Sorin A. Huss

On the design of hardware building blocks for modern lattice-based encryption schemes

We present both a hardware and a software implementation variant of the learning with errors (LWE) based cryptosystem presented by Lindner and Peikert. This work helps in assessing the practicality of lattice-based encryption. For the software implementation, we give a comparison between a matrix and polynomial based variant of the LWE scheme. This module includes multiplication in polynomial rings using Fast Fourier Transform (FFT). In order to implement lattice-based cryptography in an efficient way, it is crucial to apply the systems over polynomial rings. FFT speeds up multiplication in polynomial rings, which is the most critical operation in lattice-based cryptography, from quadratic to quasi-linear runtime. For the hardware variant, we show how this fundamental building block of lattice-based cryptography can be implemented and evaluated in terms of performance. A second important component for lattice-based cryptosystems is the sampling from discrete Gaussian distributions. We examine three different variants for sampling Gaussian distributed integers, namely rejection sampling, a rounding based approach, and a look-up table based approach in hardware.

Rapid prototyping for hardware accelerated elliptic curve public-key cryptosystems

A generator-based design and validation methodology for rapid prototyping of elliptic curve public-key cryptosystem hardware is described. By their very nature, cryptosystems challenge both design and validation. Pure RTL-based synthesis is as unsuitable as high-level synthesis. Instead, a generator program accepts the two main parameters - the key size and the multiplier radix - and creates a highly efficient custom RTL description which is synthesized into a FPGA. This approach benefits the design in that it allows one to effortlessly exploit the available resources on the FPGA for variable requirements of security and performance. It is also advantageous for validation of the correctness of the design as, for small parameter values, the design can be tested exhaustively. Thus, the correctness for large key sizes depends only on the correctness of the generator. Furthermore, deploying FPGAs supports integration of an ASIC realisation of the same algorithm, which boosts performance. By emulating its interface, the ASIC can be accommodated even before fabrication, thus enabling mixed FPGA/ASIC acceleration of elliptic curve cryptosystems.

A Dependability-Driven System-Level Design Approach for Embedded Systems

The paper introduces dependability as an optimization criterion in the system-level design process of embedded systems. Given the pervasiveness of embedded systems, especially in the area of highly dependable and safety-critical systems, it is imperative to consider dependability in the system level design process directly. This naturally leads to a multi-objective optimization problem, as cost and time have to be considered too. The paper proposes a genetic algorithm to solve this multi-objective optimization problem and to determine a set of Pareto optimal design alternatives in a single optimization run. Based on these alternatives, the designer can choose his best solution, finding the desired tradeoff between cost, schedulability, and dependability.

VLSI system design using asynchronous wave pipelines: a 0.35 /spl mu/m CMOS 1.5 GHz elliptic curve public key cryptosystem chip

This paper presents VLSI system design using asynchronous wave pipelines (AWPs) with a public key crypto chip as an example. The design challenges imposed by the crypto chip include very wide data paths, bit-level wave pipelining, hierarchical control resulting in different frequency domains, and interfacing synchronous registers with asynchronous controllers and data paths. The timing analysis indicates that AWPs operate more safely than synchronous wave pipelines. At the circuit level, SRCMOS is shown to be superior to previously proposed logic styles for wave pipelining. The same circuit style applies for both data path and control. Following some mathematics and cryptography background, the architecture of the chip is detailed whose outstanding feature is a wave pipelined Massey-Omura finite field multiplier. Simulations from layout of key circuits running at a rate of 1.5 GHz in a 0.35 /spl mu/m CMOS process demonstrate the feasibility of the AWP concept.

A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem

The McEliece public-key cryptosystem relies on the NP-hard decoding problem, and therefore, is regarded as a solution for postquantum cryptography. Though early known, this cryptosystem was not employed so far because of efficiency questions regarding performance and communication overhead. This paper presents a novel processor architecture as a high-performance platform to execute key generation, encryption, and decryption according to this cryptosystem. A prototype of this processor is realized on a reconfigurable device and tested via a dedicated software interface. A comparison with a similar software solution highlights the performance advantage of the proposed hardware solution.

A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms

McEliece scheme represents a code-based public-key cryptosystem. So far, this cryptosystem was not employed because of efficiency questions regarding performance and communication overhead.This paper presents a novel processor architecture as a high-performance platform to execute key generation, encryption and decryption according to this cryptosystem. A prototype of this processor is realized on Virtex-5 FPGA and tested via a software API. A comparison with a similar software solution highlights the performance advantage of the proposed hardware solution.

Bil: A tool-chain for bitstream reverse-engineering

This paper performs an investigation into the security of Xilinx FPGA bitstreams, introducing a tool-chain for reversing bitstreams back to their device-specific netlists. Bitstream reversal is performed by querying a database containing the mapping of bitstream bits to their related configurable FPGA resources and a secondary database describing the FPGA structure. The mapping database is created by applying an algorithm that correlates binary bitstream data with data extracted from a corresponding netlist. The resource database is derived from a textual device description which can be obtained from the Xilinx design flow. The method can successfully reverse certain sections of the bitstream, although complete bitstream reversal remains infeasible for the time being. The presented tool-chain, the Bitfile Interpretation Library (BIL), improves on previous attempts at bitstream reverse engineering. It is made available as open source for further development.

Audio watermarking algorithm for real-time speech integrity and authentication

Data integrity and source origin authentication are essential topics for real-time multimedia systems. But traditional method, such as MAC, is not very applicable to overcome the distortion introduced in real-time multimedia communication. In this paper a new integrity mechanics deploying speech watermarking is presented. The advocated approach adopts public key encryption to efficiently generate non-repudiate speech. In the last part of the article, a speech watermarking algorithm incorporating with GSM 610 full-rate coder is proposed.

Asynchronous wave pipelines for high throughput datapaths

A novel VLSI pipeline architecture for high-speed clockless computation is proposed. It features gate-level pipelining to maximize throughput and uses dynamic latches to keep the latency low. The most salient property is the asynchronous operation using a modified handshake protocol. Data words are accompanied by associated control signals resembling a local clock and propagate in coherent waves through the logic. As a result one can take advantage of the asynchronous operation and avoid the problems prevalent with global high-speed clocks in synchronous designs. HSpice simulations of an 4-bit adder designed in 0.7 /spl mu/m CMOS indicate throughput data rates at 1 GHz.

Side channel analysis of the SHA-3 finalists

At the cutting edge of todays security research and development, the SHA-3 competition evaluates a new secure hashing standard in succession to SHA-2. The five remaining candidates of the SHA-3 competition are BLAKE, Grøstl, JH, Keccak, and Skein. While the main focus was on the algorithmic security of the candidates, a side channel analysis has only been performed for BLAKE and Grøstl [1]. In order to equally evaluate all candidates, we identify side channel attacks on JH-MAC, Keccak-MAC, and Skein-MAC and demonstrate the applicability of the attacks by attacking their respective reference implementation. Additionally, we revisit the side channel analysis of Grøstl and introduce a profiling based side channel attack, which emphasizes the importance of side channel resistant hash functions by recovering the input to the hash function using only the measured power consumption.