An FPGA implementation of a GF(p) ALU for encryption processors

https://doi.org/10.1016/j.micpro.2004.03.006Get rights and content

Abstract

Secure electronic and internet transactions require public key cryptosystems to establish and distribute shared secret information for use in the bulk encryption of data. For security reasons, key sizes are in the region of hundred's of bits. This makes cryptographic procedures slow in software. Hardware accelerators can perform the computationally intensive operations far quicker. Field-Programmable Gate Arrays are well-suited for this application due to their reconfigurability and versatility. Elliptic Curve Cryptosystems over GF(p) have received very little attention to date due to the seemingly more attractive finite field GF(2m). However, we present a GF(p) Arithmetic Logic Unit which can perform 160-bit arithmetic at clock speeds of up to 50 MHz.

Introduction

As the popularity of mobile internet devices increases, so too does the need for secure and reliable electronic communication over insecure channels. Encryption provides the confidentiality, authentication, data integrity and non-repudiation required for electronic transactions. Bulk data is generally encrypted using private key systems, where both parties share the same common secret key. However, the establishment and exchange of these secret keys is normally achieved via public key cryptosystems. Generally, these public key systems are more computationally intensive and slower than their private key counterparts [1].

Field-Programmable Gate Arrays (FPGAs) are an ideal platform to provide hardware arithmetic acceleration for use in many cryptographic applications. Their reconfigurability means that they can be re-programmed to perform the more computationally intensive operations of a range of ciphers depending on security and application requirements.

Elliptic Curve Cryptosystems (ECC) were independently proposed in the mid-eighties by Victor Miller [2] and Neil Koblitz [3] as an alternative to existing public key systems such as RSA and DSA. ECC is quickly establishing itself due to it's potential to provide equivalent security to existing public key cryptosystems at reduced key sizes. This is particularly attractive for use in constrained applications such as smart cards, mobile phones and palm-top devices, where chip area and memory storage are limited resources. The security of this scheme relies on the difficulty of the discrete logarithm problem in the group formed by the points on an elliptic curve over a finite field. Unlike the ordinary discrete logarithm problem, no sub-exponential algorithm is known to date to solve the discrete logarithm problem on a suitably chosen elliptic curve. It is estimated that a 160-bit ECC cryptosystem has security equivalent to RSA with a bit length of 1024 [4].

Two types of finite field are popular for use in elliptic curve public key cryptography: GF(p) with p a ‘large’ prime, and GF(2m) with m a positive integer. Few Elliptic curve cryptosystems over GF(p) have been reported in the literature to date, due to the requirement of carry propagation in the addition operation [5], [6], [7], [8], [9], [10]. Addition in GF(2m) is performed bitwise modulo 2, and thus has a shorter critical path. However, the more complex arithmetic operations of multiplication, inversion and division over GF(2m) do not map well to the underlying FPGA structure. The resulting large combinational structures can reduce performance as significantly as the GF(p) carry-chain adder structures which are optimised on FPGA. Many of the existing ECC implementations over GF(2m) are also constrained to fixed register sizes once the field has been selected and the target device has been configured. Whereas, a GF(p) implementation with a register size of m bits can operate with any prime p up to (2m−1) without reconfiguration. A GF(2m) processor which can operate on different key sizes without reconfiguration has previously been presented in Ref. [11], but it is the belief of the authors that the more versatile GF(p) processors can be implemented as efficiently as GF(2m) processors on reconfigurable platforms.

Section snippets

Elliptic curve cryptography over GF(p)

An elliptic curve over the finite field GF(p) is defined as the set of points (x,y), which satisfy the elliptic curve equationy2=x3+ax+bwhere x,y,a and b are elements of the field, and 4a3+27b2≠0.

To encrypt data, it is represented as a point P(xP,yP) on the chosen curve over the finite field. The fundamental encryption operation is point scalar multiplication, i.e. point P is added to itself k times, to get point Q(xQ,yQ).Q=kP=P+P+⋯+PktimesRecovery of k, through knowledge of the elliptic curve

Modular arithmetic functions

All arithmetic in the Galois Field GF(p) is performed modulo the field prime, p. In order to perform the point addition and doubling computations outlined in Section 2, modular addition, subtraction, multiplication and inversion/division are required. In this section the modular arithmetic functions are listed, and algorithms and architectures for each are presented. In Section 4, these architectures are combined into a single GF(p) Arithmetic Logic Unit which is capable of performing any of

The GF(p) arithmetic logic unit

The proposed GF(p) ALU illustrated in Fig. 5 combines all the functions listed in Section 3 into one architecture. Three (m+2)-bit carry-propagate adders are used, and two levels of switching to select the inputs and outputs. The switching multiplexers are controlled by operation mode and signals such as carry bits, parity bits, and bi, the LSB of B, generated by a shift-register for the multiplication operation. The carry-in of an adder is set to ‘1’ when a two's compliment subtraction is

GF(p) ALU application example

As an example, the generic operation (ABC) was implemented utilizing the GF(p) ALU and tested on a Celoxica RC1000 prototyping PCI card. The card includes a Xilinx Virtex2000e FPGA and 8 Mb of SRAM, and communicates with the host PC over a PCI interface.

The procedure for the (ABC) operation is given in Procedure 1. All the required functions to perform the operation can be performed in the GF(p) ALU. Step 01 is performed in inversion, subtraction and addition modes as described in Section 3.8,

Results

Post-Synthesis and Post-Place and Route results for the GF(p) ALU are presented in Table 2. The target device for these results was the Xilinx Virtex2 xc2v2000-6 FPGA. The post-synthesis speed figures indicate clock frequencies that the ALU could operate at as a component within another system. The post-place and route results were acquired from a design which included memory interfacing shift registers to input and output data in 32-bit words, and also signal routing to and from I/O pins on

Conclusions

Very few GF(p) arithmetic processors have been reported in the literature to date. Those that have been reported, use projective coordinates to perform point scalar multiplication and focus mainly on the modular multiplication operation, neglecting modular inversion and division. In projective coordinates, point addition requires approximately 16m clock cycles and point doubling requires approximately 10m clock cycles.

Here, a versatile GF(p) Arithmetic Logic Unit capable of performing all

Acknowledgements

This work is funded by a research innovation project from Enterprise Ireland.

Alan Daly received BE (Elec) degree in electrical and electronic engineering from University College Cork, Ireland in 2000. He is currently working towards his PhD degree. His primary research interests are reconfigurable logic devices and applications, cryptography, and large integer arithmetic.

References (15)

  • B. Schneier

    Applied Cryptography

    (1996)
  • V.S. Miller

    Use of elliptic curves in cryptography

    Adv. Cryptogr. Crypto'85

    (1985)
  • N. Koblitz

    Elliptic curve cryptosystems

    Math. Comp.

    (1987)
  • I. Blake et al.

    Elliptic Curves in Cryptography

    (2000)
  • G. Orlando, C. Paar, A Scalable GF(p) elliptic curve processor architecture for programmable hardware. Cryptographic...
  • S.B. Örs, L. Batina, B. Preneel, J. Vandewalle, Hardware implementation of elliptic curve processor over GF(p),...
  • J. Goodman et al.

    An energy-efficient reconfigurable public-key cryptography processor

    IEEE J. Solid-State Circuits

    (2001)
There are more references available in the full text version of this article.

Cited by (0)

Alan Daly received BE (Elec) degree in electrical and electronic engineering from University College Cork, Ireland in 2000. He is currently working towards his PhD degree. His primary research interests are reconfigurable logic devices and applications, cryptography, and large integer arithmetic.

William Peter Marnane received BE degree in electrical engineering from National University of Ireland, Cork in 1984 and the DPhil degree from the University of Oxford in 1989. He is a senior lecturer in the Department of Electrical and Electronic Engineering at the National University of Ireland, Cork since 1999. His research interests include digital design for DSP, coding theory and cryptography.

Tim Kerins received his BSc degree in physics from University College Cork, Ireland in 2000. He is currently working towards his PhD degree in electrical engineering at University College Cork. His primary research areas are flexible architectures for the implementation of cryptographic algorithms based over Galois fields and the efficient implementation of public key cryptography protocols based on elliptic curves.

Emanuel Mihai Popovici received Dipl. Ing. Degree in computer engineering from University Politehnica Timisoara, Romania, in 1997 and the PhD degree in microelectronic engineering from the National University of Ireland, Cork, in 2002. He has been a Lecturer in the Department of Microelectronic Engineering at the National University of Ireland, Cork since 2002. His research interests include coding theory, cryptography and their applications, design automation and test.

View full text