Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Min Zhu,Qi Zhao,Jinjiang Yang,Chen Chen,Qichao Tao,Guang Yang,Aoyang Zhang,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC49657.2024.10454332

2024-01-01

Abstract:The migration towards post-quantum cryptography (PQC) is in progress to secure communications and transactions against the impending quantum threat, while three key-encapsulation mechanisms (KEM) and one digital signature (DS) scheme are being standardized by NIST [1]. This multi-year migration poses serious challenges to PQC implementations for compatibility and performance requirements in various scenarios and settings: 1) Performance limitations caused by diverse computation patterns and relatively higher computation costs. 2) Crypto-agility resulting from different mathematical problems, various security parameters, or even different standardization bodies. 3.) Domain-specific optimization to address the long-term security of the evolving algorithm families. However, most existing PQC accelerators [2, 3, 5] were only customized for specific algorithms based on unique mathematical problems. The latest configurable PQC processor [4] did not support Falcon and Sphincs+, which are being drafted for standardization. To address this issue, a versatile PQC processor fabricated in 28nm is presented with three key features: 1) task-clustering-based architecture for scalable processing with aggressive parallelism; 2) region-based task-path (TP) with dynamic update for agile cryptographic computing; 3) efficient PQC task-operators (TO), including hash/sample, format, floating-point/complex, encoding/decoding operators, for further improvements on throughput and energy-efficiency. Based on these contributions, the proposed chip supports all predominant schemes in NIST’s PQC standardization, while still delivering 44.6% and 10.3% improvements in the throughput and energy-delay product (EDP), respectively, relative to a state-of-the-art design [4].

Huo Yuanhong,Liu Dake

DOI: https://doi.org/10.1049/cje.2017.03.004

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Cryptography circuits for portable electronic devices provide user authentication and secure data communication. These circuits should, achieve high performance, occupy small chip area, and handle several cryptographic algorithms. This paper proposes a high-performance ASIP (Application specific instruction set processor) for five standard cryptographic algorithms including both block ciphers (AES, Camellia, and ARIA) and stream ciphers (ZUC and SNOW 3G). The processor reaches ASIC-like performance such as 11.6 Gb/s for AES encryption, 16.0 Gb/s for ZUC, and 32.0 Gb/s for SNOW 3G, etc under the clock frequency of 1.0 GHz with the area consumption of 0.56 mm(2) (65 nm). Compared with state-of-the-art VLSI designs, our design achieves high performance, low silicon cost, low power consumption, and sufficient programmability. For its programmability, our design can offer algorithm modification when an algorithm supported is unfortunately cracked and invalid to use. The product lifetime of our design can thus be extended.

Jun Han,Renfeng Dou,Lingyun Zeng,Shuai Wang,Zhiyi Yu,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2015.2407431

2015-01-01

Abstract:A domain specific multicore processor for public-key cryptography is proposed in this paper. This processor provides flexible and efficient computation for various forms of RSA and ECC algorithms, fulfilling low-latency or high-throughput requirements of different application scenarios. By using a heterogeneous multicore architecture, the proposed processor enables high speed parallel implementations of kernel arithmetics of public-key algorithms. A long-word-length modular multiplication can be partitioned into parallel tasks executed by the high performance multipliers distributed in multiple cores. Some dedicated communication mechanisms minimize inter-core data transferring latencies of the processor. The proposed processor is implemented under TSMC 65 nm LP CMOS technology. Experimental results show that our design outperforms previous works based on varied platforms in performance, for instance, it can complete a 1024-bit RSA encryption in 0.087 ms at 960 MHz. Moreover, we also study the area reduction techniques for proposed multicore processor from the perspectives of algorithm, architecture, and circuit.

LI Ming,WU Dan,DAI Kui,ZOU Xue-cheng

2011-01-01

Abstract:In this paper,an effective strategy of point multiplication scheduling and an improved algorithm of dual-field high radix Montgomery modular multiplication are proposed.Based on them,a new high-performance scalable public-key cipher coprocessor architecture for RSA and ECC computing acceleration is designed,which is implemented using the 0.18μm 1P6M standard CMOS technology.The coprocessor has strong scalability and flexibility,which can support the modular exponentiation up to 2048 bit and the dual-field elliptic curve scalar multiplication up to 576 bit by enlarging the high-speed memory on chip and using the radix-length as processing base.The measured result shows that the coprocessor chip has high performance for accelerating the computation of RSA and ECC and can perform one 1024-bit modular exponentiation only in 197μs,one the prime field 192-bit scalar multiplication only in 225μs and the binary field 163-bit scalar multiplication only in 200.7μs.

Yihong Zhu,Wenping Zhu,Min Zhu,Chongyang Li,Chenchen Deng,Chen Chen,Shuying Yin,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC42614.2022.9731783

2022-01-01

Abstract:In the post-quantum era, post-quantum cryptography (PQC) processors are required to ensure quantum-secure communication and e-commerce with high throughput, while maintaining adequate flexibility to execute different crypto-primitives, such as key encapsulation mechanism (KEM) and digital signature (DS) at multiple security levels with evolving modifications. The PQC standards, which are based on multiple mathematical problems, will be available around the end of 2021 in NIST's PQC standardization (Fig. 34.1.1). Crypto-agility, coupled with new mathematical calculations, high computing complexity, and large memory consumption brings challenges to the design of PQC processors considering flexibility, throughput, and energy efficiency.

Lin Han,Jun Han,Xiaoyang Zeng,Ronghua Lu,Jia Zhao

DOI: https://doi.org/10.1109/icsict.2008.4734992

2008-01-01

Abstract:A novel programmable security processor for cryptography algorithms is presented in this paper. The 16-bit length RISC-like instruction set and 3-stage pipeline provide low code density, low hardware cost and low power consumption. Parallel on-chip lookup tables are integrated to obtain satisfactory performance of cryptographic processing. Chinese wireless local area network block cipher standard-SMS4 and NIST encryption standard-AES are implemented in this processor, and it is the first implementation of SMS4 based on a domain specific programmable processor. To resist external attack on memories, a method for secure storage of round key is also proposed.

Wei Li,Xiaoyang Zeng,Longmei Nan,Tao Chen,Zibin Dai

DOI: https://doi.org/10.1109/ICSICT.2016.7998715

2016-01-01

Abstract:In this paper, a high-flexibility and energy-efficient reconfigurable symmetric cryptographic processor architecture is presented, which is based on very-long instruction word (VLIW) structure. By analyzing basic operations and storage characteristics of symmetric ciphers, the application-specific instruction-set system for symmetric ciphers is proposed. Eleven kinds of reconfigurable cryptographic arithmetic units are designed to support different operation modes and parameters for symmetric ciphers. It has been fabricated with 0.18 mu m CMOS technology, the test results show that the max frequency can reach 200MHz. Ten kinds of block, stream and hash ciphers were mapped in our processor. And the encryption throughput of AES, IDEA, Grain128, SNOW2.0 and SHA-2 algorithm can achieve 882Mbps, 449Mbps, 60Mbps, 840Mbps, and 287Mbps respectively. Moreover, the energy efficiency of AES implementation is 0.47nJ/bit. The result demonstrated that proposed processor outperforms other designs in terms of energy efficiency, throughput and flexibility.

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Qi Zhao,Min Zhu,Jinjiang Yang,Chen,Qichao Tao,Hanning Wang,Guang Yang,Shaojun Wei,Aoyang Zhang,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2024.3476949

IF: 5.4

2024-01-01

IEEE Journal of Solid-State Circuits

Abstract:Post-quantum cryptography (PQC) is currently being standardized to replace the existing public-key cryptography for data security in the era of quantum computing. PQC algorithms exhibit considerable diversity in their underlying mathematical problems, storage requirements, and computational patterns, thus complicating unified PQC architecture design. To address this issue, a unified PQC domain-specific accelerator (DSA), post-quantum processing unit (PQPU), is proposed to address the trade-off between performance and flexibility at the algorithm, architecture, and circuit levels. First, a task-clustering-based framework is proposed to enable task-level parallel execution by utilizing the inherent parallelism and common functions across different PQC algorithms. Second, a region-based dynamically updated task path (TP) is constructed to facilitate automatic task-dependency management, with agile control flow and minimized overheads. Finally, algorithm-hardware co-optimizations are proposed in each task cluster to improve throughput and energy efficiency. Fabricated in a 28-nm process, PQPU has energy efficiency and throughput of 4.4 mu J/Op and 69.4 kOPS. The energy-delay product (EDP) and throughput achieved are 19.3% and 44.6% compared to the state-of-the-art design, respectively. To the best of our knowledge, PQPU is the first silicon-proven PQC accelerator that supports all valid schemes in NIST PQC standardization.

Aobo Li,Dongsheng Liu,Cong Zhang,Xiang Li,Shuo Yang,Xingjie Liu,Jiahao Lu,Xuecheng Zou,Ang Hu,Tianming Ni

DOI: https://doi.org/10.1109/tii.2022.3195743

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Progress of quantum computing technology seriously threaten the industrial information security based on traditional public-key cryptosystem. Thus, the cryptosystem with anti-quantum attack characteristics is gradually becoming a significant research in the security field. In this article, a flexible and high-performance secure coprocessor is designed for security in industrial processes, which can execute the post-quantum cryptographic algorithm Saber efficiently. Custom instruction set and arithmetic accelerators are proposed to effectively optimize the flexibility of system architecture, and improve the performance of calculation. The hardware implementation results show that the maximum operating frequency of the coprocessor can reach 345 MHz. Compared with related state-of-the-art works, it achieves the highest operating frequency on the same Xilinx UltraScale+ FPGA platform, performing the encryption and decryption operations within 13.5 and 15.4 μs, respectively. Meanwhile, this article achieves 1.7/3.1/5.9× area-time product improvements in look-up table flip-flop block memory storage with good flexibility.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Ronghua Lu,Jun Han,Xiaoyang Zeng,Qing Li,Lang Mai,Jia Zhao

DOI: https://doi.org/10.1109/aspdac.2008.4483921

2008-01-01

Abstract:A low-cost cryptographic processor for security embedded system is presented in this paper. The processor, without any assistance of dedicated cryptographic coprocessors, is scalable and very efficient for popular cryptographic algorithms such as RSA/ECC, AES, Hash, etc. Based on SMIC 0.18 um standard CMOS technology, the core circuit of the test chip has only about 32 k gates, and a max frequency of 200 MHz, under which the 1024-bit RSA algorithm takes only 150 ms and the throughout of AES reaches 256 Mbits/s.

Wei Huang,Jun Han,Shuai Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ICSICT.2010.5667841

2010-01-01

Abstract:This paper presents a mobile security SoC to deal with intensive cryptography algorithms for different security protocols. A MIPS-like general processor, a dedicated package processor for fast data package, and multiple security processors for cryptography are integrated in the SoC. Moreover, the performance can be greatly enhanced by the well-designed DTU (Data Transfer Unit), memory architecture and synchronization units. With the help of our MIPS, software of the processors could be programmed flexibly to fulfill the requirements of the different security protocols. A test chip is implemented in SMIC 0.13μm standard CMOS technology, and its functionality and performance are well verified. It can achieve 565Mbps, 256Mbps, 19Kbps and 16Kbps throughput for AES (128), SHA-1, RSA (1024), ECC (192) respectively.

Kang Li,Gang Chen,Haixin Wang,Guoqiang Bai,Hongyi Chen

2008-01-01

Abstract:This work presents a dual-core two-field elliptic curve cryptosystem supporting several elliptic curve cryptography (ECC) protocols to accelerate signature generation and verification. The processor uses either a cooperating mode or a separate mode to support not only several elliptic curve digital signature algorithms, but also scalar multiplication, point addition and point verification. All the parameters in the design are configurable with lengths ranging from 192 bit to 384 bit in steps of 64 bit. The cryptosystem designed with 0.18μm CMOS technology using 372 × 103 gates occupies 3.72 mm2 with a critical path of 3.77 ns. 1538 signatures or 775 verifications can be completed in one second with a clock frequency of 250 MHz and 192 bit length parameters. Because of its efficiency and configurablility, this processor is especially suitable for use as a security coprocessor for high-performance network processors.

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Wei Huang,Jun Han,Shuai Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ASSCC.2010.5716621

2010-01-01

Abstract:This paper presents a heterogeneous multi-core SoC platform to deal with intensive cryptography algorithms in different security protocols. And several cores are integrated in the proposed Platform, which are a MlPS-like general processor (GP), a dedicated package processor (PP) for fast data package, and multiple security processors (SP) for cryptography. The low-cost dedicated SPs can execute cryptography algorithms flexibly and efficiently, and the processing performance of this platform can be enhanced easily by exploiting algorithms parallelism on multiple cores. Moreover, a test chip is implemented in SEVIC 0.13μm standard CMOS technology, and its functionality and performance are well verified. It can achieve 565Mbps, 256Mbps, 19Kbps, and 16Kbps throughput for AES(128), SHA-1, RSA(1024), ECC(p192) respectively. Comparison results shows that it also has a low-complexity hardware cost but more flexibility.

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Weizhen Wang,Jun Han,Zhicheng Xie,Shan Huang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/isocc.2016.7799761

2016-01-01

Abstract:Together with the popularity of internet of things (IoT), the information security in IoT is becoming an urgent issue. In this paper, a cryptographic coprocessor is designed to provide security for IoT sensor nodes. This design incorporates the application-specific instruction set to support popular cryptography algorithms like advanced encryption standard (AES) and elliptic curve cryptography (ECC). The tailored instruction provides good flexibility, high energy efficiency and low latency. Local instruction and data ram is integrated into our coprocessor to reduce the instruction transfer between embedded processor and the coprocessor. Our work was synthesized under TSMC 65 nm technology. The measurement results show that our design consumes 32.7 uJ for each ECC point multiplication and 3 nJ for each AES encryption and decryption when working at 10 MHz.

Long Wang,Hui Zhao,Guoqiang Bai

DOI: https://doi.org/10.1109/edst.2007.4289808

2007-01-01

Abstract:The ever increasing demand for security in embedded systems such as smart cards has resulted in the need to provide cost-efficient hardware that can compute the public-key cryptography. Now, 8-bit microcontrollers still hold a considerable share of the low-cost embedded system market and dominate in the smart card industry. The performance of 8-bit microcontrollers is too inefficient to implement the necessary cryptography operations in software. In this paper we describe the feasibility of utilizing an public-key cryptographic coprocessor on an 8-bit microcontroller to get time and size trade-offs. The coprocessor flexibly supports both RSA with ranging from 256 bit to 2048 bit and ECC on GF(2(257)) field. In order to exploit the full potential of our coprocessor, We proposed a small direct memory access (DMA) to removing system-level performance bottlenecks caused by the transfer of data between coprocessor and external RAM. Considering performance and hardware cost, our design compares favorably with existing solutions.