Alessandro Cilardo

Elliptic Curve Cryptography Engineering

In recent years, elliptic curve cryptography (ECC) has gained widespread exposure and acceptance, and has already been included in many security standards. Engineering of ECC is a complex, interdisciplinary research field encompassing such fields as mathematics, computer science, and electrical engineering. In this paper, we survey ECC implementation issues as a prominent case study for the relatively new discipline of cryptographic engineering. In particular,we show that the requirements of efficiency and security considered at the implementation stage affect not only mere low-level, technological aspects but also, significantly, higher level choices, ranging from finite field arithmetic up to curve mathematics and protocols.

Carry-save Montgomery modular exponentiation on reconfigurable hardware

In this paper we present a hardware implementation of the RSA algorithm for public-key cryptography. Basically, the RSA algorithm entails a modular exponentiation operation on large integers, which is considerably time-consuming to implement. To this end, we adopted a novel algorithm combining the Montgomerys technique and the carry-save representation of numbers. A highly modular, bit-slice based architecture has been designed for executing the algorithm in hardware. We also propose an FPGA-based implementation of the architecture developed. The characteristics of the algorithm, the regularity of the architecture, and the data-flow aware placement of the FPGA resources resulted in a considerable performance improvement, as compared to other implementations presented in the literature.

A new speculative addition architecture suitable for two's complement operations

Existing architectures for speculative addition are all based on the assumption that operands have uniformly distributed bits, which is rarely verified in real applications. As a consequence, they may be disadvantageous for real-world workloads, although in principle faster than standard adders. To address this limitation, we introduce a new architecture based on an innovative technique for speculative global carry evaluation. The proposed architecture solves the main drawback of existing schemes and, evaluated on real-world benchmarks, it exhibits an interesting performance improvement with respect to both standard adders and alternative architectures for speculative addition.

Improving Multibank Memory Access Parallelism with Lattice-Based Partitioning

Emerging architectures, such as reconfigurable hardware platforms, provide the unprecedented opportunity of customizing the memory infrastructure based on application access patterns. This work addresses the problem of automated memory partitioning for such architectures, taking into account potentially parallel data accesses to physically independent banks. Targeted at affine static control parts (SCoPs), the technique relies on the Z-polyhedral model for program analysis and adopts a partitioning scheme based on integer lattices. The approach enables the definition of a solution space including previous works as particular cases. The problem of minimizing the total amount of memory required across the partitioned banks, referred to as storage minimization throughout the article, is tackled by an optimal approach yielding asymptotically zero memory waste or, as an alternative, an efficient approach ensuring arbitrarily small waste. The article also presents a prototype toolchain and a detailed step-by-step case study demonstrating the impact of the proposed technique along with extensive comparisons with alternative approaches in the literature.

Adaptable Parsing of Real-Time Data Streams

Todays business processes are rarely accomplished inside the companies domains. More often they involve entities geographically distributed which interact in a loosely coupled cooperation. While cooperating, these entities generate transactional data streams, such as sequences of stock-market buy/sell orders, credit-card purchase records, Web server entries, and electronic fund transfer orders. Such streams are often collections of events stored and processed locally, and they thus have typically ad-hoc, heterogeneous formats. On the other hand, elements in such data streams usually share a common semantics and indeed they can be profitably mined in order to obtain combined global events. In this paper, we present an approach to the parsing of heterogeneous data streams based on the definition of format-dependent grammars and automatic production of ad-hoc parsers. The stream-dependent parsers can be obtained dynamically in a totally automatic way, provided that the appropriate grammar, written in a common format, is fed into the system. We also present a fully working implementation, that has been successfully integrated into a telecommunication environment for real-time processing of billing information flows

Exploiting Vulnerabilities in Cryptographic Hash Functions Based on Reconfigurable Hardware

Cryptanalysis, i.e., the study of methods for breaking cryptographic algorithms, can greatly benefit from hardware acceleration as a key aspect enabling high-performance attacks. This work investigates the new opportunities inherently provided by a particular class of hardware technologies, i.e., reconfigurable hardware devices, addressing the cryptanalysis of the SHA-1 hash function as a case study. We show how hardware reconfiguration enables some unexplored approaches such as algorithm and architecture exploration, as well as on-the-fly system specialization relying on hardware programmability. We also identify some new cryptanalysis methods, including two novel techniques for SHA-1 cryptanalysis called interbit constraints and constraint relaxation. Relying on the proposed approaches, we designed an FPGA-based platform targeting 71- and 75-round versions of SHA-1. Under the same cost budget, the estimated times for a collision achieved by the platform are at least one order of magnitude lower than other solutions based on high-end supercomputing facilities, reaching the highest performance/cost ratio for SHA-1 collision search and providing a striking confirmation of the impact of hardware reconfigurability.

Fast Parallel GF(2^m) Polynomial Multiplication for All Degrees

Numerous works have addressed efficient parallel GF(2m) multiplication based on polynomial basis or some of its variants. For those field degrees where neither irreducible trinomials nor Equally Spaced Polynomials (EPSs) exist, the best area/time performance has been achieved for special-type irreducible pentanomials, which however do not exist for all degrees. In other words, no multiplier architecture has been proposed so far achieving the best performance and, at the same time, being general enough to support any field degrees. In this paper, we propose a new representation, based on what we called Generalized Polynomial Bases (GPBs), covering polynomial bases and the so-called Shifted Polynomial Bases (SPBs) as special cases. In order to study the new representation, we introduce a novel formulation for polynomial basis and its variants, which is able to express concisely all implementation aspects of interest, i.e., gate count, subexpression sharing, and time delay. The methodology enabled by the new formulation is completely general and repetitive in its application, allowing the development of an ad-hoc software tool to derive proofs for area complexity and time delays automatically. As the central contribution of this paper, we introduce some new types of irreducible pentanomials and an associated GPB. Based on the above formulation, we prove that carefully chosen GPBs yield multiplier architectures matching, or even outperforming, the best special-type pentanomials from both the area and time point of view. Most importantly, the proposed GPB architectures require pentanomials existing for all degrees of practical interest. A list of suitable irreducible pentanomials for all degrees less than 1,000 is given in the appendix (Fig. 5 and Tables 4-11 are provided in a separate file containing the body of Appendix, which can be found on the Computer Society Digital Library at >http://doi.ieeecomputersociety.org/10.1109/TC.2012.63).

Exploring the design-space for FPGA-based implementation of RSA

Abstract In this paper, we present two alternative architectures for implementing the Rivest–Shamir–Adleman (RSA) algorithm on reconfigurable hardware. Both architectures are innovative, especially with respect to the implementation of modular multiplication. As to the area vs time trade-off, the two solutions are at the extremes of the design-space, since one adopts a word serial approach, while the other has a fully parallel organization. Based on the analysis of these architectures for different values of the serialization factor, we explore the design-space for the field-programmable gate array (FPGA)-based implementation of the RSA algorithm. We systematically analyze and compare the results of the two design processes with respect to two fundamental metrics, namely execution time and FPGA resource usage. We emphasize pros and cons and comment trade-offs of the two design alternatives.

Design automation for application-specific on-chip interconnects

On-chip interconnects provide a vital facility for highly parallel MultiProcessor Systems-on-Chip, particularly in data-intensive applications, where the choice of the underlying communication architecture, tailored on the particular application requirements, is critical to the global performance. This survey focuses on the design automation of a broad class of communication architectures, here referred to as structured on-chip interconnects, the predominant choice in most real-world systems. Such interconnects benefit from well-established standards, CAD compatibility, predictable performance, and are highly scalable for many types of applications. However, in spite of their importance for current MPSoCs and their recent technology advancements, the design methodologies for structured on-chip interconnects have never been exhaustively surveyed so far, unlike application-oblivious interconnect solutions like Networks-on-Chip. The essential aim of this paper is to fill this gap by presenting an extensive review of state-of-the-art design automation techniques for application-specific on-chip interconnects. The paper goes through the main options available for building different on-chip interconnect topologies, discussing the details of hierarchical buses, crossbars, and cascaded crossbars as well as the approaches that can be adopted to formalize the description of such topologies and the related parameters of interest. Then, the paper surveys the most relevant techniques proposed in the literature to analyze a given interconnect solution, i.e. quantify parameters such as latency, bandwidth, area cost, power consumption, operating frequency, followed by an in-depth review of the main approaches for interconnect synthesis, including several advanced aspects such as co-synthesis of memory and communication architectures, joint scheduling and interconnect synthesis, floorplanning, dynamic configuration, multi-path communication. After presenting the above approaches, the paper discusses the potential impact that the body of research in the area of on-chip interconnects may have on current trends and emerging interconnect technologies.

New Techniques and Tools for Application-Dependent Testing of FPGA-Based Components

Field programmable gate array (FPGA) devices are increasingly being deployed in industrial environments, making reconfigurable hardware testing and reliability an active area of investigation. While FPGA devices can be tested exhaustively, the so-called application-dependent test (ADT) has emerged as an effective approach ensuring reduced testing efforts and improving the manufacturing yield since it can selectively exclude a subset of faults not affecting a given design. In addition to manufacturing, ADT can be used online, providing a solution for fast runtime fault detection and diagnostics. This paper identifies a number of issues in existing ADT techniques which limit their applicability and proposes new approaches improving the range of covered faults, with special emphasis on feedback bridging faults, as well as new algorithms for generating ADT test configurations. Furthermore, the work introduces a software environment addressing the current lack of tools, either academic or commercial, supporting ADT techniques. The architecture of the environment is highly modular and extensively based on a plug-in approach. To demonstrate the potential of the toolset, we developed a complete suite of plug-ins, based on both state-of-the-art ADT techniques and the novel approaches introduced here. The experimental results presented at the end of the paper confirm the impact of the proposed techniques.