An object-oriented cryptosystem based on two-level reconfigurable computing architecture

https://doi.org/10.1016/j.jss.2005.06.034Get rights and content

Abstract

Cryptosystem is a system that needs a secure software and hardware environment. The performance of hardware has made great progress year by year. Hence, it is important to change the architecture of cryptosystem and complicate the computation of cryptography algorithm to catch the trend of modern hardware. If the system is built with software then it is not difficult to change the architecture and complicate the computation. However, in this way, the main disadvantage is poor performance. Using hardware to design a cryptosystem is a good choice because it is highly more secure and efficient than software, but it is a fixed system that cannot be changed. So, it is an important topic to implement a flexible, secure, and efficient cryptosystem which can coordinate with novel hardware. In this article, a new method to implement cryptosystems based on hardware design is proposed. It can fast implement a new cryptosystem because it separates system into two levels: one is system architecture and the other is system algorithm. To combine different architectures and algorithms can implement varied cryptosystems. Otherwise, to split architectures and algorithms will lead to improve the security of system. An application of data transfer between stream cipher and block cipher is also implemented in this system and successfully verified the flexibility, security, and efficiency of this proposed method.

Introduction

The application of encryption techniques which have provided security for communication systems has been practiced for many years. Recently, these techniques have been relied on a large number of security-sensitive applications, e.g. medical records, digital rights management, E-Commerce, etc. (Chen et al., 1998, Lian et al., 2004, Harn and Yang, 1993, Zheng and Seberry, 1993, Pakstas and Pakstiene, 1996, Ikram, 2001). There are two major classes of algorithms in cryptography: symmetric key algorithms and asymmetric key algorithms (Rhee, 2003). They are approaches representing basic paradigms for cryptosystems. The NESSIE (New European Schemes for Signatures, Integrity, and Encryption) is a project within the IST (Information Society Technologies) Programme of the European Commission which had announced final selection of crypto algorithms in February 27, 2003. The NESSIE had selected 12 algorithms from 42 submissions; in addition, 5 well established standard algorithms had been added to the NESSIE portfolio (NESSIE, 2003a, NESSIE, 2003b). NESSIE announced a complete report that contains block ciphers, public-key encryptions, MAC algorithms, hash functions, digital signature algorithms and identification schemes except stream ciphers and pseudorandom number generators which did not request security enough.

The NESSIE had reported a performance evaluation in IST-1999-12324 (NESSIE, 2003c) that measures the performance of announced algorithms. The MISTY1 and AES (advanced encryption standard) implementations in hardware and software are listed in Table 1 that includes some parts of NESSIE report table reveals the importance messages as follows:

  • Hardware implementations can cipher a block in one cycle but software implementations must take three hundred cycles, at least. If Intel Pentium II and VIRTEX 1000 have the same estimated frequency then VIRTEX 1000 will be 300 times faster than Intel Pentium II.

  • One algorithm is implemented at a time. If many algorithms must be run at a time, software throughput then will be decreased, but hardware implementations will still compute results at one block per cycle.

  • ASICs (application-specific integrated circuits) are traditional hardware implementations which do not run faster than FPGAs (field-programmable gate arrays) obviously.

For these reasons, FPGAs are suitable to implement cryptosystems. Since FPGAs are reconfigurable, they provide higher flexibility than ASICs (Bondalapati and Prasanna, 2002, Compton and Hauck, 2002). But influenced by Gordon Moore’s Law on FPGA structures, gate array sizes have been expanded larger. ULSI (ultra large scale integration) can place more than about one million circuit elements on a single chip. In order to implement these cryptography algorithms in FPGAs based on ULSI structures, it is a good idea to use a two-level reconfigurable computing system (TLRCS) (Deng et al., submitted, Deng et al., 2005a, Deng et al., 2005b) to build cryptosystems. The concept of TLRCS is to split traditional reconfiguration into two levels. One is SLR (system-level reconfiguration) that can dynamically reconfigure a system structure; the other is ALR (algorithm-level reconfiguration) that will implement these algorithms we want to do.

An overview of the TLRCS is given in Section 2. In Section 3, a description of the cryptosystem based on TLRCS is presented. The implementation and results of the cryptosystem are given in Section 4. In Section 5, the advantages and disadvantages of this system are discussed and possible future works are described. Finally, concluding remarks are made in Section 6.

Section snippets

The two-level reconfigurable computing system

The object-oriented concept is popular in software programming but it is difficult to be accomplished in hardware design. The TLRCS is an object-oriented design on hardware. In Fig. 1, the hardware structure of TLRCS is shown. It is only an empty structure that can build a TLRCS. The following is just a brief review of the two level reconfigurable system and for more details, the readers are referred to Deng et al., submitted, Deng et al., 2005a, Deng et al., 2005b.

The methodology of cryptosystem design

Cryptosystems have many kinds and many specifications so it is difficult to implement all of them to a FPGA chip. To make it easy, the mainstream is to combine a RISC processor with some FPGA chips and store reconfigurable data in memory. When a reconfiguring command is received by the RISC processor then the RISC processor will reconfigure some FPGA chips with a configuring data in memory. To implement the cryptosystems, using the hybrid system architecture is feasible. Those FPGA chips do not

The implementation and results

The development kits for the implementation include DS-KIT-2VP7FG456 and DS-KIT-SYSTEMACE, which are designed by Memec Design. The FPGA chip which can be used to implement the TLRCS is XC2VP7. The RISC processor is implemented by the MicroBlaze processor (Xilinx, Inc., 2003) and the Xilkernel (Xilinx, Inc., 2004c) is used to build the operating system.

The XC2VP7 has only about 90 000 gates so the reconfigurable area is not large enough. In the chip, a RISC processor and two RFBs will be built

Discussion and future works

It is a new concept to implement cryptosystems within a TLRCS. The method is more flexible and securable than other methods because the high performance is the main goal in those researches (Standaert et al., 2003, Rouvroy et al., 2003a, Rouvroy et al., 2003b, Standaert et al., 2002). The advantages and disadvantages are revealed below.

  • Flexible architecture. It is important to rebuild a flexible cryptosystem with high security. Because the architecture of hardware is changeable in TLRCS, a

Conclusions

A highly secure and efficient cryptosystem is urgent needed but it is difficult to integrate the flexibility of software and the performance of hardware. In this paper, a new design method is proposed that splits a cryptosystem into cryptography architecture and algorithms that integrates the advantage of software and hardware successfully. Cryptosystems are implemented within a TLRCS. The TLRCS is a reconfigurable computing system that splits system into two levels which includes the system

References (29)

  • Bondalapati, K., Prasanna, V., 2002. Reconfigurable computing systems. In: Proceedings of the IEEE 90(7),...
  • T.-S. Chen et al.

    A virtual image cryptosystem based upon vector quantization

    IEEE Transactions on Image Processing

    (1998)
  • K. Compton et al.

    Reconfigurable computing: a survey of systems and software

    ACM Computing Surveys

    (2002)
  • Y.-X. Deng et al.

    A two-stage reconfigurable image processing system

  • Y.-X. Deng et al.

    Two-stage reconfigurable computing system architecture

  • Deng, Y.-X., Hwang, C.-J., Lou, D.-C., submitted. Two-stage reconfigurable computing system—a new object-oriented...
  • M. Galanis et al.

    Comparison of the hardware architectures and FPGA implementations of stream ciphers

  • L. Harn et al.

    Id-based cryptographic schemes for user identification, digital signature, and key distribution

    IEEE Journal on Selected Areas in Communication

    (1993)
  • Ikram, N., 2001. Cryptographic identification of users over network. In: Military Communications Conference, 2001...
  • S. Lian et al.

    A novel image encryption scheme based-on jpeg encoding

  • Mermoud, G., 2004. A module-based dynamic partial reconfiguration tutorial. Logic Systems Laboratory, Ecole...
  • NESSIE consortium, 2003a. NESSIE security report., v 2.0 Edition,...
  • NESSIE consortium, 2003b. Portfolio of recommended cryptography primitives,...
  • NESSIE consortium, 2003c. Performance of Optimized Implementations of the NESSIE Primitives, v 2.0 Edition,...
  • Cited by (3)

    View full text