Enrico Martinelli

A VLSI modulo m multiplier

A novel method to compute the exact digits of the modulo m product of integers is proposed, and a modulo m multiply structure is defined. Such a structure can be implemented by means of a few fast VLSI binary multipliers, and a response time of about 150-200 ns to perform modular multiplications with moduli up to 32767 can be reached. A comparison to ROM-based structures is also provided. The modular multiplier has been evaluated asymptotically, according to the VLSI complexity theory, and it turned out to be an optimal design. This structure can be used to implement a residue multiplier in arithmetic structures using residue number systems (RNSs). The complexity of this residue multiplier has been evaluated and lower complexity figures than for ROM-based multiply structures have been obtained under several hypotheses on RNS parameters. >

A workload characterization of elliptic curve cryptography methods in embedded environments

Elliptic Curve Cryptography (ECC) is emerging as an attractive public-key system for constrained environments, because of the small key sizes and computational efficiency, while preserving the same security level as the standard methodsWe have developed a set of benchmarks to compare standard and corresponding elliptic curve public-key methods. An embedded device based on the Intel XScale architecture, which utilizes an ARM processor core was modeled and used for studying the benchmark performance. Different possible variations for the memory hierarchy of such basic architecture were considered. We compared our benchmarks with MiBench/Security, another widely accepted benchmark set, to provide a reference for our evaluation.We studied operations and impact on memory of Diffie-Hellman key exchange, digital signature algorithm, ElGamal, and RSA public-key cryptosystems. Elliptic curve cryptosystems are more efficient in terms of execution time, but their impact on memory subsystem has to be taken into account when designing embedded devices in order to achieve better performance.

Adaptive graphical pattern recognition for the classification of company logos

Abstract When dealing with a pattern recognition task two major issues must be faced: firstly, a feature extraction technique has to be applied to extract useful representations of the objects to be recognized; secondly, a classification algorithm must be devised in order to produce a class hypothesis once a pattern representation is given. Adaptive graphical pattern recognition is proposed as a new approach to face these two issues when neither a purely symbolic nor a purely sub-symbolic representation seems adequate for the patterns. This approach is based on appropriate structured representations of patterns which are, subsequently, processed by recursive neural networks, that can be trained to perform the given classification task using connectionist-based learning algorithms. In the proposed framework, the joint role of the structured representation and learning makes it possible to face tasks in which input patterns are affected by many different sources of noise. We report some results that show how the proposed scheme can produce a very promising performance for the classification of company logos corrupted by noise.

Inductive inference from noisy examples using the hybrid finite state filter

Recurrent neural networks processing symbolic strings can be regarded as adaptive neural parsers. Given a set of positive and negative examples, picked up from a given language, adaptive neural parsers can effectively be trained to infer the language grammar. In this paper we use adaptive neural parsers to face the problem of inferring grammars from examples that are corrupted by a kind of noise that simply changes their membership.We propose a training algorithm, referred to as hybrid finite state filter (HFF), which is based on a parsimony principle that penalizes the development of complex rules.We report very promising experimental results showing that the proposed inductive inference scheme is indeed capable of capturing rules, while removing noise.

How to fake an RSA signature by encoding modular root finding as a SAT problem

Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the properties of real-world problems and randomly generated problems.In this paper, spurred by the proposal of Cook and Mitchell to encode the factorization of large integers as a SAT problem, we propose the SAT encoding of another aspect of RSA, namely finding (i.e. faking) an RSA signature for a given message without factoring the modulus.Given a small public exponent e, a modulus n and a message m, we can generate a SAT formula whose models correspond to the eth roots of m modulo n, without encoding the factorization of n or other functions that can be used to factor n. Our encoding can be used to either generate solved instances for SAT or both satisfiable and unsatisfiable instances.We report the experimental results of three solvers, HeerHugo by Groote and Warners, eqsatz by Li, and smodels by Niemela and Simmons, discuss their performances and compare them with standard methods based on factoring.

Effects of Instruction-Set Extensions on an Embedded Processor: A Case Study on Elliptic Curve Cryptography over GF(2/sup m/)

Elliptic-Curve cryptography (ECC) is promising for enabling information security in constrained embedded devices. In order to be efficient on a target architecture, ECCs require accurate choice/tuning of the algorithms that perform the underlying mathematical operations. This paper contributes with a cycle-level analysis of the dependencies of ECC performance from the interaction between the features of the mathematical algorithms and the actual architectural and microarchitectural features of an ARM-based Intel XScale processor. Another contribution is the cycle-level analysis of a modified ARM processor that includes a word-level finite field polynomial multiplier (poly_mul) in its data path. This extension constitutes a good trade-off between applicability in a number of contexts, the simplicity of integration within the processor, and performance. This paper points out the most advantageous mix of elliptic curve (EC) parameters both for the standard ARM-based Intel XScale platform and for the one equipped with the polyjnul unit. In particular, the latter case allows for more than 41 percent execution time reduction on the considered benchmarks. Last, this paper investigates the correlation between the possible architectural organizations of a processor equipped with poly_mul unit(s) and EC benchmark performance. For instance, only superscalar pipelines can exploit the features of out-of-order execution and only very complex organizations (for example, four way superscalar) can exploit a high number of available ALUs. Conversely, we show that there are no benefits in endowing the processor with more than one poly_mul, and we point out a possible trade-off between performance and complexity increase: A two-way in-order/out-of-order pipeline allows +50 percent and +90 percent of Instructions per Cycle (IPC), respectively. Finally, we show that there are no critical constraints on the latency and pipelining capability of the polyjnul unit for the basic EC point multiplication.

A performance evaluation of ARM ISA extension for elliptic curve cryptography over binary finite fields

In this paper, we present an evaluation of possible ARM instruction set extension for elliptic curve cryptography (ECC) over binary finite fields GF(2/sup m/). The use of elliptic curve cryptography is becoming common in embedded domain, where its reduced key size at a security level equivalent to standard public-key methods (such as RSA) allows for power consumption savings and more efficient operation. ARM processor was selected because it is widely used for embedded system applications. We developed an ECC benchmark set with three widely used public-key algorithms: Diffie-Hellman for key exchange, digital signature algorithm, as well as El-Gamal method for encryption/decryption. We analyzed the major bottlenecks at function level and evaluated the performance improvement, when we introduce some simple architectural support in the ARM ISA. Results of our experiments show that the use of a word-level multiplication instruction over binary field allows for an average 33% reduction of the total number of dynamically executed instructions, while execution time improves by the same amount when projective coordinates are used.

Learning User Profiles in NAUTILUS

NAUTILUS is a Web recommender system that exploits a new approach to learn user profiles. The novelty consists of using a structured representation of HTML documents that allows us to split the page into logical contexts (lists, headers, paragraphs, ...). The learning algorithm is based on a new neural computational model particularly suited to process structured objects.

On the lower bound to the VLSI complexity of number conversion from weighted to residue representation

A lower bound AT/sup 2/= Omega (n/sup 2/) for the conversion from positional to residue representation is derived according to VLSI complexity theory, and existing solutions for the same problem are briefly reviewed in the light of such a bound. A VLSI system is proposed, one that operates according to a pipeline scheme and works asymptotically emulating an optimal structure, independently of residue number system parameters. This solution has been applied to a design of specific size (64-b input stream), and it has been found that a single CMOS custom chip can implement the design with a throughput of one residue representation every 30-40 ns. >

Sign detection in residue arithmetic units

Abstract The parallelism of computation, that characterizes some operations in residue number systems (RNS), is heavily reduced in operations as division, magnitude and sign detection, since numbers must be converted to the weighted system thus reducing efficiency, in spite of the efforts to speed up the conversion. In this work the problem of detecting the sign of numbers represented in RNS is considered and a procedure is devised, which keeps numbers in residue notation, and requires a redundant modulus mp+1⩾2. A sign detecting circuit is also designed that, merely to speed up the operation, exploits a further redundant modulus mr⩾p in the signed number representation. Circuit response time is evaluated, both from the complexity point of view and in a finite case, where 50 gate delays are estimated for a range [−2 64 , 2 64 −1] .