Chuliang Guo,Li Zhang,Xian Zhou,Grace Li Zhang,Bing Li,Weikang Qian,Xunzhao Yin,Cheng Zhuo

DOI: https://doi.org/10.1145/3446213

IF: 2.013

2021-01-01

ACM Journal on Emerging Technologies in Computing Systems

Abstract:Multiplications have been commonly conducted in quantized CNNs, filters, and reconfigurable cores, and so on, which are widely deployed in mobile and embedded applications. Most multipliers are designed to perform multiplications with symmetric bit-widths, i.e., n - by n -bit multiplication. Such features would cause extra area overhead and performance loss when m - by n -bit multiplications ( m > n ) are deployed in the same hardware design, resulting in inefficient multiplication operations. It is highly desired and challenging to propose a reconfigurable multiplier design to accommodate operands with both symmetric and asymmetric bit-widths. In this work, we propose a reconfigurable approximate multiplier to support multiplications at various precisions, i.e., bit-widths. Unlike prior works of approximate adders assuming a uniform weight distribution with bit-wise independence, scenarios like a quantized CNN may have a centralized weight distribution and hence follow a Gaussian-like distribution with correlated adjacent bits. Thus, a new block-based approximate adder is also proposed as part of the multiplier to ensure energy-efficient operation with an awareness of the bit-wise correlation. Our experimental results show that the proposed approximate adder significantly reduces the error rate by 76% to 98% over a state-of-the-art approximate adder for Gaussian-like distribution scenarios. Evaluation results show that the proposed multiplier is 19% faster and 22% more power saving than a Xilinx multiplier IP at the same bit precision and achieves a 23.94-dB peak signal-to-noise ratio, which is comparable to the accurate one of 24.10 dB when deployed in a Gaussian filter for image processing tasks.

Xie Xiaoqing,Gao Lin

DOI: https://doi.org/10.3969/j.issn.1007-7820.2009.03.015

2009-01-01

Abstract:This paper presents novel architectures for the hardware implementation of the Advanced Encryption Standard(AES) algorithm.This paper is different from the traditional hardware implementation approaches of the AES algorithm.It first analyzes the architecture of the AES algorithm and modifies the decryption process for the sake of sharing substructure and reducing the area requirements.Secondly,it employs composite field arithmetic to minimize the unbreakable delay incurred by look-up tables in the SubBytes/InvSubBytes transformation.Finally,eight pipelines are used to enhance the chip's frequency by analyzing the delay of hardware structure.The experiment result shows that the design can satisfy the requirements of small chip area and high deposing date rate.

Qihuan Huang,Leibo Liu,Hai Huang,Shaojun Wei

DOI: https://doi.org/10.1109/iccsn.2017.8230286

2017-01-01

Abstract:Due to low masking-complexity property of the addition chain, it has been widely researched for evaluating the S-boxes in the recent literatures. This paper summarizes four main addition chains developed for the AES S-box in the existing literatures and chooses the most area-efficient addition chain. To further reduce the masking complexity, this paper proposes an improved algorithm for evaluating the polynomial modular multiplication. Based on the proposed algorithm, the non-linear multiplier, the square multiplier and the constant multiplier are developed separately to implement four different addition chains. To evaluate the performance, these addition chains are modeled with the Verilog, synthesized with the Synopsys Design Compiler and compared with each other. The comparison results show that the addition chain with less non-linear multipliers and square multipliers has less area. According to the comparison results, this paper chooses the most area-efficient addition chain to implements the whole AES. The research in this paper lays the foundation for the high-efficient higher-order masking scheme of the block cipher algorithm.

Zhao-Huei Wang,Xiao Zhang,Sitao Wang,Zhisong Hao,Zhiming Zheng

2014-01-01

Abstract:The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of this work, it could be predicted that the isomorphism implies equal immunity from certain cryptanalysis. Our S-box is suitable for the area-limited hardware production. Keywords–AES; Composite field; S-box; Hardware implementation.

Tang Hu,Xiangdi Li,Xiao Yu,Songnan Ren,Li Yan,Xuyang Bai,Zhiwei Xu,Shiqiang Zhu

DOI: https://doi.org/10.1109/tcsii.2022.3200750

2022-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:Efficient FPGA-based floating-point singular value decomposition (SVD) is challenging for its enormous complexity with the rapid growth of the matrix dimension. Numerous hardware architectures have been proposed to improve the performance of SVD by increasing capacity of computation units, reusing data, and enhancing bandwidth. These designs, however, are not optimum due to their low parallelism, poor data access efficiency, and inferior iterations scheduling. In this express, we propose a block column vector Hestenes-Jacobi (BCV Jacobi) algorithm that decomposes an arbitrary large matrix into several blocks, enhances the access efficiency by customizing the distinctive data structure, and improves the system-level parallelism by simplifying the iteration scheduling. The proposed BCV Jacobi algorithm also achieves better scalability and efficiency. Experimental results show that the performance of the proposed FPGA based SVD processor is superior to other SVD implementations in terms of parallelism, data access efficiency, matrix size, and execution time. When compared with state of the art SVD accelerator engine, the proposed algorithm speeds up the runtime over $2{\times }$ on average.

Mengyuan Zhang,Tairong Shi,Wenling Wu,Han Sui

DOI: https://doi.org/10.1109/tc.2024.3449094

IF: 3.183

2024-10-12

IEEE Transactions on Computers

Abstract:In the post-quantum era, the security level of encryption algorithms is often evaluated based on the quantum resources required to attack AES. In this work, we make thoroughly estimations on various performance metrics of the quantum circuit of AES-128/192/256. Firstly, we introduce a generic round structure for in-place implementation of the AES algorithm, maximizing the parallelism between nonlinear components. Specifically, when employed as an encryption oracle, our structure reduces the T-depth from 2rd to (r+1)d. Furthermore, by leveraging the properties of block-cyclic matrices, we present an in-place implementation circuit for MixColumn with depth 10, utilizing 105 CNOT gates. In relation to the S-box, we have assessed its minimum circuit width at different T-depths and provide multiple versions of circuit implementations for a depth-width trade-off. Finally, based on our optimized S-box circuit, we conduct a comprehensive analysis of the implementation complexity of different round structures, where our structure exhibits significant advantages in terms of low T-depth.

engineering, electrical & electronic,computer science, hardware & architecture

Qiuyu Cheng,Yakun Zhou,Chentao Liang,Zuofeng Zhang,Jienan Chen

DOI: https://doi.org/10.1109/iscas58744.2024.10558352

2024-01-01

Abstract:Matrix multiplication serves as the primary operation in massive multiple-input multiple-output (MIMO). However, with the continuous advancement of MIMO technology, the escalating computational complexity and the necessity for adaptable matrix multiplication in MIMO communication pose a formidable challenge. In this paper, we propose the Joint Serial-Parallel Dataflow (JSPD) mapping method for dynamic precision matrix multiplication, which relies on the utilization of Spatio-Temporal Transforms (STT) and Principal-Auxiliary Matrices (PAM). The data is initially processed serially and is mapped onto Processing Element (PE) arrays through STT transforms. Subsequently, both high-precision and low-precision components of the data are computed selectively in parallel, employing a combination of principal and auxiliary matrices. The matrix multiplication process is mapped onto the PE arrays, incorporating output-stationary and output-flow modes. Compared with the traditional fixed structure PE arrays, the JSPD mapping method improves the computational flexibility while increasing the PE cell work share ratio by 7.57% similar to 21.86%. Meanwhile, JSPD reduces the hardware overhead by a maximum of 68% and improves hardware efficiency by 35.77%.

Jielin Wang,Weizhen Wang,Jianwei Yang,Zhiyi Yu,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2015.7517001

2015-01-01

Abstract:Advanced Encryption Standard (AES) plays an important role in modern cryptographic applications. High performance implementation of AES are required for many application scenarios. Parallelization techniques are popular in recent years to improve the performance. In this paper we propose two parallel AES schemes, one is full software implementation and another is software implementation with hardware accelerator. These schemes are implemented on two 4-core clusters with shared memory architecture. The experimental results show that our parallel schemes have a good performance compared with related works and speedup for two schemes achieves 4.92 and 9.78, respectively. The throughput achieves 176.48 Mbps when using hardware accelerator.

Qiqi Tao,Liying Li,Junlong Zhou,Guitao Cao,Dan Meng

DOI: https://doi.org/10.1016/j.sysarc.2024.103142

IF: 5.836

2024-05-01

Journal of Systems Architecture

Abstract:Homomorphic encryption is an important technology for protecting data privacy, and the performance of modular multiplication directly affects the efficiency of homomorphic encryption. Currently, there are numerous FPGA-based acceleration techniques targeting modular multiplication. However, many of these implementations require substantial hardware resources or suffer from resource imbalance. This leads to a lower throughput. Therefore, we present a novel FPGA-based implementation of Montgomery Modular Multiplication aimed at addressing these challenges. Our design employs a suitable radix bit width and word size based on the digital signal processing (DSP) bit width rather than the conventional binary powers of two. We aim to instantiate more modular multipliers using limited resources while minimizing latency. We also introduce a novel DSP cascade structure, called parallel grouping cascade DSP, which reduces the number of clock cycles of internal multipliers. To balance the ratio of lookup table (LUT) and DSP usage, we also use multipliers implemented in the LUT to replace some DSPs. Our results, implemented on Xilinx Virtex-7 field-programmable gate array (FPGA), demonstrate more than 27% improvement in throughput on 1024-bit modular multiplication and more than 70% improvement on 2048-bit compared to the best previous state-of-the-art references.

computer science, software engineering, hardware & architecture

Lijuan Li,Shuguo Li

DOI: https://doi.org/10.23919/FPL.2017.8056803

2017-01-01

Abstract:This paper proposes a high throughput architecture for AES encryption/decryption targeting on the recent FPGAs with 6-input LUTs. Unlike previous works which share multiplicative inverse logics to realize SubBytes and InvSubBytes, the proposed architecture directly employs the look-up-table based Sbox for both SubBytes and InvSubBytes. Efficient reordering and merging techniques are applied to achieve a highly integrated encryption/decryption datapath with reduced area and delay. By sharing Sbox instead of inversion, the encryption datapath remains simple with unchanged MixColumns. For decryption, the linear operations including two inverse Affine functions and InvMixColumns between SubBytes are merged into a new InvMixColumns (NIMC-I) transformation. The NIMC-I is further optimized to reduce resources and share logics with MixColumns. Through loop-unrolling and fair pipelining, the proposed 3-stage subpipelined design achieves 68.82 Gbps on XC7VX330T using 3930 slices and the 5-stage deep-pipelined one achieves 76.19 Gbps on XC6VLX240T using 4426 slices, which outperform previous equivalent designs in terms of throughput per area.

Qingfu Cao,Shuguo Li

DOI: https://doi.org/10.1109/ASICON.2009.5351572

2009-01-01

Abstract:This paper proposes a high-throughput cost-effective implementation of AES supporting encryption and decryption with 128-, 192-, and 256-bit cipher key. Optimum irreducible polynomial coefficients are selected to construct the composite field GF(((2(2))(2))(2)) on standard and normal base in order to minimize the gate count in SubBytes/InvSubBytes transformation. In addition, MixCoulmn/InvMixColumn transformations are optimized and the gate count is the least as we know. And then, a novel on-the-fly key expansion structure is applied to improve the throughput. The performance is evaluated on SMIC 0.18 mu m CMOS technology and the design has been verified on FPGA. The throughput can achieve at 1.16Gbps with the cost of only 19476 equivalent NAND2 gates, which outperforms prior works with respect to the parameter throughput per kilo gates with the same process(1).

Xiaoqiang Zhang,Lan Tang,Xinggan Zhang,Xinxing Zheng,Mingyu Xu,Fan Yang

DOI: https://doi.org/10.1587/elex.19.20220154

2022-01-01

IEICE Electronics Express

Abstract:In this paper, a low delay circuit structure is proposed for composite field S-box circuit. In the low delay structure, the multiplications over GF((2(2))(2)) are constructed by XOR-AND-XOR-networks, and the multiplicative inverse over GF((2(2))(2)) are constructed by AND-XOR-networks. As XOR-networks are linear operations, they can be further expressed as constant matrix multiplications. In this paper, the adjacent matrix multiplications in S-box are merged to reduce the delay. Compared with previous works, our S-box implementations have lower delay.

Johannes de Fine Licht,Grzegorz Kwasniewski,Torsten Hoefler

DOI: https://doi.org/10.1145/3373087.3375296

2021-01-25

Abstract:Data movement is the dominating factor affecting performance and energy in modern computing systems. Consequently, many algorithms have been developed to minimize the number of I/O operations for common computing patterns. Matrix multiplication is no exception, and lower bounds have been proven and implemented both for shared and distributed memory systems. Reconfigurable hardware platforms are a lucrative target for I/O minimizing algorithms, as they offer full control of memory accesses to the programmer. While bounds developed in the context of fixed architectures still apply to these platforms, the spatially distributed nature of their computational and memory resources requires a decentralized approach to optimize algorithms for maximum hardware utilization. We present a model to optimize matrix multiplication for FPGA platforms, simultaneously targeting maximum performance and minimum off-chip data movement, within constraints set by the hardware. We map the model to a concrete architecture using a high-level synthesis tool, maintaining a high level of abstraction, allowing us to support arbitrary data types, and enables maintainability and portability across FPGA devices. Kernels generated from our architecture are shown to offer competitive performance in practice, scaling with both compute and memory resources. We offer our design as an open source project to encourage the open development of linear algebra and I/O minimizing algorithms on reconfigurable hardware platforms.

Distributed, Parallel, and Cluster Computing,Computational Complexity

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Xiao-cao QIN,Shu-guo LI

2014-01-01

Abstract:S-Box substitution and inverse S-Box substitution are the major bottleneck for AES algorithm ,which directly affect the speed of AES chip .On the basis of optimizing Q-M simplifying method ,this paper proposes an expression method to implement the S-Box substitution and inverse S-Box substitution in AES algorithm .Compared with the widespread use of the look-up-table method ,the expression method can reduce the delay ,area and power of circuit by 8 .5% ,27 .4% and 17% respectively .

汤雪兰,祝永新

DOI: https://doi.org/10.3969/j.issn.1009-2552.2008.12.013

2008-01-01

Abstract:An area-effective and regular VLSI architecture for 802.11i CCMP AES encryption/decryption is proposed in this paper,which is based on the given system clock frequency.By analyzing the system clock and system data throughput requirements,this paper proposed a reasonable system architecture for 802.11i CCMP AES algorithm.And it also obtained an implementation in of AES computing unit smaller area by exploring corresponding AES computing unit implementation methods.According to the synthesis results of Design Compiler,the area after optimization is less than others by at least 31%.In conclusion,the solution is able to significantly reduce the ASIC cost.

SHU Jun,WANG Yi-wen,LI Hui

DOI: https://doi.org/10.3969/j.issn.1002-2279.2011.02.015

2011-01-01

Microprocessors

Abstract:Characteristics for the AES algorithm,this paper proposed a fast resource sharing AES encryption algorithm which can implement in FPGA.In this paper,the conventional AES encryption and decryption of s_box has been transformed,and we use one LUT in encryption and decryption process to achieve resource sharing which can save the hardware implementation area.To get the resource sharing and resource saving,we betterment the Mixcolumn in the AES process.The program is optimized for the round key expansion,Mixcolumn transform and invMixcolumn transform,and reuse the key module in the encryption and decryption of the S-box,Mixcolumn transform.The program uses AES flowing structure and parallel processing round keys,and it can support 128-bit,192 bit,256-bit length of three key encryption and decryption algorithm in a single chip.The experiment results show that this design compared to other designs has higher performance.

Wang Jing,Zeng Xiaoyang,Chen Jun

DOI: https://doi.org/10.1109/ICSICT.2006.306501

2007-01-01

Abstract:This paper presents a new architecture to combine AES and ECC. The common calculation module between them is found after discussing algorithms of AES and ECC, and a novel improved multiplier is proposed. The performance of the crucial module is enhanced in two ways. One is adopting 8 parallel arithmetic cores in this work to reduce the complexity of the control part of the module and remove the extra RAM. The other is cutting down the data flow in circulation to make the data computed as compactly as it can afford. As a result, this implementation of ECC and AES is proved more efficient than others. ©2006 IEEE.

Zhong Liu,Xi Tian,Sheng Ma

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00314

2019-08-01

Abstract:The Matrix2 Accelerator is a high performance multi-core vector processor for high-density computing. We design an efficient parallel implementation of the Linpack benchmark for the Matrix2. (1) We propose an efficient parallel matrix multiplication algorithm. It designs the optimal block parameters for the innermost sub-block matrix multiplication based on architecture characteristics of the Matrix2. It fully exploits multi-level parallelism including instruction-level parallelism, vector unit-level parallelism, and core-level parallelism; A vectorization method based on row computation for matrix multiplication is proposed, which avoids the inefficient column accesses and reduction summations between VPEs, and can obtain optimal kernel performance. (2) We propose an efficient parallel triangular matrix multiplication algorithm. It evenly distributes the irregular triangular matrix multiplication to different vector processing units, and fully leverage the computation capacity of the vector processor. It also supports in-place computation, which stores the result matrix into the space of the original multiplier matrix to save the memory consumption. (3) We propose an efficient parallel solving method of triangular equations. It significantly improves the computational efficiency by solving the equations in parallel using multiple cores. (4) We configure the L1D to a SRAM mode for finer software memory management. A data transfer strategy based on a two-level DMA double buffering scheme is proposed to optimize and smooth data transmission between different levels of the memory hierarchy. It allows the data movement to completely overlap with the kernel computation, allowing the kernel program to always run at peak speed. The experimental results on Matrix2 show that the efficiencies of double-precision parallel matrix multiplication, parallel triangular matrix multiplication, and Linpack computation are 96.08%, 91.47%, 84.58%, respectively.

Liting Niu,Weiyi Zhang,Cheng Nian,Fei Shao,Fasih Ud Din Farrukh,Chun Zhang

DOI: https://doi.org/10.1109/IECON51785.2023.10311711

2023-01-01

Abstract:Simultaneous Localization and Mapping (SLAM) is one of the most important techniques for autonomous robots that enables the robot aware of its current position and the surrounding environment. There is a significant improvement in the accuracy with the advancement in SLAM algorithms. However, the computation complexity increases accordingly and the embedded processors of autonomous robots struggle to support heavy calculation. Matrix-solving contributes a major portion of calculation time and considering sub-tasks such as bundle adjustment takes over 40% of total time. Therefore, it is significant to optimize the calculations required for matrix-solving. However, previous works for matrix-solving accelerators are generalized and the specific matrix form in SLAM problems is not fully considered. This work concentrates on the dedicated software and hardware codesign of the matrix-solving task in SLAM systems and provides three solutions for different scales of matrix-solving problems in SLAM. The proposed FSFI-Cholesky and FI-Iterative method have achieved up to 120.2x speed improvement over the non-optimized Cholesky algorithm. Moreover, this work also reduces the execution time by more than 7.0x compared to the state-of-the-art design with fewer DSPs used for both dense and sparse matrices.