Chester Rebeiro

Pushing the limits of high-speed GF (2 m ) elliptic curve scalar multiplication on FPGAs

In this paper we present an FPGA implementation of a high-speed elliptic curve scalar multiplier for binary finite fields. High speeds are achieved by boosting the operating clock frequency while at the same time reducing the number of clock cycles required to do a scalar multiplication. To increase clock frequency, the design uses optimized implementations of the underlying field primitives and a mathematically analyzed pipeline design. To reduce clock cycles, a new scheduling scheme is presented that allows overlapped processing of scalar bits. The resulting scalar multiplier is the fastest reported implementation for generic curves over binary finite fields. Additionally, the optimized primitives leads to area requirements that is significantly lesser compared to other high-speed implementations. Detailed implementation results are furnished in order to support the claims.

Bitslice implementation of AES

Network applications need to be fast and at the same time provide security. In order to minimize the overhead of the security algorithm on the performance of the application, the speeds of encryption and decryption of the algorithm are critical. To obtain maximum performance from the algorithm, efficient techniques for its implementation must be used and the implementation must be tuned for the specific hardware on which it is running. Bitslice is a non-conventional but efficient way to implement DES in software. It involves breaking down of DES into logical bit operations so that N parallel encryptions are possible on a single N-bit microprocessor. This results in tremendous throughput. AES is a symmetric block cipher introduced by NIST as a replacement for DES. It is rapidly becoming popular due to its good security features, efficiency, performance and simplicity. In this paper we present an implementation of AES using the bitslice technique. We analyze the impact of the architecture of the microprocessor on the performance of bitslice AES. We consider three processors; the Intel Pentium 4, the AMD Athlon 64 and the Intel Core 2. We optimize the implementation to best utilize the superscalar architecture and SIMD instruction set present in the processors.

High Speed Compact Elliptic Curve Cryptoprocessor for FPGA Platforms

This paper proposes an efficient high speed implementation of an elliptic curve crypto processor (ECCP) for an FPGA platform. The main optimization goal for the ECCP is efficient implementation of the important underlying finite field primitives namely multiplication and inverse. The techniques proposed maximize the utilization of FPGA resources. Additionally improved scheduling of elliptic curve point arithmetic results in lower number of register files thus reducing the area required and the critical delay of the circuit. Through several comparisons with existing work we demonstrate that the combination of the above techniques helps realize one of the fastest and compact elliptic curve processors.

Theoretical Modeling of Elliptic Curve Scalar Multiplier on LUT-Based FPGAs for Area and Speed

This paper uses a theoretical model to approximate the delay of different characteristic two primitives used in an elliptic curve scalar multiplier architecture (ECSMA) implemented on k input lookup table (LUT)-based field-programmable gate arrays. Approximations are used to determine the delay of the critical paths in the ECSMA. This is then used to theoretically estimate the optimal number of pipeline stages and the ideal placement of each stage in the ECSMA. This paper illustrates suitable scheduling for performing point addition and doubling in a pipelined data path of the ECSMA. Finally, detailed analyses, supported with experimental results, are provided to design the fastest scalar multiplier over generic curves. Experimental results for GF(2163) show that, when the ECSMA is suitably pipelined, the scalar multiplication can be performed in only 9.5 μs on a Xilinx Virtex V. Notably the design has an area which is significantly smaller than other reported high-speed designs, which is due to the better LUT utilization of the underlying field primitives.

Revisiting the Itoh-Tsujii Inversion Algorithm for FPGA Platforms

The Itoh-Tsujii multiplicative inverse algorithm (ITA) forms an integral component of several cryptographic implementations such as elliptic curve cryptography. For binary fields generated by irreducible trinomials, this paper proposes a modified ITA algorithm for efficient implementations on field-programmable gate-array (FPGA) platforms. Efficiency is obtained by the fact that the adapted ITA algorithm uses FPGA resources better and requires shorter addition chains. Evidence is furnished and supported with experimental results to show that the proposed architecture outperforms reported results. The proposed method is also shown to be scalable with respect to field sizes.

Cryptanalysis of CLEFIA using differential methods with cache trace patterns

In this paper we use a combination of differential techniques and cache traces to attack the block cipher CLEFIA in less than 214 encryptions on an embedded processor with a cache line size of 32 bytes. The attack is evaluated on an implementation of CLEFIA on the PowerPC processor present in the SASEBO side channel attack evaluation board. The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles. Experimental results have been presented to show that the power consumption of the device reveal the cache access patterns, which are then used to obtain the CLEFIA key. Further, a simple low overhead countermeasure is implemented that is guaranteed to prevent cache attacks.

Cache Timing Attacks on Clefia

The paper discusses the performance of cache timing attacks on Clefia, which is based on the generalized Feistel structure and implemented using small tables. We mention the difficulties on mounting a timing based cache attack on the cipher, and then explain why a cache attack is still possible. To the best of our knowledge, no reported work on cache attacks target ciphers which are implemented with small tables. Our attack uses the fact that parallelization and pipelining of memory accesses can only be done within a single round of a cipher, but not across rounds. Our findings show that 121 bits of the 128 bit key can be revealed in 226.64 Clefia encryptions on an Intel Core 2 Duo machine.

Theory of Composing Non-linear Machines with Predictable Cyclic Structures

The paper proposes construction techniques for group non-linear Cellular Automata (CA) composing smaller non-linear invertible CA with linear group CA. We prove that such a scheme generates machines with state transitions having predictable cyclic properties. We show that with appropriate choice of the rules of the linear CA we may obtain invertible, balanced Boolean mappings with strong non-linearity. Extensive experimental results are provided to support the claims made.

An enhanced differential cache attack on CLEFIA for large cache lines

Reported results on cache trace attacks on CLEFIA do not work with increased cache line size. In this paper we present an enhanced cache trace attack on CLEFIA using the differential property of the s-boxes of the cipher and the diffusion properties of the linear transformations of the underlying Feistel structures. The attack requires 3 round keys, which are obtained by monitoring cache access patterns of 4 rounds of the cipher. A theoretical analysis is made on the complexity of the attack, while experimental results are presented to show the effectiveness of power and timing side-channels in deducing cache access patterns. The efficacy of the attack is theoretically justified by showing the effect of cache line size on the time and space complexity of the attack. Finally countermeasures that guarantee security against cache-attacks are compared for their efficiency on large cache lines.

Hardware Prefetchers Leak: A Revisit of SVF for Cache-Timing Attacks

Micro-architectural features have an influence on security against cache attacks. This paper shows that modern hardware prefetchers enabled in cache memories to reduce the miss penalty, can be a source of information leakage with respect to cache-timing attacks. The work revisits the Side Channel Vulnerability Factor (SVF) proposed in ISCA¿12 and shows how to adapt the metric to assess the vulnerability of a prefetcher in cache-timing attacks. We use the modified metric denoted Timing-SVF, to show that standard prefetchers based on sequential algorithms can leak information in cache timing attacks. The findings have been established by experimental validations on a standard 128 bit cipher, called CLEFIA, designed by Sony Corporation Ltd. and used for light weight cryptography.