Table 4.2: The verification results on ASIC
Design ASIC
A word-based RSA scheme is given in this work. This section shows the hardware implementation results. In this thesis, all of the design in hardware is implemented using RTL (Register- Transfer-Level) Verilog HDL (hardware description language) and synthesized on application-specific integrated circuit (ASIC). The technology of ASIC design is using UMC1 90nm CMOS process. The RTL synthesizer uses Synopsys3 Design Compiler for ASIC. The data throughput of RSA is given by
39
The clock frequency is set to 285.7MHz and gatecount is 467k with three Montgomery multipliers. Cycle period is 3.5ns. The cycles of multiplication are about ( n + p)*90% cycles. And The cycles of RSA are about (n+2)*(MM cycles). Where Montgomery method must transport domain between integer and Montgomery domain, So there are two extra MM cycles for transporting. The detail value is shown as table 4.2.
Table 4.3: Comparison with other 1024-bit Modular Multiplier with cell base design
Table 4.3 shows the comparison with other 1024-bit modular multipliers implementations with ASIC design. Our work is not the most outstanding, but our works are scalable designs and [29] is not. Proposed designs can be modify to high radix architecture. The performance would be better than now.
Author [29] [30] Proposed
40
Table 4.4: Comparison with other 1024-bit RSA cryptosystem with cell base design
Table 4.4 shows the comparison with other 1024-bit RSA implementations with ASIC design. In contrast to proposed design, the work shows a big area but the throughput is higher. In the nearly future, ROC government will establish 4096 bits RSA for standards. That means high throughput is the first consideration. The area of Mukaida‟s work is much higher than the others, since it is radix-232 and calculates some parameter beforehand. The throughput of proposed work is higher than any others. We add one more Montgomery multiplier to against DPA attack. One Montgomery multiplier‟s gate count is about 130k. And it doesn‟t affect the frequency or throughput.
Initial seed of random number generator is given by user.
Author Mukaida [22]
[21] Chen[25] Lin[24] Proposed
Technology 0.18μ m 0.18μ m 0.18μ m 0.18μ m 90nm
Methodology CRT Montgomery Montgomery Montgomery
Clock
41
Chapter 5
Conclusion
In this thesis, a hardware architecture of word-based scalable RSA cryptosystem in GF(p) is given. In order to reduce execution time, a Montgomery modular multiplication algorithm and circuit are proposed. Forwarding circuit solves data dependency hazard of word-based Montgomery multiplication from two cycles to one cycle. Furthermore, bypass algorithm combines redundant shift operation, which shortens latency of processing modular multiplication about 90% of original work. The total cycles of processing multiplication once are about n*90%+(n/p). Proposed Montgomery multiplier architecture is applied in RSA or ECC cryptosystem. This work can be modified to support binary field GF(2n) operation by simply eliminating the carry.
On the other hand, we modify random number generator based on Chaotic map.
Higher passing rate RNG may suite for cryptosystem application. The total RSA architecture includes three MMs and one RNG, it against SPA and DPA without extra multiplication. The total cycles of processing modular exponentiation are n+2 times MM processing cycles. According to implementation result, it is synthesized using 90nm CMOS technology with 467k gates. The clock period is 3.5 ns.
42
Bibliography
[1] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654,1976.
[2] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120–126, 1978.
[3] T. E. Gamal, “A public key cryptosystem and a signature scheme based on discrete alogarithms,” in Proceedings of CRYPTO 84 on Advances in cryptology. New York, NY, USA: Springer-Verlag New York, Inc., 1985, pp. 10–18.
[4] PKCS#1: RSA Cryptography, RSA Laboratories Std. 800-57, 2002.
[5] Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry - RSA digital signature technique, ANSI Std. X9.31, 1998.
[6] K. Koc, “High-speed RSA implementation,” tech. rep., RSA Laboratories, 1994.
[7] M. Joye, and S-M. Yen, “The Montgomery Powering Ladder”, CHES 2002, LNCS 2523, pp. 291–302, Springer-Verlag, 2003
[8] Sung-Ming Yen and Chi-Sung Laih. Common-multiplicand multiplication and its application to public-key cryptography. Electronics Letters, 29(17):1583–1584, August 1993v
[9] P. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,” in Proceedings of Advances in Cryptology-CRYPTO ’96. Springer-Verlag, 1996, pp. 104–113.
[10] P. Kocher, J. Jaffe, and B. Jun, “Introduction to differential power analysis and
43
related attacks,” in http://www.cryptography.com/dpa/technical, 1998.
[11] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Power analysis attacks of modular exponentiation in smartcards,” in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems. Springer-Verlag, August 1999, pp. 144–157.
[12] S. Tezuka, Uniform random numbers: theory and practice, Kluwer Academic Publishers, 1995
[13] R. David, Random Testing of Digital Circuits: Theory and Application, Dekker Inc., New York, 1998.
[14] Intel Platform Security Division, “The Intel Random Number Generator”, Intel Corporation, 1999.
[15] M. Jessa, “The period of Sequences Generated by Teni-Like Maps,” IEEE Trans.
On CAS-part I, vol. 49, no. 1, Jan 2002.
[16] J. Huertas, J. Quintana, M. Valencia, “Chaos from Digital Circuits: Discrete Maps,”
Int. Symp. on Networks, Systems and Signal Processing, pp. 391-395, Zagreb, 1989.
[17] R. Mita, G. Palumbo, S. Pennisi, M. Poli, “A Novel Pseudo Random Bit Generator for Cryptography Applications,” ICECS 2001, pp. 489-492, Dubrovnik (croatia), September 2002.
[18] T. Addabbo, M. Alioto, A. Fort, S. Rocchi, V. Vignoli, “Long Period Pseudo Random Bit Generators Derived from a Discretized Chaotic Maps” Circuits and Systems, 2005. ISCAS 2005. IEEE International Symposium on, Vol. 2, pp 892- 895, 2005.
[19] A. F. Tenca and C¸ etin Kaya Ko¸c, “A scalable architecture for modular multiplication based on Montgomery‟s algorithm,” IEEE Transactions on Computers, vol. 52, no. 9, pp. 1215–1221, September 2003.
44
[20] C. D. Walter, “Precise bounds for montgomery modular multiplication and some potentially insecure rsa moduli,” in Topics in Cryptology-CT-RSA 2002, B.
reneel (editor), Lecture Notes in Computer Science, vol. 2271. San Jose, CA, USA:
Springer Berlin / Heidelberg, 2002, pp. 30–39.
[21] Haixin Wang, Guoqiang Bai, and Hongyi Chen, “Zodiac: System Architecture Implementation for a High-Performance Network Security Processor”, 19th IEEE International Conference on Application-Specific Systems, Architectures and Processors, Leuven BELGIUM, JUL 02-04, 2008, pp. 91-96.
[22] K. Mukaida, M. Takenaka, N. Torii, and S. Masui, “Design of high-speed and areaefficient montgomery modular multiplier for rsa algorithm,” in IEEE Symp.
VLSI Circuits, 2004, pp. 320–323.
[23] C. P. Su, C. H. Wang, K. L. Cheng, C. T. Huang, and C. W. Wu, “Design and test of a scalable security processor,” in Proc. Asia and South Parific Design Automation Conf. (ASP-DAC), vol. 1, pp. 372-375, Jan 2005.
[24] Y.-C. Lin, “A RSA Crypto-core Baesd on Scalable Montgomery Multiplication with DPA and SPA Resistance,” Master‟s thesis, National Chiao Tung University, 2008.
[25] Y.-L. Chen, “Design and implementation of reconfigurable rsa cryptosystems,”
Master‟s thesis, National Chiao Tung University, 2006.
[26] SP800-22, “A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications,” U.S. Department of commerce, NIST, 2008.
[27] http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
[28] Sung-Ming Yen and Chi-Sung Laih, "Fast Algorithms for the LUC Digital Signature Computation," IEE Proceedings: Computers and Digital Techniques, Vol.142, No.2, pp.165-169, March 1995.
45
[29] M. D. Shieh, J. H. Chen, H. H. Wu, and W. C. Lin, “A new modular exponentiation architecture for efficient design of rsa cryptosystem,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems archive, vol. 16, no. 9, pp. 1151–1161, September 2008.
[30] M. D. Shieh, and W. C. Lin, “Word-Based Montgomery Modular Multiplication Algorithm for Low-Latency Scalable Architectures,” IEEE Transactions on Computers, vol. 59, no. 8, pp. 1145–1151, August 2010.
46
作者簡介
姓名:陳勇志
學歷:三興國小 信義國中 建國中學
93.9~97.6 國立交通大學電子工程學系 97.9~99.12 國立交通大學 電子研究所