Springer Series on SIGNALS AND COMMUNICATION TECHNOLOGY Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark SIGNALS AND COMMUNICATION TECHNOLOGY Multimedia Database Retrieval A Human-Ceniered Approach P Muneesawang and L Guan ISBN 0-387-25627-X Circuits and Systems Based on Delta Modulation Linear, Nonlinear and Mixed Mode Processing D.G Zrilic ISBN 3-540-23751 -8 Broadband Fixed Wireless Access A System Perspective M En gels and F Petre ISBN 0-387-33956-6 Functional Structures in Networks AMLn—A Language for Model Driven Development of Telecom Systems T Muth ISBN 3-540-22545-5 Distributed Cooperative Laboratories Networking, Instrumentation, and Measurements F Davoli, S Palazzo and S Zappatore (Eds.) ISBN 0-387-29811-8 The Variational Bayes Method in Signal Processing V Smidl and A Quinn ISBN 3-540-28819-8 Topics in Acoustic Echo and Noise Control Selected Methods for the Cancellation of Acoustical Echoes, the Reduction of Background Noise, and Speech Processing E Hansler and G Schmidt (Eds.) ISBN 3-540-33212-x EM Modeling of Antennas and RF Components for Wireless Communication Systems F Gustrau, D Manteuffel ISBN 3-540-28614-4 Interactive Video Methods and Applications R I Hammond (Ed.) ISBN 3-540-33214-6 ContinuousTime Signals Y Shmaliy ISBN 1-4020-4817-3 Voice and Speech Quality Perception Assessment and Evaluation U Jekosch ISBN 3-540-24095-0 Advanced ManMachine Interaction Fundamentals and Implementation K.-F Kraiss ISBN 3-540-30618-8 Orthogonal Frequency Division Multiplexing for Wireless Communications Y (Geoffrey) Li and G.L Stuber (Eds.) ISBN 0-387-29095-8 Radio Wave Propagation for Telecommunication Applications H Sizun ISBN 3-540-40758-8 Electronic Noise and Interfering Signals Principles and Applications G Vasilescu ISBN 3-540-40741-3 DVB The Family of International Standards for Digital Video Broadcasting, 2nd ed U Reimers ISBN 3-540-43545-X Digital Interactive TV and Metadata Future Broadcast Multimedia A Lugmayr, S Niiranen, and S Kalli ISBN 3-387-20843-7 Adaptive Antenna Arrays Trends and Applications S Chandran (Ed.) ISBN 3-540-20199-8 Digital Signal Processing with Field Programmable Gate Arrays U Meyer-Baese ISBN 3-540-21119-5 Neuro-Fuzzy and Fuzzy Neural Applications in Telecommunications P Stavroulakis (Ed.) ISBN 3-540-40759-6 SDMA for Multipath Wireless Channels Limiting Characteristics and Stochastic Models LP Kovalyov ISBN 3-540-40225-X Digital Television A Practical Guide for Engineers W Fischer ISBN 3-540-01155-2 Speech Enhancement J Benesty (Ed.) ISBN 3-540-24039-X Multimedia Communication Technology Representation, Transmission and Identification of Multimedia Signals J.R Ohm ISBN 3-540-01249-4 continued after index Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Francisco Rodriguez-Henriquez N.A Saqib A Diaz-Perez ^etin Kaya K09 Cryptographic Algorithms on Reconfigurable Hardware ^ Springer Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Francisco Rodriguez-Henriquez Arturo Diaz Perez Departamento de Computacion Centra de Investigacion y de Estudios Avanzados del IPJS Av Instituto Politecnico Nacional No 2508 Col San Pedro Zacatenco CP 07300 Mexico, D.F MEXICO Nazar Abbas Saqib Centre for Cyber Technology and Spectrum Management (CCT & SM) National University of Sciences and Technology (NUST) n95, Street 35, F-11/3, Islamabad-44000 Pakistan (^etin Kay a Kog Oregon State University Corvallis, OR 97331, USA & Istanbul Commerce University Eminonii, Istanbul 34112, Turkey Cryptographic Algorithms on Reconfigurable Hardware Library of Congress Control Number: 2006929210 ISBN 0-387-33883-7 e-ISBN 0-387-36682-2 ISBN 978-0-387-33883-5 Printed on acid-free paper © 2006 Springer Science+Business Media, LLC All rights reserved This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science-J-Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights Printed in the United States of America springer.com Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Dedication A mi esposa Nareli y mi hija Ana Iremi, por su amor y estoica paciencia; A mis padres y hermanos, por compartir las mismas esperanzas Francisco Rodriguez-Henriquez To Afshan (wife),Fizza (daughter), Ahmer (son) and Aashir (son), I love you all Nazar A Saqib To Mary, Maricarmen and Liliana, my wife and daughters, my love will keep alive for you all Arturo Diaz-Perez With my love to Laurie, Murat, and Cemre getin K Kog Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Contents List of Figures XIII List of Tables XIX List of Algorithms Acronyms Preface Introduction 1.1 Main goals 1.2 Monograph Organization 1.3 Acknowledgments A Brief Introduction to Modern Cryptography 2.1 Introduction 2.2 Secret Key Cryptography 2.3 Hash Functions 2.4 Public Key Cryptography 2.5 Digital Signature Schemes 2.5.1 RSA Digital Signature 2.5.2 RSA Standards 2.5.3 DSA Digital Signature 2.5.4 Digital Signature with Elhptic Curves 2.5.5 Key Exchange 2.6 A Comparison of Public Key Cryptosystems 2.7 Cryptographic Security Strength 2.8 Potential Cryptographic Applications 2.9 Fundamental Operations for Cryptographic Algorithms XX XXIII XXV 1 11 12 15 16 17 18 19 23 24 26 27 29 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark VIII Contents 2.10 Design Alternatives for Implementing Cryptographic Algorithms 2.11 Conclusions 31 32 Reconfigurable Hardware Technology 3.1 Antecedents 3.2 Field Programmable Gate Arrays 3.2.1 Case of Study I: Xihnx FPGAs 3.2.2 Case of Study II: Altera FPGAs 3.3 FPGA Platforms versus ASIC and General-Purpose Processor Platforms 3.3.1 FPGAs versus ASICs 3.3.2 FPGAs versus General-Purpose Processors 3.4 Reconfigurable Computing Paradigm 3.4.1 FPGA Programming 3.4.2 VHSIC Hardware Description Language (VHDL) 3.4.3 Other Programming Models for FPGAs 3.5 Implementation Aspects for Reconfigurable Hardware Designs 3.5.1 Design Flow 3.5.2 Design Techniques 3.5.3 Strategies for Exploiting FPGA Parallelism 3.6 FPGA Architecture Statistics 3.7 Security in Reconfigurable Hardware Devices 3.8 Conclusions 35 36 38 39 44 Mathematical Background 4.1 Basic Concepts of the Elementary Theory of Numbers 4.1.1 Basic Notions 4.1.2 Modular Arithmetic 4.2 Finite Fields 4.2.1 Rings 4.2.2 Fields 4.2.3 Finite Fields 4.2.4 Binary Finite Fields 4.3 Elhptic curves 4.3.1 Definition 4.3.2 EUiptic Curve Operations 4.3.3 Elhptic Curve Scalar Multiplication 4.4 Elliptic Curves over GF{2'^) 4.4.1 Point Addition 4.4.2 Point Doubhng 4.4.3 Order of an Elliptic Curve 4.4.4 Elliptic Curve Groups and the Discrete Logarithm Problem 4.4.5 An Example 63 63 64 67 70 70 70 70 71 73 73 74 76 77 78 78 79 48 48 49 50 52 52 53 53 53 55 58 59 61 62 79 79 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Contents 4.5 4.6 4.7 Point Representation 4.5.1 Projective Coordinates 4.5.2 Lopez-Dahab Coordinates Scalar Representation 4.6.1 Binary Representation 4.6.2 Receding Methods 4.6.3 u;-NAF Representation Conclusions IX 82 83 84 85 85 85 87 88 Prime Finite Field Arithmetic 5.1 Addition Operation 5.1.1 Full-Adder and Half-Adder Cells 5.1.2 Carry Propagate Adder 5.1.3 Carry Completion Sensing Adder 5.1.4 Carry Look-Ahead Adder 5.1.5 Carry Save Adder 5.1.6 Carry Delayed Adder 5.2 Modular Addition Operation 5.2.1 Omura's Method 5.3 Modular MultipHcation Operation 5.3.1 Standard MultipHcation Algorithm 5.3.2 Squaring is Easier 5.3.3 Modular Reduction 5.3.4 Interleaving Multiplication and Reduction 5.3.5 Utilization of Carry Save Adders 5.3.6 Brickell's Method 5.3.7 Montgomery's Method 5.3.8 High-Radix Interleaving Method 5.3.9 High-Radix Montgomery's Method 5.4 Modular Exponentiation Operation 5.4.1 Binary Strategies 5.4.2 Window Strategies 5.4.3 Adaptive Window Strategy 5.4.4 RSA Exponentiation and the Chinese Remainder Theorem 5.4.5 Recent Prime Finite Field Arithmetic Designs on FPGAs 5.5 Conclusions 89 90 90 91 92 94 96 97 98 99 100 101 104 105 108 110 114 116 123 124 124 125 126 129 Binary Finite Field Arithmetic 6.1 Field MultipHcation 6.1.1 Classical Multipliers and their Analysis 6.1.2 Binary Karatsuba-Ofman Multipliers 6.1.3 Squaring 6.1.4 Reduction 139 139 141 142 151 152 132 136 138 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Contents 6.1.5 Modular Reduction with General Polynomials 156 6.1.6 Interleaving Multiplication 159 6.1.7 Matrix-Vector Multipliers 161 6.1.8 Montgomery Multiplier 164 6.1.9 A Comparison of Field Multiplier Designs 165 6.2 Field Squaring and Field Square Root for Irreducible Trinomials 166 6.2.1 Field Squaring Computation 167 6.2.2 Field Square Root Computation 168 6.2.3 Illustrative Examples 171 6.3 Multiplicative Inverse 173 6.3.1 Inversion Based on the Extended Euclidean Algorithm 175 6.3.2 The IToh-Tsujii Algorithm 176 6.3.3 Addition Chains 178 6.3.4 ITMIA Algorithm 178 6.3.5 Square Root ITMIA 179 6.3.6 Extended Euchdean Algorithm versus Itoh-Tsujii Algorithm 181 6.3.7 Multiplicative Inverse FPGA Designs 183 6.4 Other Arithmetic Operations 183 6.4.1 Trace function 183 6.4.2 Solving a Quadratic Equation over GF{2'^) 184 6.4.3 Exponentiation over Binary Finite Fields 185 6.5 Conclusions 186 Reconfigurable Hardware Implementation of Hash Functions 7.1 Introduction 7.2 Some Famous Hash Functions 7.3 MD5 7.3.1 Message Preprocessing 7.3.2 MD Buffer Initiahzation 7.3.3 Main Loop 7.3.4 Final Transformation 7.4 SHA-1, SHA-256, SHA-384 and SHA-512 7.4.1 Message Preprocessing 7.4.2 Functions 7.4.3 SHA-1 7.4.4 Constants 7.4.5 Hash Computation 7.5 Hardware Architectures 7.5.1 Iterative Design 7.5.2 Pipehned Design 7.5.3 Unrolled Design 7.5.4 A Mixed Approach 7.6 Recent Hardware Implementations of Hash Functions 189 189 191 193 194 196 197 198 201 202 204 205 206 207 210 211 212 212 213 213 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Contents 7.7 Conclusions General Guidelines for Implementing Block Ciphers in FPGAs 8.1 Introduction 8.2 Block Ciphers 8.2.1 General Structure of a Block Cipher 8.2.2 Design Principles for a Block Cipher 8.2.3 Useful Properties for Implementing Block Ciphers in FPGAs 8.3 The Data Encryption Standard 8.3.1 The Initial Permutation (IP"^) 8.3.2 Structure of the Function fk 8.3.3 Key Schedule 8.4 FPGA Implementation of DBS Algorithm 8.4.1 DBS Implementation on FPGAs 8.4.2 Design Testing and Verification 8.4.3 Performance Results 8.5 Other DBS Designs 8.6 Conclusions XI 220 221 221 222 223 224 227 232 233 234 237 238 238 240 240 240 244 Architectural Designs For the Advanced Encryption Standard 245 9.1 Introduction 245 9.2 The Rijndael Algorithm 247 9.2.1 Difference Between ABS and Rijndael 247 9.2.2 Structure of the ABS Algorithm 248 9.2.3 The Round Transformation 249 9.2.4 ByteSubstitution (BS) 249 9.2.5 ShiftRows (SR) 251 9.2.6 MixColumns (MC) 252 9.2.7 AddRoundKey (ARK) 253 9.2.8 Key Schedule 254 9.3 ABS in Different Modes 254 9.3.1 CTR Mode 255 9.3.2 CCM Mode 256 9.4 Implementing ABS Round Basic Transformations on FPGAs 259 9.4.1 S-Box/Inverse S-Box Implementations on FPGAs 260 9.4.2 MC/IMC Implementations on FPGA 264 9.4.3 Key Schedule Optimization 267 9.5 ABS Implementations on FPGAs 268 9.5.1 Architectural Alternatives for Implementing ABS 269 9.5.2 Key Schedule Algorithm Implementations 273 9.5.3 ABS Bncryptor Cores - Iterative and Pipehne Approaches 276 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark List of Tables 2.1 2.2 2.3 2.4 A Comparison of Security Strengths (Source: [258]) A Few Potential Cryptographic Apphcations Primitives of Cryptographic Algorithms (Symmetric Ciphers) Comparison between Software, VLSI, and FPGA Platforms 27 29 30 31 3.1 3.2 FPGA Manufacturers and Their Devices Xilinx FPGA Families Virtex-5, Virtex-4, Virtex II Pro and Spartan 3E Dual-Port BRAM Configurations Altera Stratix Devices Comparing Cryptographic Algorithm Realizations on different Platforms High Level FPGA Programming Software 39 3.3 3.4 3.5 3.6 4.1 4.2 4.3 4.4 5.1 5.2 6.1 6.2 6.3 6.4 6.5 Elements of the field F = GF(2^), Defined Using the Primitive Trinomial of Eq ((4.12)) Scalar Multiples of the Point P of Equation (4.16) A Toy Example of the Recoding Algorithm Comparing Diff'erent Representations of the Scalar k Modular Exponentiation Comparison Table Modular Exponentiation: Software vs Hardware Comparison Table 40 43 45 48 53 80 82 86 88 137 138 The Computation of C{x) Using Equation (6.5) 142 Space and Time Complexities for Several m = 2^-bit Hybrid Karatsuba-Ofman Multiphers 148 Fastest Reconfigurable Hardware GF{2'^) Multipliers 165 Most Compact Reconfigurable Hardware GF{2'^) Multipliers 166 Summary of Complexity Results 170 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark XVIII List of Tables 6.6 6.7 6.8 6.9 6.10 6.11 6.12 6.13 Irreducible Trinomials P{x) = x^ 4- a:^ + of Degree m G [160, 571] Encoded as m{n), with m a Prime Number Squaring matrix M of Eq (6.40) Square Root Matrix Af-^ of Eq (6.41) Square and Square Root Coefficient Vectors /3i{a) Coefficient Generation for m-l=192 7i(a) Coefficient Generation for m-l=192 BEA Versus ITMIA: A Performance Comparison Design Comparison for Multiplicative Inversion in GF{T^) 171 172 173 174 180 181 183 184 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 7.13 7.14 7.15 7.16 7.17 7.18 7.19 7.20 7.21 7.22 7.23 7.24 Some Known Hash Functions Bit Representation of the Message M Padded Message (M) Message in Little Endian Format Initial Hash Values in Little Endian Format Auxihary Functions for Four MD5 Rounds Four Operations Associated to Four MD5 Rounds Round Round Round Round Final Transformation Comparing Specifications for Four Hash Algorithms Initial Hash Values for SHA-1 Initial Hash Values for SHA-256 Initial Hash Values for SHA-384 Initial Hash Values for SHA-512 SHA-256 Constants SHA-384 & SHA-512 Constants MD5 Hardware Implementations Representative SHA-1 hardware Implementations Representative RIPEMD-160 FPGA Implementations Representative SHA-2 FPGA Implementations Representative Whirlpool FPGA Implementations 192 194 195 196 197 197 198 199 199 200 200 201 201 203 203 204 205 207 208 214 216 217 218 219 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 Key Features for Some Famous Block Ciphers Initial Permutation for 64-bit Input Block E-bit Selection DES S-boxes Permutation P Inverse Permutation Permuted Choice one PC-1 Number of Key Bits Shifted per Round Permuted Choice two (PC-2) Test Vectors 227 235 235 236 237 237 238 238 238 240 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark List of Tables XIX 8.11 8.12 8.13 8.14 DES Comparison: Fastest Designs DES Comparison: Compact Designs DES Comparison: Efficient Designs TripleDES Designs 242 243 243 244 9.1 9.2 9.3 9.4 9.5 9.6 9.7 Selection of Rijndael Rounds A Roadmap to Implemented AES Designs Specifications of AES FPGA implementations AES Comparison: High Performance Designs AES Comparison: Compact Designs AES Comparison: Efficient Designs AES Comparison: Designs with Other Modes of Operation 248 273 284 286 287 288 288 10.1 GF{2'^) Elhptic Curve Point Multiplication Computational Costs 302 10.2 Point addition in Hessian Form 305 10.3 Point doubhng in Hessian Form 305 10.4 kP Computation, if Test-Bit is ' ' 306 10.5 kP Computation, If Test-Bit is '0' 307 10.6 Design Implementation Summary 308 10.7 Parallel Lopez-Dahab Point Doubling Algorithm 319 10.8 Parallel Lopez-Dahab Point Addition Algorithm 319 10.9 Operations Supported by the ALU Module 323 lO.lOCycles per Operation 324 lO.llFastest Elliptic Curve Scalar Multiplication Hardware Designs 326 10.12Most Compact Elliptic Curve Scalar Multiplication Hardware Designs 326 10.13Most Efficient Elliptic Curve Scalar Multiplication Hardware Designs 327 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark List of Algorithms 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 4.1 4.2 4.3 4.4 4.5 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9 5.10 5.11 5.12 5.13 5.14 5.15 5.16 RSA Key Generation RSA Digital Signature RSA Signature Verification DSA Domain Parameter Generation DSA Key Generation DSA Signature Generation DSA Signature Verification ECDSA Key Generation ECDSA Digital Signature Generation ECDSA Signature Verification Eucfidean Algorithm (Computes the Greatest Common Divisor) Extended Euclidean Algorithm as Reported in [228] Basic Doubling h Add algorithm for Scalar Multiphcation The Recoding Binary algorithm for Scalar Multiplication cj-NAF Expansion Algorithm The Standard Multiphcation Algorithm The Standard Squaring Algorithm The Restoring Division Algorithm The Nonrestoring Division Algorithm The Interleaving Multiplication Algorithm The Carry-Save Interleaving Multiplication Algorithm The Carry-Save Interleaving Multiphcation Algorithm Revisited Montgomery Product Montgomery Modular Multiphcation: Version Montgomery Modular Multiphcation: Version II Specialized Modular Inverse Montgomery Modular Exponentiation Add-and-Shift Montgomery Product Binary Add-and-Shift Montgomery Product Word-Level Add-and-Shift Montgomery Product MSB-First Binary Exponentiation 17 17 18 19 19 20 20 21 22 23 65 69 85 86 87 102 104 106 108 109 110 113 117 117 118 118 120 122 122 124 126 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark XXII LIST OF ALGORITHMS 5.17 5.18 5.19 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 6.11 6.12 6.13 10.1 10.2 10.3 10.4 10.5 10.6 LSB-First Binary Exponentiation 127 MSB-First 2^-ary Exponentiation 127 Sliding Window Exponentiation 131 mul2^{C, A, B)\ m = 2^n-bit Karatsuba-Ofman Multiplier 144 mulgenjd{C^ A^ B): m-bit Binary Karatsuba-Ofman Multiplier 149 Constructing a Look-Up Table that Contains All the 2^ Possible Scalars in Equation (6.23) 157 Generating a Look-Up Table that Contains All the 2^ Possible Scalars Multiphcations S • P 158 Modular Reduction Using General Irreducible Polynomials 159 LSB-First Serial/Parallel Multipher 161 Montgomery Modular Multiplication Algorithm 164 Binary Euchdean Algorithm 176 Itoh-Tsujii Multiphcative Inversion Addition-Chain Algorithm 179 Square Root Itoh-Tsujii Multiplicative Inversion Algorithm 181 MSB-first Binary Exponentiation 185 Square root LSB-first Binary Exponentiation 186 Squaring and Square Root Parallel Exponentiation 187 Doubhng & Add algorithm for Scalar MultipHcation: MSB-First 295 Doubhng & Add algorithm for Scalar MultipHcation: LSB-First 295 Montgomery Point Doubhng 297 Montgomery Point Addition 298 Montgomery Point Multiplication 299 Standard Projective to Affine Coordinates 299 10.7 CJTNAF Expansion[133, 132] 312 10.8 CJTNAF Scalar MultipHcation [133, 132] 10.9 cjrNAF Scalar Multiplication: Parallel Version lO.lOcjrNAF Scalar Multiplication: Hardware Version lO.llcjrNAF Scalar MultipHcation: Parallel HW Version 10.12Point Halving Algorithm 10.13Half-and-Add LSB-First Point MultipHcation Algorithm 313 314 314 315 320 321 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Acronyms AES Advanced Encryption Standard AF Affine Transformation ANSI American National Standard Institute API Application Programming Interface ARK Add Round Key ASIC Application Specific Integrated Circuit ATM Automated Teller Machine BEA Binary Euclidean Algorithm BRAMs Block RAMs BS Byte Substitution CBC Cipher Block Chaining CCM Counter with CBC-MAC CCSA Carry Completion Sensing Adder CDA Carry Delayed Adder CFB Cipher Feedback mode CLB Configurable Logic Block CPA Carry Propagate Adder CPLDs Complex PLDs CRT Chinese Remainder Theorem CSA Carry Save Adder CTR Counter mode DCM Digital Clock Managers DEA Data Encryption Algorithm DES Data Encryption Standard DSA Digital Signature Algorithm DSS Digital Signature Standard ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDLP Elliptic Curve Discrete Logarithmic Problem ECDSA Elliptic Curve Digital Signature Algorithm ETSI European Telecommunications Standards Institute FIPS Federal Information Processing Standards FLT Fermat's Little Theorem FPGAs Field Programmable Gate Arrays Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark XXIV GAL GSM HDLs lAF lARK IBS IEEE IL IMC lOBs lOEs IPSec ISE ISO ISR ITMIA ITU JTAG KOM LABs LC LEs MAC MRC NAF NFS NIST NZWS OFB PAL PC-1 PC-2 PDAs PKCS PLA PLDs SRC SSL TDEA TNAF VHDL VLSI WEP ZWS Generic Array Logic Global System for Mobile Communications Hardware Description Languages Inverse Affine Transformation Inverse Add Round Key Inverse Byte Substitution Institute of Electrical and Electronics Engineers Iterative Looping Inverse Mix Column Input/Output Blocks Input/Output Elements Internet Protocol Security Xilinx Integrated Software Environment International Organization for Standardization Inverse ShiftRow Itoh-Tsujii Multiplicative Inverse Algorithm International Telecommunication Union Joint Test Action Group Karatsuba-Ofman Multiplier Logic Array Blocks Logic Cell Logic Elements Message Authentication Code Mixed-Radix Conversion Non-Adjacent Form Number Field Sieve National Institute of Standards and Technology Nonzero Window State Output Feedback mode Programmable Array Logic Permuted Choice One Permutated Choice Two Portable Digital Assistants Pubhc Key Cryptography Standard Programmable Logic Array Programmable Logic Devices Single-Radix Conversion Secure Socket Layer Triple DEA T-adic NAF Very-High-Speed Integrated Circuit Hardware Description Language Very Large Scale Integration Wired Equivalent Privacy Zero Window State Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Preface Cryptography provides techniques, mechanisms, and tools for private and authenticated communication, and for performing secure and authenticated transactions over the Internet £ts well as other open networks It is highly probable that each bit of information flowing through our networks will have to be either encrypted and decrypted or signed and authenticated in a few years from now This infrastructure is needed to carry over the legal and contractual certainty from our paper-based offices to our virtual offices existing in the cyberspace In such an environment, server and client computers as well as handheld, portable, and wireless devices will have to be capable of encrypting or decrypting and signing or verifying messages That is to say, without exception, all networked computers and devices must have cryptographic layers implemented, and must be able to access to cryptographic functions in order to provide security features In this context, efficient (in terms of time, area, and power consumption) hardware structures will have to be designed, implemented, and deployed Furthermore, general-purpose (platform-independent) as well £18 special-purpose software implementing cryptographic functions on embedded devices are needed An additional challenge is that these implementations should be done in such a way to resist cryptanalytic attacks launched against them by adversaries having access to primary (communication) and secondary (power, electromagnetic, acoustic) channels This book, among only a few on the subject, is a fruit of an international collaboration to design and implement cryptographic functions The authors, who now seem to be scattered over the globe, were once together as students and professors in North America In Oregon and Mexico City, we worked on subjects of mutual interest, designing efficient reahzations of cryptographic functions in hardware and software Cryptographic reahzations in software platforms can be used for those security applications where the data traffic is not too large and thus low encryption rate is acceptable On the other hand, hardware methods offer high speed and bandwidth, providing real-time encryption if needed VLSI (also known as ASIC) and FPGAs are two distinct alternatives for implementing Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark XXVI cryptographic algorithms in hardware FPGAs offer several benefits for cryptographic algorithm implementations over VLSI, as they offer flexibility and fast time-to-market Because they are reconfigurable, internal architectures, system parameters, lookup tables, and keys can be changed in FPGAs without much effort Moreover, these features come with low cost and without sacrificing efficiency This book covers computational methods, computer arithmetic algorithms, and design improvement techniques needed to obtain efficient implementations of cryptographic algorithms in FPGA reconfigurable hardware platforms The concepts and techniques introduced in this book pay special attention to the practical aspects of reconfigurable hardware design, explain the fundamental mathematics behind the algorithms, and give comprehensive descriptions of the state-of-the-art implementation techniques The main goal pursued in this book is to show how one can obtain high-speed cryptographic implementations on reconfigurable hardware devices without requiring prohibitive amount of hardware resources Every book attempts to take a still picture of a moving subject and will soon need to be updated, nevertheless, it is our hope that engineers, scientists, and students will appreciate our efforts to give a glimpse of this deep and exciting world of cryptographic engineering Thanks for reading our book May 2006 F Rodriguez-Henriquez, Nazar A Saqib, A Diaz-Perez, and Qetin K Kog Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Introduction This chapter presents a complete outhne for this Book It explains the main goals pursued, the strategies chosen to achieve those goals, and a summary of the material to be covered throughout this Book 1.1 Main goals The choice of reconfigurable logic as a target platform for cryptographic algorithm implementations appears to be a practical solution for embedded systems and high-speed applications It was therefore planned to conduct a study of high-speed cryptographic solutions on reconfigurable hardware platforms Both efficient and cost effective solutions of cryptographic algorithms are desired on reconfigurable logic platform The term "efficient" normally refers to "high speed" solutions In this Book, we not only look for high speed but also for low area (in terms of hardware resources) solutions Our main objective is therefore to find high speed and low area implementations of cryptographic algorithms using reconfigurable logic devices That imphes careful considerations of cryptographic algorithm formulations, which often will lead to modify the traditional specifications of those algorithms That also imphes knowledge of the target device: device structure, device resources, and device suitability to the given task The design techniques and the understanding of the design tools are also included in the implications imposed by efficient solutions An optimized cryptographic solution will be the one for which every step; starting from its high-level specification down to the physical prototype realization is carefully examined It is known that the final performance of cryptographic algorithms heavily depends on the efficiency of their underlying field arithmetic Consequently, we begin our investigation by first studying the algorithms, solutions and corresponding architectures for obtaining state-of-the-art finite field arithmetic Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Introduction realizations Our study was carried out for both, prime and binary extension finite fields We investigated field arithmetic algorithms for the operations of field addition, multiplication, squaring, square root, multiplicative inverse and exponentiation among others Thereafter, we selected a set of three of the most important cryptographic building blocks, for their implementation on reconfigurable logic devices: hash functions, symmetric block ciphers and pubhc key cryptosystems in the form of elliptic curve cryptography We described first the basic principles for attaining efficient hardware implementation of hash functions In the subject of symmetric ciphers, we study the two most emblematic algorithms, namely, the Data Encryption Standard (DES) and the Advance Encryption Standard (AES) In the case of asymmetric cryptosystems we analyze fast implementations of Elliptic Curve operations defined over binary extension fields Several considerations were made to achieve high speed and economical implementations of those algorithms on reconfigurable logic platforms One of them was to exploit high bit-level parallelism where and whenever it was possible Similarly, we employed design techniques especially tailored for exploiting the structure of the target devices A variety of hash function algorithms were studied first Emphasis was made on MD5, by providing a step-by-step analysis of its algorithm flow An explanation of the SHA-2 family was also included In our descriptions we pondered hardware implementation aspects of the hash algorithms DES was the second cryptographic building block studied in this Monograph The basic primitives involved in block ciphers specifically for DES were analyzed for their implementations on reconfigurable logic platform A compact one round FPGA implementation of DES was carried out exploiting high bit-level parallelism Experiments were made for optimizing the proposed FPGA architecture with respect to hardware area A more detailed study was planned regarding AES due to its importance for the current security needs in the IT sector Each step of the algorithm was investigated looking for improvements in the standard transformations of the algorithm and for an optimal mapping to the target device Both, iterative and pipeline approaches for encryption were used for AES FPGA implementation We attempted to reduce the critical paths for encryption/decryption by sharing common resources or optimizing the standard transformations of the algorithm In the case of Elhptic Curve Cryptography (ECC), we utihzed a hierarchical six-layer model, but only the lower three layers were addressed in this Book The first layer of the model deals with the efficient implementation of finite field arithmetic The Second layer makes use of the underlying arithmetic for implement elliptic curve arithmetic main primitives: point addition and point doubling The third layer implements elliptic curve scalar multiplication which is achieved by adding n copies of the same point P on the curve Both the point addition and doubling operations from the second layer serve Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 1.2 Monograph Organization as building blocks for the third layer We strived for using parallel techniques for all the three layers This way, a generic architecture for the elliptic curve scalar multiplication was proposed and implemented on the FPGA platform We also presented parallel formulations of the scalar multiphcation operation on Koblitz curves an architecture that is able to compute the elliptic curve scalar multiplication using the half-and-add method Additionally, we presented optimizations strategies for computing a point addition and a point doubling using LD projective coordinates in just eight and three clock cycles, respectively 1,2 Monograph Organization Next chapters present a short introduction to the cryptographic algorithms chosen to illustrate the design strategies discussed previously as well as the mathematical background required for the correct understanding of the material to be presented Design comparisons and conclusion remarks are presented at the end of each Chapter A short summary of each chapter is given below In Chapter 2, a brief review of modern cryptographic algorithms is given Topics addressed include: Secret-key and public-key cryptography, hash functions, digital signatures, an so forth Furthermore, we also discuss in this Chapter potential real-world cryptographic applications and the suitability of reconfigurable hardware devices for accommodate them In Chapter a brief introduction to reconfigurable hardware technology is given We explain the historical development of FPGA devices and include a detailed description of the FPGA families of two major manufacturers: Xilinx and Altera We also cover reconfigurable hardware design issues, metrics and security In Chapter 4, some important mathematical concepts are presented Those concepts are particularly helpful for the understanding of cryptographic operations for AES and elliptic curve cryptosystems Key mathematical concepts for a class of eUiptic curves are also described at the end of this Chapter In Chapter 5, we discuss state-of-the-art arithmetic algorithms for prime fields We present efficient hardware design alternatives for operations such as adders, modular adders, modular multipliers and exponentiation among others We give at the end of each Section a comparison analysis with some of the most significant works reported in this topic In Chapter 6, state-of-the-art algorithms for binary extension fields are studied We discuss relevant algorithms for performing efficiently field multiplication, squaring, square root, inversion and reduction among others We give at the end of each Section a comparison analysis with some of the most significant works reported in this topic Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Introduction In Chapter 7, we study efficient reconfigurable hardware implementations of hash functions Specifically, we carefully analyze MD5, arguably the most studied hash function ever We give at the end of each Section a comparison analysis with some of the most significant works reported in this topic In Chapter 8, a general guideline for implementing symmetric block ciphers is described Basic primitives involved in block ciphers are listed and design tips are provided for their efficient implementations on reconfigurable platform DES is presented as a case of study A compact and fast DES implementation on reconfigurable platform is explained We give at the end of this Chapter a comparison analysis with some of the most significant works reported in this topic In Chapter 9, we explore multiple architectures for AES Several efficient techniques for AES implementation are described Several efficient AES encryptor and encryptor/decryptor cores based on those techniques are presented on reconfigurable platforms The benefits/drawbacks of all AES cores are examined We give at the end of this Chapter a comparison analysis with some of the most significant works reported in this topic In Chapter 10 we discuss several algorithms and their corresponding hardware architecture for performing the scalar multiphcation operation on elliptic curves defined over binary extension fields GF{2'^) By applying parallel strategies at every stage of the design, we are able to obtain high speed implementations at the price of increasing the hardware resource requirements Specifically, we study the following four different schemes for performing elliptic curve scalar multiplications, • • • • Scalar multiplication applied on Hessian elliptic curves Montgomery Scalar Multiplication applied on Weierstrass elliptic curves Scalar multiplication applied on Koblitz elliptic curves Scalar multiplication using the Half-and-Add Algorithm 1.3 Acknowledgments We would like to thank to all the long list of people who contribute to the material presented in this Book, needless to say that all of them are worthy to be mentioned We gratefully thank our former Master's students: Juan Manuel Cruz-Alcaraz, Sabel Mercurio Hernandez-Rodriguez and Emmanuel LopezTrejo who contribute with their hard work and talent to the design and testing of several architectures presented in Chapters 6, and 10 We would also like to thank our colleagues Guillermo Morales-Luna, Julio Lopez-Hernandez, NareH Cruz-Cortes, Tariq Saleem, Shamim Baig, Habeel Ahmed, Erkay Savas, Tugrul Yanik, Luis Gerardo De-La-Fraga and Carlos Coello Coello who provided priceless comments and advice which greatly helped us to improve the Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 1.3 Acknowledgments contents of this Book We also acknowledge valuable contributions from Karla Gomez-Avila, Marco Negrete-Cervantes, Victor Serrano-Hernandez, Alejandro Areneis-Mendoza, Guillermo Martmez-Silva and Carlos Lopez-Peza We gratefully acknowledge our Springer editor, Jason Ward, for his diligent efforts and support towards the publication of this Work Last but not least, the first and third authors acknowledge support from CONACyT through the NSF-CONACyT project number 45306 The second author acknowledge support from the faculty and staff members of the Centre Jor Cyber Technology and Spectrum Management (CCT &; SM), National University of Sciences and Technology (NUST), Islamabad-Pakistan Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark A Brief Introduction to Modern Cryptography In our Information Age, the need for protecting information is more pronounced than ever Secure communication for the sensitive information is not only compelhng for miHtary or government institutions but also for the business sector and private individuals The exchange of sensitive information over wired and/or wireless Internet, such as bank transactions, credit card numbers and telecommunication services are already common practices As the world becomes more connected, the dependency on electronic services has become more pronounced In order to protect valuable data in computer and communication systems from unauthorized disclosure and modification, reliable non-interceptable means for data storage and transmission must be adopted Figure 2.1 shows a hierarchical six-layer model for information security applications Let us analyze that figure from a top-down point of view On layer 6, several popular security applications have been listed such as: secure e-mail, digital cash, e-commerce, etc Those applications depend on the implementation in layer of secure authentication protocols like SSL/TLS, IPSec, IEEE 802.11, etc However, those protocols cannot be put in place without implementing layer 4, which consists on customary security services such as: authentication, integrity, non-repudiation and confidentiahty The underlying infrastructure for such security services is supported by the two pair of cryptographic primitives depicted in layer 3, namely, encryption/decryption and digital signature/verification Both pair of cryptographic primitives can be implemented by the combination of public-key and private key cryptographic algorithms, such as the ones listed in layer Finally, in order to obtain a high performance from the cryptographic algorithms of layer 1, it is indispensable to have an eflftcient implementation of arithmetic operations such as, addition, subtraction, multiplication, exponentiation, etc In the rest of this Chapter we give a short introduction to the algorithms and security services listed in layers 2-4 Hence, the basic concepts of cryptography, fundamental operations in cryptographic algorithms and some im- Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark [...]... practical solution for embedded systems and high-speed applications It was therefore planned to conduct a study of high-speed cryptographic solutions on reconfigurable hardware platforms Both efficient and cost effective solutions of cryptographic algorithms are desired on reconfigurable logic platform The term "efficient" normally refers to "high speed" solutions In this Book, we do not only look for... G(X,Y,Z) (c) H(X,Y,Z) (d) I(X,Y,Z) One MD5 Operation Padding Message in SHA-1 and SHA-256 Padding Message in SHA-384 and SHA-512 Implementing SHA-1 Auxiliary Functions in Reconfigurable Hardware i7o, Z*!, CTQ, and ai in Reconfigurable Hardware Single Operation for SHA-1 Single Operation for SHA-256 Iterative Approach for Hash Function Implementation Hash Function Implementation (a) Unrolled Design (b) Combining... most emblematic algorithms, namely, the Data Encryption Standard (DES) and the Advance Encryption Standard (AES) In the case of asymmetric cryptosystems we analyze fast implementations of Elliptic Curve operations defined over binary extension fields Several considerations were made to achieve high speed and economical implementations of those algorithms on reconfigurable logic platforms One of them was... from the cryptographic algorithms of layer 1, it is indispensable to have an eflftcient implementation of arithmetic operations such as, addition, subtraction, multiplication, exponentiation, etc In the rest of this Chapter we give a short introduction to the algorithms and security services listed in layers 2-4 Hence, the basic concepts of cryptography, fundamental operations in cryptographic algorithms. .. speed but also for low area (in terms of hardware resources) solutions Our main objective is therefore to find high speed and low area implementations of cryptographic algorithms using reconfigurable logic devices That imphes careful considerations of cryptographic algorithm formulations, which often will lead to modify the traditional specifications of those algorithms That also imphes knowledge of... to obtain efficient implementations of cryptographic algorithms in FPGA reconfigurable hardware platforms The concepts and techniques introduced in this book pay special attention to the practical aspects of reconfigurable hardware design, explain the fundamental mathematics behind the algorithms, and give comprehensive descriptions of the state-of-the-art implementation techniques The main goal pursued... Standard Multiphcation Algorithm The Standard Squaring Algorithm The Restoring Division Algorithm The Nonrestoring Division Algorithm The Interleaving Multiplication Algorithm The Carry-Save Interleaving Multiplication Algorithm The Carry-Save Interleaving Multiphcation Algorithm Revisited Montgomery Product Montgomery Modular Multiphcation: Version 1 Montgomery Modular Multiphcation: Version II Specialized... implementing cryptographic functions on embedded devices are needed An additional challenge is that these implementations should be done in such a way to resist cryptanalytic attacks launched against them by adversaries having access to primary (communication) and secondary (power, electromagnetic, acoustic) channels This book, among only a few on the subject, is a fruit of an international collaboration to... Equation (4.16) A Toy Example of the Recoding Algorithm Comparing Diff'erent Representations of the Scalar k Modular Exponentiation Comparison Table Modular Exponentiation: Software vs Hardware Comparison Table 40 43 45 48 53 80 82 86 88 137 138 The Computation of C{x) Using Equation (6.5) 142 Space and Time Complexities for Several m = 2^-bit Hybrid Karatsuba-Ofman Multiphers 148 Fastest Reconfigurable. .. field multiplication, squaring, square root, inversion and reduction among others We give at the end of each Section a comparison analysis with some of the most significant works reported in this topic Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 4 1 Introduction In Chapter 7, we study efficient reconfigurable hardware implementations of hash functions Specifically, ... planned to conduct a study of high-speed cryptographic solutions on reconfigurable hardware platforms Both efficient and cost effective solutions of cryptographic algorithms are desired on reconfigurable. .. Montgomery Product Montgomery Modular Multiphcation: Version Montgomery Modular Multiphcation: Version II Specialized Modular Inverse Montgomery Modular Exponentiation Add-and-Shift Montgomery Product... Arithmetic Operations 183 6.4.1 Trace function 183 6.4.2 Solving a Quadratic Equation over GF{2'^) 184 6.4.3 Exponentiation over Binary Finite Fields 185 6.5 Conclusions 186 Reconfigurable Hardware Implementation