Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Chuhui Wang,Zewen Ye,Haibin Shen,Kejie Huang

DOI: https://doi.org/10.1007/978-3-031-69766-1_10

2024-01-01

Abstract:Bit Flipping Key Encapsulation (BIKE) is a code-based key encapsulation mechanism that utilizes Quasi-Cyclic Medium Density Parity-Check (QC-MDPC) codes, which is a promising candidate in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization process. Polynomial multiplication calculation is the most critical operation in BIKE, which limits the speed of key generation and encapsulation. The high degree of the polynomial not only requires millions of computations but also necessitates complex memory access. To address this issue, we propose a Computation-in-Memory (CIM) based accelerator architecture for polynomial multiplication operations in BIKE. To minimize the size of the CIM core while maintaining high computational throughput, we propose a folded mapping strategy and a one-memory-multiple-NAND architecture. As a result, a 128x128 array is sufficient for the bike1 parameters, with zero padding at the higher part of the multiplicand. Furthermore, we introduce a data flow scheme that integrates carry-less multiplication and polynomial reduction operations to improve computational efficiency. The post-layout simulation results in 28nm CMOS technology show that our fastest configuration design occupies an area of approximately 1.37 mm(2) with a low power consumption of around 14.17 mW. Compared with state-of-the-art hardware implementations, our proposed design improves the speed of polynomial multiplication by approximately 2.5x.

Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Yi’er Jin,Haibin Shen,Huafeng Chen,Xiaolang Yan

DOI: https://doi.org/10.1007/s11767-006-0257-4

2008-01-01

Abstract:A new structure of bit-parallel Polynomial Basis (PB) multiplier is proposed, which is based on a fast modular reduction method. The method was recommended by the National Institute of Standards and Technology (NIST). It takes advantage of the characteristics of irreducible polynomial, i.e., the degree of the second item of irreducible polynomial is far less than the degree of the polynomial in the finite fields GF(2 m ). Deductions are made for a class of finite field in which trinomials are chosen as irreducible polynomials. Let the trinomial be x m + x h +1, where 1 ≤ k ≤ [m/1]. The proposed structure has shorter critical path than the best known one up to date, while the space requirement keeps the same. The structure is practical, especially in real time cryptographic applications.

LIANG Tian,SHEN Hai-bin,JIN Yi-er

2008-01-01

Abstract:New structures of bit-parallel multiplier based on shifted polynomial basis(SPB) and its weakly dual basis(WDB) over finite field are proposed.To the fields generated by trinomials,the structure of the proposed bit-parallel multiplier is easy for a designer to implement the proposed multipliers into hardware for their regular structures.Placement & Wire Routing using Encounter indicate that the proposal is thoroughly tested and proved to be good,and it balances the capability requirement and hardware consumption.

Weizhen Wang,Jun Han,Jielin Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2015.7516999

2015-01-01

Abstract:Finite field arithmetic is the base of cryptography algorithms like Elliptic Curves Cryptography (ECC) and RSA. In this paper, We have designed an arithmetic unit to implement the operation (A ± αB)mod N, where α is a small number compared with N. In our design, the coefficient α is smaller than 128. The basic motivation of designing this multiply-accumulate (MAC) unit is to support some high security ECC algorithms such as Optimal Ate Pairings. The well-known Optimal Ate Pairing based on Barreto-Naehrig elliptic curve is famous for it's efficient implementation. In those cryptography algorithms, the calculation of αB mod N is required, where α is a small number. It is unefficient to use modular multiplication to calculate it. This is the basic motivation of implementing the operation (A ± αB)mod N with α <;<; N. Considering that the Barreto-Naehrig elliptic curve for pairing are defined in F P12 , we implement the arithmetic unit to be a Single Instruction Multiple Data (SIMD) unit with pipelined structure. Thus, the design is suitable for arithmetic in extensions of finte fields. We have modified the Barrett reduction algorithm to make it suitable for the design. The design is synthesized with SMIC 65nm CMOS process. Compared with using modular multiplication to calculate (A ± αB)mod N, Our work shows better performance with small latency and high throughput.

Jun Han,Yang Li,Zhiyi Yu,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tvlsi.2014.2316514

2015-04-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Pairings are attractive and competitive cryptographic primitives for establishing various novel and powerful information security schemes. This paper presents a flexible and high-performance processor for cryptographic pairings over pairing-friendly curves at high security levels. In this design, hardware for Fp2 arithmetic is optimized to accelerate the pairing computation, and especially a combined modular multiplier, which implements (AB + CD) based on Montgomery method, is proposed. This combined multiplier has the data path delay close to that of a single multiplier implementing (AB) but saves 20% area cost compared with two single multipliers. The Design I of the proposed processor is the first fabricated chip for pairing cryptography. An improved version, Design II, is implemented using TSMC 65-nm CMOS technology and achieves the working frequency of 633 MHz after placing and routing. As demonstrated, the optimal ate pairings of 126- and 128-bit security can be computed by Design II in 0.521 and 0.554 ms, respectively. These results outperform the hardware implementations reported by previous works.

engineering, electrical & electronic,computer science, hardware & architecture

Yang Li,Jun Han,Shuai Wang,Dabin Fang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/IPEC.2012.6522664

2012-01-01

Abstract:Pairings are attractive and competitive cryptographic primitives for establishing various novel and powerful information security schemes. An efficient implementation of pairings is usually critical for realizing a cryptographic scheme practically. This paper presents a high-performance pairing processor with a new combined Montgomery multiplier which implements the fundamental operations of Fp2 multiplication efficiently. The processor is fabricated in TSMC 65nm CMOS process. The chip achieves 800MHz (1.2V) with 266.5mW power consumption and a core area of 2.51mm2, and computes an optimal Ate pairing (254-bit curve) in 0.64ms.

Bo Zhang,Zeming Cheng,Massoud Pedram

DOI: https://doi.org/10.1109/tvlsi.2024.3368002

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Modular multiplication (MM) is a fundamental operation in many cryptographic and arithmetic applications. In this article, we present an improved Barrett modular multiplication (BMM) algorithm and its hardware-efficient implementation. The proposed algorithm leverages parallel computation of quotient and intermediate results, enhancing overall efficiency. To further optimize the algorithm, two optimizations are introduced, replacing expensive multiplications and additions with more efficient compression and encoding operations at each iteration. We first introduce a novel data model that enables the use of a 2-bit adder to handle potential overflow in signed addition. Moreover, by employing a 3-bit addition on intermediate results, we eliminate the need for complete round operations while ensuring the desired result range. The experimental results demonstrate significant improvements in terms of area and computation time compared to existing classic BMM and Montgomery modular multiplication (MMM) designs. Our improved BMM outperforms these designs, particularly in high-radix scenarios. This work provides a valuable contribution to the field of MM, offering a hardware-efficient solution for achieving improved performance in cryptographic and arithmetic systems.

engineering, electrical & electronic,computer science, hardware & architecture

Yi Wu,GuoQiang Bai,XingJun Wu

DOI: https://doi.org/10.1109/edssc.2019.8754380

2019-01-01

Abstract:Elliptic curve cryptosystem costs smaller calculation complexity compared with RSA. Identity Based Cryptography is a state-of-art scheme in all the elliptic curve cryptosystems. Bilinear pairing calculation over elliptic curves is the most time-consuming part which is also the pivotal to build IBC schemes. We dedicated this paper to the study of accelerating pairing computation. The proposed design uses Karatsuba algorithm based multiplier and exploits parallelism at different layer of extension field. On the other hand, some algorithm-level techniques are used for square for F-q12. Finally, the design is implemented on Xilinx Virtex-6 platform with the verification the R-ate pairing computation used in Identity-Based Algorithms SM9 issued by China, takes only 5.83ms. The results also outperform the performance using OpenCL.

Guantong Su,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/edssc.2019.8753928

2019-01-01

Abstract:In this paper, we present a high performance extension field multiplier for pairing acceleration on reconfigurable device. It is shown that combining Residue Number System (RNS), which is designed for concurrent architecture and modern FPGA programmable logic array. The parallelism of RNS can be fully exploited. The proof of concept is implemented on a Xilinx Ultrascale+ FPGA, which takes 352 DSPs and accomplish a F-p6 multiplication in 44 cycles at a 500MHz clock frequency.

Mengyuan Li,Haoran Geng,Michael Niemier,Xiaobo Sharon Hu

2023-07-27

Abstract:Lattice-based cryptographic algorithms built on ring learning with error theory are gaining importance due to their potential for providing post-quantum security. However, these algorithms involve complex polynomial operations, such as polynomial modular multiplication (PMM), which is the most time-consuming part of these algorithms. Accelerating PMM is crucial to make lattice-based cryptographic algorithms widely adopted by more applications. This work introduces a novel high-throughput and compact PMM accelerator, X-Poly, based on the crossbar (XB)-type compute-in-memory (CIM). We identify the most appropriate PMM algorithm for XB-CIM. We then propose a novel bit-mapping technique to reduce the area and energy of the XB-CIM fabric, and conduct processing engine (PE)-level optimization to increase memory utilization and support different problem sizes with a fixed number of XB arrays. X-Poly design achieves 3.1X10^6 PMM operations/s throughput and offers 200X latency improvement compared to the CPU-based implementation. It also achieves 3.9X throughput per area improvement compared with the state-of-the-art CIM accelerators.

Cryptography and Security,Hardware Architecture

Yingchao Cui,Qing Liu,Yingbiao Yao,Xiaorong Xu,Wei Wu,Xin Xu

DOI: https://doi.org/10.1016/j.micpro.2023.104944

IF: 3.503

2023-10-18

Microprocessors and Microsystems

Abstract:For the elliptic curve cryptography (ECC) over prime field, this paper presents an area-efficient and low-latency elliptic curve scalar multiplication (ECSM) accelerator, which supports to process any prime number p ≤ 256 bits. The proposed accelerator is based on a parallel hardware implementation of iterative digit-digit Montgomery multiplication and an optimized data flow architecture for elliptic curve point operations. The proposed design is implemented in Xilinx Virtex-7 FPGA. The experimental results show that the proposed architecture occupies 23.7k look-up tables (LUTs) and performs single 256-bit scalar multiplication in 0.56 ms. The area-time product of the proposed architecture is only 13.36. Compared with other state-of-the-art ECSM implementations, the proposed architecture has obvious advantage in terms of the area-time product.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jianping Quan,Guoqiang Bai

DOI: https://doi.org/10.1109/ITNG.2009.184

2009-01-01

Abstract:Researches on DPA-resistant ECC implementation are concentrated in algorithm level. All these countermeasures need a big random number and extra memory overhead which are rare resources in hardware. On the other hand, universal countermeasures in logic level have a big area overhead and face many popular DPA attacks. To avoid these disadvantages, we attempt to solve it in architecture level. This paper presents a DPA-resistant digit-Parallel modular multiplier over GF (2m) which can be used to conceive a secure ECC implementation. It uses 1-bit random number and brings about 20% overhead in speed, 50% overhead in area and 75% overhead in power. Simulations based on back-annotated netlists show that our method can prevent popular DPA attacks successfully.

Xusheng Wang,Xiangyu Li

DOI: https://doi.org/10.1109/edssc.2017.8126429

2017-01-01

Abstract:In this paper, a low-cost accelerator for the η T pairing in characteristic three over the super-singular elliptic curves is designed. As the critical operations of η T pairing, the cubing and sparse multiplications over GF(3 6m ) in the Miller's algorithm are merged and their arithmetic are modified and scheduled to reduce the intermediate data related overhead. With these optimizations, the Miller's loop is implemented by a structure that has simpler arithmetic units, less registers compared with the conventional designs. The area-time products of our design are decreased by 57.6% and 53% compared with the state-of-the-art FPGA and ASIC accelerators respectively.

Jamshid Shokrollahi,Elisa Gorla,Christoph Puttmann

DOI: https://doi.org/10.48550/arXiv.0708.3022

2007-08-22

Abstract:In this work we present a new structure for multiplication in finite fields. This structure is based on a digit-level LFSR (Linear Feedback Shift Register) multiplier in which the area of digit-multipliers are reduced using the Karatsuba method. We compare our results with the other works in the literature for F_{3^97}. We also propose new formulas for multiplication in F_{3^{6*97}}. These new formulas reduce the number of F_{3^97}-multiplications from 18 to 15. The fields F_{3^{97}} and F_{3^{6*97}} are relevant in the context of pairing-based cryptography.

Cryptography and Security

Junichi Sakamoto,Daisuke Fujimoto,Riku Anzai,Naoki Yoshida,Tsutomu Matsumoto

DOI: https://doi.org/10.1109/tvlsi.2024.3402164

2024-07-26

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:This study focuses on the acceleration of cryptographic pairing operations on field-programmable gate arrays (FPGAs) for server-side applications. Previous studies on FPGA pairing implementations focused on area efficiency for embedded devices, trying to achieve maximum performance with minimal circuit resources. However, their architectures are likely to be inefficient for server-side applications, where the primary interest is maximum performance when FPGA resources are finished. Their architectures are inefficient for two reasons: low utilization of the digital signal processor (DSP) and low operation frequency. In this study, we propose a high-throughput pairing processor architecture for server-side FPGAs, taking full advantage of DSPs. First, we propose a loop-unrolled modular multiplication algorithm that is suitable for a server-side FPGA. The algorithm shows the highest throughput and area efficiency compared to algorithms from previous studies. Second, we design a pairing processor architecture that embeds the proposed modular multiplier, thus, maintaining its high throughput by supporting redundant adders and interleaved executions. We evaluate BN254 and BLS12_381 pairings on the proposed processor architecture and the evaluation results show that it achieves good throughput that is approximately two and five times faster than that from previous studies, respectively.

engineering, electrical & electronic,computer science, hardware & architecture

Amer Aljaedi,Furqan Aziz Qureshi,Mohammad Mazyad Hazzazi,Malik Imran,Zaid Bassfar,Sajjad Shaukat Jamal

DOI: https://doi.org/10.1109/access.2024.3403771

IF: 3.9

2024-05-28

IEEE Access

Abstract:This article presents an area-efficient hardware architecture for the implementation of elliptic-curve point multiplication (PM) operation over . The area is minimized through three strategies: 1) implementing a bit-serial-based Booth polynomial multiplication architecture to multiply two polynomials with clock cycles overhead, 2) using one modular adder, Booth multiplier and square block in the arithmetic unit, and 3) realizing the modular inversion computation using the implemented square and Booth multiplier circuits. Moreover, the critical path is evaluated by the placement of registers in the datapath of the PM and Booth multiplier architectures. Moreover, a dedicated finite-state machine is implemented for control functionalities. Finally, a figure-of-merit (FoM), defined as throughput/area, facilitates realistic comparisons. The implementation results are reported on Xilinx field-programmable gate array (FPGA) devices. On the Virtex-7 device, our accelerator utilizes 1343 slices and can operate on a maximum of , requiring 174457 clock cycles and for one PM computation. It consumes power. The implementation results and comparison to state-of-the-art show that the proposed accelerator is suitable for cryptographic applications that demand lower hardware resource utilization without significant concerns regarding computation time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weihang Tan,Antian Wang,Yingjie Lao,Xinmiao Zhang,Keshab K. Parhi

DOI: https://doi.org/10.1109/TC.2023.3251847

2023-02-24

Abstract:This paper presents a low-latency hardware accelerator for modular polynomial multiplication for lattice-based post-quantum cryptography and homomorphic encryption applications. The proposed novel modular polynomial multiplier exploits the fast finite impulse response (FIR) filter architecture to reduce the computational complexity of the schoolbook modular polynomial multiplication. We also extend this structure to fast $M$-parallel architectures while achieving low-latency, high-speed, and full hardware utilization. We comprehensively evaluate the performance of the proposed architectures under various polynomial settings as well as in the Saber scheme for post-quantum cryptography as a case study. The experimental results show that our proposed modular polynomial multiplier reduces the computation time and area-time product, respectively, compared to the state-of-the-art designs.

Cryptography and Security,Hardware Architecture

Xiang Feng,Shuguo Li

DOI: https://doi.org/10.1109/tcsii.2018.2840108

2019-01-01

Abstract:This brief proposes a novel hardware structure for large integer multiplication in fully homomorphic encryption. We propose a method based on negative wrapped convolution to avoid zero padding in Strassen's algorithm, which can cut down half of the Fourier transform length. In addition, we also optimize the ping-pong fast Fourier transform algorithm by doubling the transform throughput and generating the round constant on the fly. Based on our proposed method and optimized algorithm, we design and implement a 768 k-bit integer multiplier on Altera Stratix V field-programmable gate array (FPGA). Implementation results on FPGA show that our structure outperforms the current competitors in area efficiency.