hardware acceleration of ecc cryptography
DESCRIPTION
TRANSCRIPT
1
Defense University
College Of Engineering
Post graduate programs and Research Office
M-Tech Thesis Project Proposal
Thesis Title: Hardware Acceleration of ECC (Elliptic Curve
Cryptography): Algorithm Design and Simulation
By
Alemayehu Tilahun
Supervisor: Manoj V.N.V (Dr.)
Department: Computer and Information Technology
Specialization: Computer Engineering
December, 2013
Bishoftu
2
Abstract
Because of the increase and complexity of information processing and telecommunications
revolutions, there is an increasing demand for techniques to keep information secret, to determine
that information has not been forged and to determine who authored pieces of information.
Cryptographic techniques are currently being utilized for these purposes. Elliptic Curve
Cryptography (ECC) has been receiving a lot of attention in the last years because of the benefits
it offers. ECC is an alternative to traditional public key cryptographic systems. Even though, RSA
(Rivest-Shamir-Adleman) was the most prominent cryptographic scheme, it is being replaced by
ECC in many systems. This is due to the fact that ECC gives higher security with shorter bit length
than RSA. In Elliptic curve based algorithms elliptic curve point multiplication is the most
computationally intensive operation. To this extent implementing point multiplication using
hardware makes ECC more attractive for high performance servers and small devices. Therefore
I am very interested to present and conduct final thesis paper for my postgraduate studies focusing
on the title “Hardware Acceleration of Elliptic Curve Based Cryptographic Algorithms: Design
and Simulation”.
Keywords: Cryptographic Algorithms, ECC Cryptographic Algorithm, FPGA, Scalar
Multiplications and Hardware implementation.
3
Acronyms
ASIC Application Specific Integrated Circuits
ECC Elliptic Curve Cryptography
FPGA Field Programmable Gate Array
GF Galois Field
HDL Hardware Definition Language
MoND Ministry of National Defense
RSA Riverst-Shamir-Adleman
VHDL Very high speed integrated circuits HDL
4
List of tables
Table No. Description page No.
Table 6.1 Time budgeting 9
Table 6.2 Cost breakdowns 10
5
Table of contents
Contents Page No.
I. Introduction 1
II. Literature Survey 2
III. Statement of the Problem 4
IV. General Objective 5
V. Specific Objectives 5
VI. Scope of the Study 5
VII. Limitation of the Thesis 6
VIII. Methodology 6
IX. Expected Outcome 7
X. Importance of the Proposed Project in the
Context of the Current status 8
XI. Work Plan or Time Schedule 9
XII. Material and Financial Requirements 10
XIII. References 11
6
I) Introduction
In the past traditional communications were based on letters, payments were done using checks or
cash, and secret documents were saved in sealed boxes. Today everything is changed, and is
changing quickly. (Jamshid, 2006)
As the Internet technology expands, it will encompass not only server and desktop systems, but
also large numbers of small devices such as cell phones. Communications among these systems
are usually conducted in an accessible environment such as Internet and wireless networks.
These trends are going to make the life easier but at the same time produce security risks and
expose them to potential attackers that could tamper with them, eavesdrop communications, alter
transmitted data, or attach unauthorized devices to the network. These risks can be mitigated by
employing strong cryptography to ensure authentication, authorization, data confidentiality, and
data integrity. (Mubarek and Manoj, 2008)
There are two popular kinds of cryptographic protocols, namely public key and private key
protocols. In private key protocols, a common key is used by both communication partners and for
both encryption and decryption. Among them AES is one example.
These systems provide high speed but have the drawback that a common key must be established
for each pair of participants. In public key protocols we have two keys, one is kept private and
used either for decryption (confidentiality) or encryption (signature) of messages. (M. Joye and
J.J, 2004)
The public key, is published to be used for the reverse operation. ECC, and RSA are examples of
public key systems. These systems are slower than the symmetric ones, but they provide arbitrarily
high levels of security and do not require an initial private key exchange.
7
Due to this comparative slowness of the public key algorithms, dedicated hardware logic gates
support is desirable as a result, performance of the algorithm can be maximized.
FPGAs are an attractive choice for implementing cryptographic algorithms on hardware’s’,
because of their low cost in prototyping relative to ASICs. FPGAs are flexible when adopting
security protocol upgrades, as they can be re-programmed in-place.
FPGAs also allow rapid prototyping of designs. Therefore focus of this work will be about the
design of Hardware acceleration of Elliptic Curve Cryptography and the study of different
techniques which can be used to increase its performance.
II) Literature Survey
Different scholars and researchers at various time reported about Elliptic Curve cryptography
(ECC) that may help and design of this thesis work in the coming platforms. These works mostly
inculcate explaining hardware and software implementations in Elliptical Curve Cryptography
using Galois field Arithmetic’s. Therefore this part infers and summarizes possible work in this
area.
1. Hardware Implementations
Hardware implementation of elliptical curve cryptographic Systems results in higher performance
as compared with the software implementations but with relatively low flexibility. Existing
hardware implementations vary in the following aspects: GF (2m), GF (P), key length (from 163-
233bits), platform (FPGA, and ASIC), for the good of this thesis work, we review some of the
FPGA implementations of ECC over GF (2m).
Martin Christopher made the first attempt to implement scalar multiplication using
reprogrammable hardware namely FPGA. It was implemented on Vertex-II family device called
Xilinx XC402XPG475-1 and point multiplication takes 5.65msce. The latency was almost the
same as the recent software implementation.
The second reconfigurable elliptic curve co-processor is designed over GF (2163). The design
consists of main controller, arithmetic unit controller and arithmetic units. The prototype of the
processor has been implemented on a Xilinx XCV2000E FPGA. The prototype runs at 66 MHZ
8
and performs an elliptic curve scalar multiplication in 0.233 msec on a generic curve and 0.075
msec on a Koblitz curve. This work was used encoding for the scalar multiplier. The encoding is
not implemented on hardware. For experimentation, output of software implementation encoding
is used. Another hardware accelerator is also implemented over GF (2163). The accelerator runs
at 45 MHZ on Xilinx Vertex FPGA and takes 1.21 msec to perform a 163-bit elliptic scalar
multiplication. In addition scalar multiplication is implemented using Montgomery Ladder
method. The method is suitable for parallel implementation of the finite field units. The latter used
several multipliers and squaring units in each component of the scalar multiplier. The resulting
design is synthesized on Xilinx XCV2000E and a scalar multiplication takes 53µs. Its resource
usage is higher than most works in this area.
In addition to the hardware implementations discussed above, there exist other FPGA
implementations for binary fields in the literature, such as [5, 6, 8, 12, 13 and 25].
2. Software Implementation
Software implementations of Elliptic curve cryptographic systems are many. To make the
implementations efficient various algorithms are suggested for arithmetic and curve level
operations. In this section, only those works relevant to this work are summarized.
At the arithmetic level, multiplication and inversion are the two time consuming operations,
inversion being many fold slower than multiplication. A lookup table based efficient multiplication
is proposed in M. Joye and J.-J and implemented and reported in Chanho L. and Jeongho L. Inversion
can be implemented using square and multiplication method and an efficient method is proposed
by T. Itoh and S. Tsujii .
An elliptic curve system is implemented for a key exchange protocol. The implementation is
simplified by choosing the curve parameter equal to zero. The system architecture relies on
arithmetic in GF (2155) using polynomial representation and an optimized inversion algorithm
based on Euclidean division. The implementation performed multiplication of an elliptic curve
point in 7.8 milliseconds on a DEC Alpha 3000 RISC machine (64bit, 450MHZ clock speed,
256Mbyte RAM).
9
Summary
Efficient hardware design comprises of two components. The first and obvious component is
optimized (high speed with a given target device) hardware designed for the appropriate task. The
second and highly important component is the underlying algorithm to be used in the hardware
design.
As for the algorithm, we studied many algorithms. Among them a digit serial multiplier which is
proposed in L. Goubin and M. Matsui, efficient inversion algorithm due to Itoh and Tsujii and
Montgomery scalar multiplication by Lopez and Dahab are the major ones.
Hardware implementations of scalar multiplication revised in this chapter can generally be
grouped into two. The first group is similar to the works in J. Riley and M.J. Shulte. Point
multiplication acceleration is implemented by encoding the scalar multiplier and by using
Montgomery scalar multiplication. The encoding is not implemented in hardware. It is good in
resource utilization as well as latency. The second group which is similar to the works in uses
Montgomery ladder method for scalar multiplication. The algorithm is ideal for parallel
computations. This property of the algorithm is used extensively in the design.
Both groups discussed have their own draw backs. The first one uses encoding for the scalar
multiplier which complicates the hardware implementation. The second one uses multiple
hardware units in the design hierarchy such as multipliers. Our work will alleviate these
problems by using the Montgomery ladder method for scalar multiplication and using
parallelism but utilizing the resource in an efficient manner.
III) Statement of the problem
Scalar multiplication is the most time consuming operation in Elliptic curve based cryptosystems.
Efficient implementation of ECC algorithms using software is not fast enough on server computers
which give service to many users. Implementing this multiplication on hardware makes ECC
protocols more attractive. While the general purpose microprocessor is doing its routine task the
time consuming operations can be executed using co-processor designed on a special
10
reprogrammable hardware’s such as FPGA.
IV) General objective
The General objective of this study is to design and simulate Hardware acceleration of elliptical
curve cryptography (ECC).
V) Specific objectives
The Specific objectives of the Study are:
To design and simulate finite arithmetic units for binary fields using Xilinx design suite
V14.5 Software
To implement and measure performance of scalar multiplication on Xilinx design suite
V14.5 software
To integrate the finite arithmetic units into an efficient hardware scalar multiplier.
To compare the performance of the hardware multiplier with the software
implementation and other related works.
VI) Scope of the Study
In this thesis, the performance of hardware units are designed for multiplication, inversion,
squaring and addition for binary fields and compared with that of the software. These finite field
arithmetic units are then integrated together to create an elliptic curve cryptographic Hardware
capable of computing the scalar multiplication on elliptic curves.
To measure the efficiency of the hardware, the design is translated into a hardware description
language namely Verilog. Then simulation is done for functionality and timing analysis using
Xilinx design suite V14.5 software.
11
VII) Limitation of the thesis
In conducting this thesis work, the researcher may expect the following challenges.
1. As the Cryptographic technology is not yet introduced in other governmental and private
Organizations in the county (Ethiopia) other than MoND, the scope of the thesis will only
be bounded to MoND.
2. As the result of the above reason, lack enough secondary data may be expected.
3. As Information in Military institutions’ (MoND) are highly confidential, organization may
be reluctant in giving relevant information.
VIII) Methodology
The following methodology is followed to design and simulate a hardware accelerator for Elliptic
curve cryptography (ECC).
Target Area
The Target Area of the study will be mainly the Ministry of National Defense force of Ethiopia
(MoND) particularly Military Information and Communication Main department. In addition to
this some selected Governmental and Commercial firms will be some beneficiary stack holder of
this thesis.
Literature survey
As both Elliptic curve cryptography and reconfigurable computing are relatively new areas of
study, a lot of time will spent on understanding both of them. The following are some of study
made and needs intensive reading.
Abstract algebra especially finite field arithmetic
Elliptic curve cryptography
Reconfigurable computing using FPGA
12
Survey of related works
Software Used in the thesis
For the sake of making the thesis current and up-to-date I will be using the latest software’s like
Xilinx ISE Design Suite 14.5 Software integrated with relevant tools and components
As Xilinx ISE Design Suite 14.5 software is require additional application software’s
mainly Mat lab I may also require MATLAB R2013b.
Hardware acceleration on FPGA
Hardware design and realization of FPGA for binary field arithmetic units and synthesis,
timing and functional simulation using Xilinx ISE Design Suite 14.5 tool will be done on
general purpose vertex 7 family namely XC7VX330T.
Realization of scalar multiplier using Xilinx ISE Design Suite 14.5 on the selected FPGA
board on the Software package on the specified device name.
Comparison between the ECC based software implementation related works and hardware
realization result from Xilinx ISE Design Suite 14.5 Software in this thesis.
IX) Expected outcome of the thesis
1. Xilinx ISE Design Suite 14.5 Software should generate a synthesized result for Field Multiplier
is synthesized for different digit size.
2. There should exist a synthesized result on Performance and resource Utilization for scalar
Multiplication over GF(2163) using Xilinx ISE Design Suite 14.5 Software
3. There should exist a synthesized result on Performance and resource Utilization for inversion and
squiring over GF(2163) using Xilinx ISE Design Suite 14.5 Software
4. The performance efficiency of Synthesized Scalar Multiplication output result using Xilinx
ISE Design Suite 14.5 tool need to be much more efficient than the software
implementations of other researchers work.
13
X) Importance of the Proposed Project in the Context of Current Status
After completing the proposed thesis, the result obtained will have a direct application and
importance to the target stakeholders (MoND). This can be exemplified inferring the Information
and communication technology gaps used in MoND combat units these days.
To win a war in any combat missions, the communication channels, secured and the timeliness of
getting information as well as the process of dissemination to the target personnel is very critical.
Therefore this thesis on Hardware acceleration of Elliptic Curve cryptography will deliver
comparative importance in advancing the Security and performance of information
communication and dissemination activities in the current MoND.
14
15
XI) Work Plan or Time Schedule
S.No
Activities
Month, YYY
October November December January February March April May
Weeks Weeks Weeks Weeks Weeks Weeks Weeks Weeks
1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4
1
Thesis Proposal Development
2 Thesis Proposal Approval by advisor
3 Thesis Proposal Presentation
4 Data Collection
5 Literature Survey
6 Design and coding on Xilinx Design Suit
8 Analyze Result based on the Experiment
9 Based on the Result Develop Conclusion and
Recommendation
10 Writing the Draft thesis Proposal
11 Writing the Final thesis proposal
12 Thesis Defense
16
XII) Materials and Financial Requirements
17
XIII) References
[1] A. Menezes and S. Vanstone, Elliptic curve cryptosystems and their implementation, Journal of
Cryptography, Vol. 6, No. 4,1993, pp. 209-224.
[2] Chanho L. and Jeongho L. , Design of an Elliptic Curve Cryptography Processor Using a
Scalable Finite Field Multiplier in GF(2193
), Journal of the Korean Physical
Society, Vol. 44, No. 1, January 2004, pp. 39-45
[3] Darrel H. and etal , Guide to Elliptic Curve cryptography, SPRINGER ROFESSIONAL
COMPUTING, 2004
[4] G. Harper, A. Menezes and S. Vanstone, Public-key Cryptosystems with Very Small Key
Lengths, Advances in Cryptology-Eurocrypt '92, Lecture Notes in Computer
Science 658, Springer-Verlag Berlin, Vol. 658/1993, 1993, pp. 163-173.
[5] J. Deschamps and etal. , Synthesis of Arithmetic circuits: FPGA, ASIC and embedded Systems,
John Willey & Sons, 2006
[6] J. Guajardo and Christof Paar, Efficient Algorithms for Elliptic Curve Cryptosystem, Advances in
Cryptology — CRYPTO '97, Lecture Notes in Computer Science, Springer-E-ISSN:
2224- 266X87 M. B. I. Reaz, J. Jalil, H. Husian, F. H. Hashim Verlag Berlin, Vol.
1294/1997, 1997, pp. 342-356.
[7] M. Joye and J.-J. Comparing Elliptic Curve Cryptography and RSA on 8-Bit CPUs Quisquater
(Eds.): CHES 2004, LNCS 3156, pp. 119–132, 2004
[8] Mubarek K. and Manoj V.N.V, Hardwaere acceleration of elliptic curve based cryptographyic
algotrithms, AAU, April, 2008, pp. 1-56
[9] N. Koblitz, Elliptic Curve Cryptosystems, Mathematics of Computation, 1987, Vol. 48, No.
177, pp.203-209.
18
[10] V. Miller, Use of Elliptic Curves in Cryptography, Advances in Cryptology - Crypto '85
proceedings, Lecture Notes in Computer Science, Springer-Verlag Berlin, Vol.
218/1986, 1986, pp. 417-426.
[11] William Stallings, Cryptography and Network Security Principles and Practices, 4th
edition,
Prince Hall, 2005