead of BCH Codes: New Double Error Correction Codes

[EN] The Bose-Chaudhuri-Hocquenghem (BCH) codes are a well-known class of powerful error correction cyclic codes. BCH codes can correct multiple errors with minimal redundancy. Primitive BCH codes only exist for some word lengths, which do not frequently match those employed in digital systems. This paper focuses on double error correction (DEC) codes for word lengths that are in powers of two (8, 16, 32, and 64), which are commonly used in memories. We also focus on hardware implementations of the encoder and decoder circuits for very fast operations. This work proposes new low redundancy and reduced overhead (LRRO) DEC codes, with the same redundancy as the equivalent BCH DEC codes, but whose encoder, and decoder circuits present a lower overhead (in terms of propagation delay, silicon area usage and power consumption). We used a methodology to search parity check matrices, based on error patterns, in order to design the new codes. We implemented and synthesized them, and compared their results with those obtained for the BCH codes. Our implementation of the decoder circuits achieved reductions between 2.8% and 8.7% in the propagation delay, between 1.3% and 3.0% in the silicon area, and between 15.7% and 26.9% in the power consumption. Therefore, we propose LRRO codes as an alternative for protecting information against multiple errors.This research was supported in part by the Spanish Government, project TIN2016-81075-R, by Primeros Proyectos de Investigacion (PAID-06-18), Vicerrectorado de Investigacion, Innovacion y Transferencia de la Universitat Politecnica de Valencia (UPV), project 20190032, and by the Institute of Information and Communication Technologies (ITACA).Saiz-Adalid, L.; Gracia-Morán, J.; Gil Tomás, DA.; Baraza Calvo, JC.; Gil, P. (2020). Reducing the Overhead of BCH Codes: New Double Error Correction Codes. Electronics. 9(11):1-14. https://doi.org/10.3390/electronics9111897S114911Fujiwara, E. (2005). Code Design for Dependable Systems. doi:10.1002/0471792748Xinmiao, Z. (2017). VLSI Architectures for Modern Error-Correcting Codes. doi:10.1201/b18673Bose, R. C., & Ray-Chaudhuri, D. K. (1960). On a class of error correcting binary group codes. Information and Control, 3(1), 68-79. doi:10.1016/s0019-9958(60)90287-4Chen, P., Zhang, C., Jiang, H., Wang, Z., & Yue, S. (2015). High performance low complexity BCH error correction circuit for SSD controllers. 2015 IEEE International Conference on Electron Devices and Solid-State Circuits (EDSSC). doi:10.1109/edssc.2015.7285089IEEE 802.3-2018 - IEEE Standard for Ethernethttps://standards.ieee.org/standard/802_3-2018.htmlH.263: Video Coding for Low Bit Rate Communicationhttps://www.itu.int/rec/T-REC-H.263/enVangelista, L., Benvenuto, N., Tomasin, S., Nokes, C., Stott, J., Filippi, A., … Morello, A. (2009). Key technologies for next-generation terrestrial digital television standard DVB-T2. IEEE Communications Magazine, 47(10), 146-153. doi:10.1109/mcom.2009.52738222013 ITRS—International Technology Roadmap for Semiconductorshttp://www.itrs2.net/2013-itrs.htmlIbe, E., Taniguchi, H., Yahagi, Y., Shimbo, K., & Toba, T. (2010). Impact of Scaling on Neutron-Induced Soft Error in SRAMs From a 250 nm to a 22 nm Design Rule. IEEE Transactions on Electron Devices, 57(7), 1527-1538. doi:10.1109/ted.2010.2047907Gil-Tomás, D., Gracia-Morán, J., Baraza-Calvo, J.-C., Saiz-Adalid, L.-J., & Gil-Vicente, P.-J. (2012). Studying the effects of intermittent faults on a microcontroller. Microelectronics Reliability, 52(11), 2837-2846. doi:10.1016/j.microrel.2012.06.004Neubauer, A., Freudenberger, J., & Khn, V. (2007). Coding Theory. doi:10.1002/9780470519837Morelos-Zaragoza, R. H. (2006). The Art of Error Correcting Coding. doi:10.1002/0470035706Naseer, R., & Draper, J. (2008). DEC ECC design to improve memory reliability in Sub-100nm technologies. 2008 15th IEEE International Conference on Electronics, Circuits and Systems. doi:10.1109/icecs.2008.4674921Saiz-Adalid, L.-J., Gracia-Moran, J., Gil-Tomas, D., Baraza-Calvo, J.-C., & Gil-Vicente, P.-J. (2019). Ultrafast Codes for Multiple Adjacent Error Correction and Double Error Detection. IEEE Access, 7, 151131-151143. doi:10.1109/access.2019.2947315Saiz-Adalid, L.-J., Gil-Vicente, P.-J., Ruiz-García, J.-C., Gil-Tomás, D., Baraza, J.-C., & Gracia-Morán, J. (2013). Flexible Unequal Error Control Codes with Selectable Error Detection and Correction Levels. Computer Safety, Reliability, and Security, 178-189. doi:10.1007/978-3-642-40793-2_17Saiz-Adalid, L.-J., Reviriego, P., Gil, P., Pontarelli, S., & Maestro, J. A. (2015). MCU Tolerance in SRAMs Through Low-Redundancy Triple Adjacent Error Correction. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 23(10), 2332-2336. doi:10.1109/tvlsi.2014.2357476Gracia-Moran, J., Saiz-Adalid, L. J., Gil-Tomas, D., & Gil-Vicente, P. J. (2018). Improving Error Correction Codes for Multiple-Cell Upsets in Space Applications. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 26(10), 2132-2142. doi:10.1109/tvlsi.2018.2837220Cadence: Computational Software for Intelligent System Designhttps://www.cadence.comStine, J. E., Castellanos, I., Wood, M., Henson, J., Love, F., Davis, W. R., … Jenkal, R. (2007). FreePDK: An Open-Source Variation-Aware Design Kit. 2007 IEEE International Conference on Microelectronic Systems Education (MSE’07). doi:10.1109/mse.2007.44NanGate FreePDK45 Open Cell Libraryhttp://www.nangate.com/?page_id=232

New GF(2n) Parallel Multiplier Using Redundant Representation

A new GF(2n) redundant representation is presented. Squaring in the representation is almost cost-free. Based on the representation, two multipliers are proposed. The XOR gate complexity of the first multiplier is lower than a recently proposed normal basis multiplier when CN (the complexity of the basis) is larger than 3n-1