ZHOU Yi,SHEN Hai-bin,FAN Jun-feng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2006.06.015

2006-01-01

Abstract:RSA is a time-consumed algorithm and is always implemented by using Montgomery multiplication algorithm.The paper develops a two-stage Montgomery multiplication algorithm and presents a high speed scalable hardware implementation based on the algorithm described for the RSA computation.High-radix,2~(64) is used in the algorithm.Compared with other Montgomery multiplication algorithm,the performance of RSA algorithm is highly improved.In hardware area,based on three pipelined 64×64 bit multiplier,five pipelined process unit is designed.Its architecture gives enough freedom to select the operand length to be used.It can implement multi RSA operation such as 1 024 bit,2 048 bit.In the 1 024 bit condition,its encrypt speed can reach 8 800 times per second.The system simulation and tapeout is based on SIMC0.18 technology.

Chao Cui,Yun Zhao,Yong Xiao,Weibin Lin,Di Xu

DOI: https://doi.org/10.1007/978-3-030-70665-4_180

2021-01-01

Abstract:As an asymmetric encryption algorithm, RSA is currently known as the ripest and most widely used one. However, it is showed in many documents in recent years that RSA algorithm is lack of security, due to its weakness in defending side channel attacks, especially power analysis attacks. This paper proposes an RSA coprocessor resistant to power analysis attack, which adds pseudo operation and exponential randomization masking to defend SPA and DPA. Then, this paper improves the speed of RSA by using 256-base subtracted-free Montgomery multiplier combining with two-layer Karatsuba multiplier and CSA adder. This design is able to be implemented on both FPGA and ASIC. With a technology of 100 MHz clock frequency and SMIC 130 nm process, DC synthesis is implemented as well. The experiment result shows that our 1024-bit RSA design costs an area of 310 K gates and has a throughput of 110 Kbps.

Qiang Liu,MA Fangzhen,Dong Tong,Cheng‐Zhong Xu

2005-01-01

Abstract:Montgomery multiplication algorithm is optimized for large-bit modular multiplication and VLSI implementation. It is combined with the R-L (Right to Left) binary method to achieve speed improvement. Special efforts are focused on the problems with long-bit modular arithmetic. A Carry-Save-Adder architecture, which is implemented by redesigned (4∶2) compressors, is used in the multiplier to avoid the long carry propagation. A signal-backup strategy is used to resolve the problem of signal broadcasting. Using a multiplexer?-?based method, the datapath of the multiplier is reconfigurable to perform either one ((1?024)-bit) multiplication or two 512-bit multiplications in parallel. The Chinese Remainder Theorem (CRT) increases the decryption data rate by a factor of 3.8.

Nian Xue,Yun Pan,Zhang Yuhong,Xiaolang Yan

2010-01-01

Abstract:A radix-4 Montgomery modular multiplication and the optimized circuit architecture are presented.It can reduce iterations of traditional radix-2 modular multiplication to about 50%.Based on this module,the implementation of high speed RSA encryption processor follows completely parallel modular exponentiation flow with Carry Save Addition(CSA) structure to perform long integer arithmetic.This avoids the repeated interim output/output format conversion.Result shows that the optimization is technology independent and thus should suit well for not only FPGA implementation but also ASIC.This design can complete a standard 1 024 bit RSA encrypt operation with only 9 836 clock cycles.Compared to the recently proposed design in the literature,the proposed design can achieve an increase of over 50% in throughput.

Tao Wu,ShuGuo Li,LiTian Liu

DOI: https://doi.org/10.1007/s11432-014-5215-4

2015-01-01

Science China Information Sciences

Abstract:This paper improves the quotient-pipelined high radix scalable Montgomery modular multiplier by processing w-bit and k-bit words in carry save form instead of some(w + k)-bit length operands. It directly reduces both the critical path and the area overhead of the original processing elements. Then based on this improved high-radix scalable Montgomery modular multiplier, we propose an efficient hardware architecture for RSA decryption with Chinese Remainder Theorem. With simple configuration logics, the hardware unit works in three modes:(1) scalable modular reduction for precomputation,(2) scalable Montgomery modular multiplication for modular exponentiation, where an approximation method is developed to reduce the expanded result below the modulus, and(3) scalable multiplication for post-processing. Hardware implementation shows that the proposed architecture is optimal with reference to the literature in terms of speed, area, and frequency.A 4096-bit RSA decryption in XC2V6000-6 FPGA can be completed in 11.05 ms with 14041 slices/17409 LUTs,128 16 × 16 multipliers, and 70 kbits of block RAMs. Finally, by the use of Montogmery powering ladder the modular exponentiation unit based on the improved high radix scalable Montgomery modular multiplier can be built resistant to fault and simple power attacks. A 1024-bit modular exponentiation unit with such resistances costs about 255 K NAND2 gates in.18 μm CMOS process, and one full modular exponentiation takes about1.44 ms at 250 MHz.

李树国,周润德,冯建华,孙义和

DOI: https://doi.org/10.3321/j.issn:0372-2112.2001.11.001

2001-01-01

Abstract:The area and speed of cryptography coprocessor impede the application of public-key cryptography RSA for smart card.A new VLSI architecture of high-radix modular multiplier to compute RSA public-key cryptosystem using our modified Montgomery algorithm is proposed.With TSMC 0.35μm CMOS technology models,a 1024-bit RSA cryptography coprocessor based on our proposed VLSI architecture have been implemented.Its simulation results show that the time to calculate 1024-bit modular multiplication is about 1216 clock cycles and the gate count of the coprocessor is about 38k.At a clock rate of 5MHz it will take about 374ms to encrypt 1024-bit message on average.Compared with previous works our proposed architecture can achieve good performance in chip area and speed,therefore it is well suited to smart cards.

Q Liu,Fz Ma,D Tong,X Cheng

DOI: https://doi.org/10.1109/mwscas.2004.1354396

2004-01-01

Abstract:High performance VLSI implementation of the RSA algorithm using the systolic array is presented. High-speed applications of RSA systems require parallel implementations of modular multipliers. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is used to further eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. A Carry-Save-Adder structure is used for calculating the iterative step of the algorithms which contributes to speed improvement and area saving. In addition, long modular multipliers suffer from the effect of large fanout. Novel architectures are proposed to eliminate the fanout bottleneck, which reduce the achievable minimum clock period of long modular multipliers. Compared to the original modular multiplier architecture with fanout bottleneck, the proposed architectures can achieve an increase of over 7% in throughput without increase in area. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode.

Y Fan,XY Zeng,Z Zhang,A Chen,QL Zhang

DOI: https://doi.org/10.1109/isspa.2005.1580257

2006-01-01

Abstract:This paper proposes a novel architecture for highspeed RSA crypto-processor with reconfigurable architecture. Through analysing and comparing between the original algorithms with modified Modular exponentiation and Montgomery multiplication algorithm, a nested pipelined RSA crypto-processor architecture is presented. Based on this architecture, we can easily design a RSA crypto-processor with various speed & key length, it is very flexible to design an encrypt IP core in the SOC platform. As an example, a 1024-bit, 5Mbps RSA cryptoprocessor is implemented. The result shows that the architecture proposed by this paper is practical and efficient.

Gu Yehua,Zeng Xiaoyang,Han Jun,Ma Yongxin,Zhao Jia

DOI: https://doi.org/10.1109/ICSICT.2006.306498

2007-01-01

Abstract:A scalable design of RSA Crypto-coprocessor is presented in this paper, which supports variable keys up to 4096bits. By analyzing and improving the modified multiple-word Montgomery multiplication algorithm, its pipeline architecture is optimized and critical path is greatly shortened. Meanwhile, its performance is much higher compared with previous work. Therefore, the proposed design is very suitable to the low-cost and high-performance RSA cryptosystem and can be easily implemented in VLSI technology. ©2006 IEEE.

REN Yanting,WU Liji,LI Xiangyu,WANG An,ZHANG Xiangmin

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2016.23.012

2016-01-01

Abstract:RSA is the most widely used public-key algorithm,and is specified as the signature algorithm in bank IC cards.The unprotected RSA implementation is vulnerable to side-channel attacks as pointed out in several works.Due to the complexity of the algorithm,the power consumption of an RSA module is usually high.A side channel resistant,efficient and low-power RSA processor was designed using countermeasures against side-channel attacks based on the Montgomery ladder with a modified Montgomery algorithm then proposed,which combines CIOS and Karatsuba algorithms.The computation time of modular multiplication can be reduced by 25％ with the length of RSA being configurable and up to 2 048 bits.The proposed RSA module was verified with C * Core C0 in FPGA board.With SMIC 0.13μm CMOS process,the EDA synthesis result indicates that the area is about 24 000 gates,and the throughput of 1024-bit RSA is 8.3 kb/s under the frequency of 30 MHz with the power consumption of 1.15 mW.

LIU Qiang,Tong Dong,CHENG Xu

DOI: https://doi.org/10.3321/j.issn:0372-2112.2005.05.033

2005-01-01

Abstract:AbstrcatThe rapid advance in communication technology brings a request for cryptoprocessors of higher performance.In the design of the RSA modular exponentiator,the Montgomery modular multiplication algorithm and the right-to-left binary method are used and modified considering large-bit modular multiplication and VLSI implementation.A Carry Save Adder structure is used in the modular multiplier,to avoid the long carry propagation.We propose a Signal Multi-Backup strategy to resolve the problem of large loads that are caused by the signal broadcasting of large-bit operation structures.

YL Sun,XJ Wu

DOI: https://doi.org/10.1109/icasic.2003.1277448

2003-01-01

Abstract:RSA public-key cryptography and some other algorithms require various modular arithmetic operations. This paper presents an area efficient modular arithmetic processor. The operands can vary in size from 256 to 2048 bits. Optimized CIOS algorithm is introduced to speed up modular multiplication. At a maximum clock rate of 60 MHz, it takes 57 ms to complete a 1024-bit modular exponentiation. The core circuit without RAM contains 16000 gates and the whole area measures only 3.31 mm2 in a 0.35 μm CMOS technology. As a coprocessor, it is suitable for embedded systems, especially in area-constrained environments such as smart cards.

Qiang LIU,Fangzhen MA,Dong Tong,Xu CHENG

DOI: https://doi.org/10.3321/j.issn:0479-8023.2005.03.022

2005-01-01

Abstract:A novel and generic approach is presented to the hardware implementation of the RSA cryptoprocessor in deep sub-micro (DSM) technology with a redesigned systolic array. With deep sub-micro technology scaling, integrated circuit performance bottleneck has shifted from logic gates to global interconnection. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is proposed to eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode. The block-based global signal transportation scheme and the redundancy scheme are quite different from those of previous works.

XY Zeng,C Chen,QL Zhang

DOI: https://doi.org/10.1109/apasic.2004.1349440

2004-01-01

Abstract:A new RSA/ECC coprocessor with the characteristic of reconfiguration is proposed in this paper, which can meet the requirements of both GF(p) and GF(2(m)) fields and perform the prevalent cryptographies such as RSA and ECC. The coprocessor has the merit of reconfigurable architecture, and it can perform the modular multiplication from 32-bit to 512-bit without any modification to its hardware. Based on 0.35mum CMOS technology, area of the coprocessor is about 45K gates, and system frequency can up to 100MHz, the 512-bit modular multiplication achieve 190kbps and the 233-bit ECC encryption rate of 50kbps.

Kai Liao,Xiaoxin Cui,Nan Liao,Tian Wang,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/tie.2016.2610402

IF: 7.7

2016-01-01

IEEE Transactions on Industrial Electronics

Abstract:Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researches. In this paper, we propose a low-area-time-product ECC coprocessor for GF(2(m)) with the ability to resist most of the existing noninvasive SCAs. The basic countermeasures are relied on the underlying finite field arithmetics in randomized Montgomery domain, which can blind the intermediate value in the iterations of scalar multiplication to prevent the adversaries from cracking the private key by statistical methods. Meanwhile, we optimize the modular division and modular multiplication algorithms to fix the operating time to resist some certain timing attacks, and the Montgomery Ladder algorithm makes the coprocessor immune against simple SCAs. To efficiently implement our coprocessor, we present a hybrid operation sequence which merely needs one multiplication module and one division module to complete the entire operations. The synthesis results indicate that our design is superior to other related works in area-time product (ATP) and the extra overhead paid for the countermeasures is less than 5%.

Yongxin Ma,Xiaoyang Zeng,Min Wu,Chengshou Sun

DOI: https://doi.org/10.1109/iscas.2006.1692582

2006-01-01

Abstract:Based on modified multiple-word radix-4 Montgomery algorithm and improved pipeline mechanism, an area efficient RSA crypto-processor is implemented, which supports reconfigurable keys up to 2048 bits. Based on 0.25 mu m standard CMOS technology, the new coprocessor achieves a 1024-bit encryption rate of 28Kbps at 180MHz and the core circuit without RAM contains 18,000 gates. The result shows that this processor is very suitable for area-constrained applications such as smart cards.

WANG Di-li,BAI Guo-qiang,CHEN Hong-yi

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.05.001

2010-01-01

Abstract:In this paper, regular and flexible hardware architecture based on the systolic array for implementing the multiple-word radix-2 Montgomery multiplication algorithm is proposed, and it has been used to implement the algorithm in FPGA for different bit-widths. The architecture successfully limits the critical path of the systolic array to the critical path of the adder in a processing element, without any additional circuits or clock cycles needed. According to the hardware implement results, the proposed architecture has higher frequency, less latency and less area.

Tao Wu,Shuguo Li,Litian Liu

DOI: https://doi.org/10.1016/j.vlsi.2012.09.002

IF: 1.345

2013-01-01

Integration

Abstract:In this paper, the primitive common-multiplicand Montgomery modular multiplication is developed for modular exponentiation. Together with Montgomery powering ladder, a fast, compact and symmetric modular exponentiation architecture is proposed for hardware implementation. The architecture consists of one group of processing elements along the central line and two symmetric groups of accumulation units on two sides. The central elements perform modular reductions, while the symmetric units on both sides accumulate the modular multiplication results. A feedforwarding architecture is employed to decrease the latency between processing elements, in parallel with the word-based accumulation units, which are also pipelined. Meanwhile, due to the symmetric architecture and Montgomery powering ladder, the modular exponentiation is immune from fault and simple power attacks. Implemented in FPGA platform, the performance of our proposed design outperforms most results so far in the literature.

Yibo Fan,Xiaoyang Zeng,Yu Yu,Gang Wang,Qianling Zhang

DOI: https://doi.org/10.1109/ISCAS.2006.1693351

2006-01-01

Abstract:This paper proposed a high-radix scalable Montgomery multiplier with the efficient data-path and half latency. By using new algorithm proposed by this paper, it achieves shorter critical path by calculating coefficient qY and qM in parallel. The algorithm can also provide half latency by changing pipeline dataflow through operands dynamic extending during calculation. This design can be used to accept any input precision up to the size of the on-chip memory. An ASIC implementation in 0.25 mun CMOS technology can perform 1024-bit RSA encryption with 390k bps under 180MHz frequency

Qiqi Tao,Liying Li,Junlong Zhou,Guitao Cao,Dan Meng

DOI: https://doi.org/10.1016/j.sysarc.2024.103142

IF: 5.836

2024-05-01

Journal of Systems Architecture

Abstract:Homomorphic encryption is an important technology for protecting data privacy, and the performance of modular multiplication directly affects the efficiency of homomorphic encryption. Currently, there are numerous FPGA-based acceleration techniques targeting modular multiplication. However, many of these implementations require substantial hardware resources or suffer from resource imbalance. This leads to a lower throughput. Therefore, we present a novel FPGA-based implementation of Montgomery Modular Multiplication aimed at addressing these challenges. Our design employs a suitable radix bit width and word size based on the digital signal processing (DSP) bit width rather than the conventional binary powers of two. We aim to instantiate more modular multipliers using limited resources while minimizing latency. We also introduce a novel DSP cascade structure, called parallel grouping cascade DSP, which reduces the number of clock cycles of internal multipliers. To balance the ratio of lookup table (LUT) and DSP usage, we also use multipliers implemented in the LUT to replace some DSPs. Our results, implemented on Xilinx Virtex-7 field-programmable gate array (FPGA), demonstrate more than 27% improvement in throughput on 1024-bit modular multiplication and more than 70% improvement on 2048-bit compared to the best previous state-of-the-art references.

computer science, software engineering, hardware & architecture