ZHOU Yi,SHEN Hai-bin,FAN Jun-feng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2006.06.015

2006-01-01

Abstract:RSA is a time-consumed algorithm and is always implemented by using Montgomery multiplication algorithm.The paper develops a two-stage Montgomery multiplication algorithm and presents a high speed scalable hardware implementation based on the algorithm described for the RSA computation.High-radix,2~(64) is used in the algorithm.Compared with other Montgomery multiplication algorithm,the performance of RSA algorithm is highly improved.In hardware area,based on three pipelined 64×64 bit multiplier,five pipelined process unit is designed.Its architecture gives enough freedom to select the operand length to be used.It can implement multi RSA operation such as 1 024 bit,2 048 bit.In the 1 024 bit condition,its encrypt speed can reach 8 800 times per second.The system simulation and tapeout is based on SIMC0.18 technology.

REN Yanting,WU Liji,LI Xiangyu,WANG An,ZHANG Xiangmin

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2016.23.012

2016-01-01

Abstract:RSA is the most widely used public-key algorithm,and is specified as the signature algorithm in bank IC cards.The unprotected RSA implementation is vulnerable to side-channel attacks as pointed out in several works.Due to the complexity of the algorithm,the power consumption of an RSA module is usually high.A side channel resistant,efficient and low-power RSA processor was designed using countermeasures against side-channel attacks based on the Montgomery ladder with a modified Montgomery algorithm then proposed,which combines CIOS and Karatsuba algorithms.The computation time of modular multiplication can be reduced by 25％ with the length of RSA being configurable and up to 2 048 bits.The proposed RSA module was verified with C * Core C0 in FPGA board.With SMIC 0.13μm CMOS process,the EDA synthesis result indicates that the area is about 24 000 gates,and the throughput of 1024-bit RSA is 8.3 kb/s under the frequency of 30 MHz with the power consumption of 1.15 mW.

Jiajia Shao,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/asicon.2013.6811995

2013-01-01

Abstract:Bank IC card is widely used in financial industry and its demands on low power and security are urgent. RSA used for digital signature is the most energy-consuming part in bank IC card and threatened by side-channel attacks. In this paper, a low-power 1024/2048-bit RSA module is proposed and it's verified with C*Core C0 in FPGA board. Design Compiler synthesis result indicates that RSA occupies 30k gates and the throughput is 9.23 Kbps under the frequency of 30MHz with SMIC 0.18um process. The highest frequency of RSA can reach 161MHz. Primetime estimation report shows that power consumption of simulation is 7.09 mw. This design adopts Montgomery algorithm, improves FIPS algorithm with combination of modular multiplication and modular square. The efficiency of modular square is improved by 23.78%. Adder and multiplier are reused in both pre-process and FIPS parts. This leads to calculation acceleration and smaller area. Clock-gating and operand isolation are applied to reduce the unnecessary flip-flops of registers and lower the power dissipation. In addition, Montgomery powering ladder is used to resist side-channel attacks from algorithm level. Therefore this design is feasible for bank IC card.

HAN Jun,ZENG Xiao-yang,LU Rong-hua,ZHAO Jia,TANG Ting-ao

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.04.038

2007-01-01

Abstract:An attack-resisted RSA coprocessor integrating multiplication and inverse is presented in this paper. The exponent recoding and dual-bit scanning techniques can speed up computing are added into exponentiation algorithm. The data masking and randomly recoding methods are also adopted to resist DPA attack. The digit-serial architecture is used in Montgomery multiplication and inverse, so the scalable Montgomery multiplication algorithm corresponding to small data path is presented by us. In VLSI design, the hardware reuse technique is employed to save area costs. The verification of design's functions is fulfilled by FPGA based platform. The design is also synthesized with TSMC 0.25 technology and it costs 26K gates at 170MHZ. So the merits of our design are multiple functions, scalable, attack-resisted and low cost.

HP Jiang,ZG Mao

DOI: https://doi.org/10.1109/icasic.2003.1277457

2003-01-01

Abstract:Power analysis attacks could be used to analyze the key information according to leakage information depending on the operation of cryptography algorithm and its hardware. They are highly effective with low cost. In this paper, an improved RSA algorithm against power analysis was proposed based on its basic theory. DPA attack for RSA specially, is discussed in details. In order to maximize the capability/cost, mask technique and removing intermediate value method are introduced into RSA system, which only cost more than 33.4% timing to realizing secure RSA algorithm, and its security was better greatly with a little cost, which would be meaningful for the security of a common crypto-system.

陈波,王旭,戎蒙恬,Bo Chen,Xu Wang,Mengtian Rong

2005-01-01

Abstract:RSA(Rivest-Shamir-Adleman)public-key cryptosystem is widely used in the information security area such as encryption and digital signature. Based on the modified Montgomery modular multiplication algorithm, a new architecture using CSA(carry save adder)was presented to implement modular multiplication. Compared with the popular modular multiplication algorithms using two CSA, the presented algorithm uses only one CSA, so it can improve the time efficiency of RSA cryptoprocessor and save about half of hardware resources for modular multiplication. With the increase of encryption data size n, the clock cycles for the encryption procedure reduce in (T(n~2),) compared with the modular multiplication algorithms using two CSA.

Nian Xue,Yun Pan,Zhang Yuhong,Xiaolang Yan

2010-01-01

Abstract:A radix-4 Montgomery modular multiplication and the optimized circuit architecture are presented.It can reduce iterations of traditional radix-2 modular multiplication to about 50%.Based on this module,the implementation of high speed RSA encryption processor follows completely parallel modular exponentiation flow with Carry Save Addition(CSA) structure to perform long integer arithmetic.This avoids the repeated interim output/output format conversion.Result shows that the optimization is technology independent and thus should suit well for not only FPGA implementation but also ASIC.This design can complete a standard 1 024 bit RSA encrypt operation with only 9 836 clock cycles.Compared to the recently proposed design in the literature,the proposed design can achieve an increase of over 50% in throughput.

李树国,周润德,冯建华,孙义和

DOI: https://doi.org/10.3321/j.issn:0372-2112.2001.11.001

2001-01-01

Abstract:The area and speed of cryptography coprocessor impede the application of public-key cryptography RSA for smart card.A new VLSI architecture of high-radix modular multiplier to compute RSA public-key cryptosystem using our modified Montgomery algorithm is proposed.With TSMC 0.35μm CMOS technology models,a 1024-bit RSA cryptography coprocessor based on our proposed VLSI architecture have been implemented.Its simulation results show that the time to calculate 1024-bit modular multiplication is about 1216 clock cycles and the gate count of the coprocessor is about 38k.At a clock rate of 5MHz it will take about 374ms to encrypt 1024-bit message on average.Compared with previous works our proposed architecture can achieve good performance in chip area and speed,therefore it is well suited to smart cards.

CHENG Wei,GU Da-wu,GUO Zheng,ZHANG Lei

DOI: https://doi.org/10.3969/j.issn.1002-0802.2011.06.043

2011-01-01

Abstract:As a fast RSA implementation,RSA-CRT is widely applied to computing-limited devices,such as smart cards.This paper describes a side channel attack against RSA-CRT implementation.By properly choosing input data,the power consumption of the intermediate value after the modular reduction is analyzed.This attack first determines the size of one of the primes,then based on it,takes another DPA attack and gets the byte-by-byte prime.The simulation experiment shows that this attack is effective,and relative to MRED,could reduce the number of needed power traces and raise the attack efficiency.

YL Deng,ZG Mao,YZ Ye,T Wang

DOI: https://doi.org/10.1109/icsict.1998.785937

1998-01-01

Abstract:The RSA algorithm is a major method in implementing a public key cryptosystem. On the basis that the Montgomery algorithm can modular-multiply in a fast way, this paper presents a hardware implementation of a 1024-bit RSA cryptoprocessor. It has been shown that the processor can encrypt 1024 bit message in less than 0.65 seconds, with which a 3 mm/sup 2/ die area. It is suitable for smart IC cards.

Tao Wu,ShuGuo Li,LiTian Liu

DOI: https://doi.org/10.1007/s11432-014-5215-4

2015-01-01

Science China Information Sciences

Abstract:This paper improves the quotient-pipelined high radix scalable Montgomery modular multiplier by processing w-bit and k-bit words in carry save form instead of some(w + k)-bit length operands. It directly reduces both the critical path and the area overhead of the original processing elements. Then based on this improved high-radix scalable Montgomery modular multiplier, we propose an efficient hardware architecture for RSA decryption with Chinese Remainder Theorem. With simple configuration logics, the hardware unit works in three modes:(1) scalable modular reduction for precomputation,(2) scalable Montgomery modular multiplication for modular exponentiation, where an approximation method is developed to reduce the expanded result below the modulus, and(3) scalable multiplication for post-processing. Hardware implementation shows that the proposed architecture is optimal with reference to the literature in terms of speed, area, and frequency.A 4096-bit RSA decryption in XC2V6000-6 FPGA can be completed in 11.05 ms with 14041 slices/17409 LUTs,128 16 × 16 multipliers, and 70 kbits of block RAMs. Finally, by the use of Montogmery powering ladder the modular exponentiation unit based on the improved high radix scalable Montgomery modular multiplier can be built resistant to fault and simple power attacks. A 1024-bit modular exponentiation unit with such resistances costs about 255 K NAND2 gates in.18 μm CMOS process, and one full modular exponentiation takes about1.44 ms at 250 MHz.

朱柯嘉,杨青松,徐科,闵昊

DOI: https://doi.org/10.3969/j.issn.0427-7104.2004.01.004

2004-01-01

Abstract:A new ASIC implementation of RSA algorithm is presented. It has less area and more flexibility, making the chip very suitable for smart card applications. The RSA coprocessor has been implemented by using 0.5 μm CMOS standard cell library. The coprocessor has 14 K gates count and 3 mm~2 die size with a maximum clock frequency 40 MHz, which takes about 375 ms to encrypt/decrypt 1024-bit data.

Zhen Huang,Shuguo Li

DOI: https://doi.org/10.5815/ijmecs.2011.03.02

2011-01-01

Abstract:Power consumption limits the usage of public key cryptosystem in portable devices. This paper proposed a low power design of 1,024-bit RSA. In algorithm, we select the Chinese Remainder Theorem (CRT) and an improved Montgomery algorithm to decrease the computation of RSA. In architecture and circuit, we use the operand isolation technique to avoid unnecessary flip-flops of the combinational logic, and clock gating technique to reduce power dissipation of the registers. The proposed design is functionally verified on Alter a FPGA EP2C8Q208C8N device. With SMIC 0.18mm CMOS process, the Synopsys synthesizing result shows that the area and the critical path are 7.1k gates and 5.3ns respectively, while the power is 2.56mW and the throughput can arrive 49 kbps. Thus the proposed design has lower power than previous designs.

Yongxin Ma,Xiaoyang Zeng,Min Wu,Chengshou Sun

DOI: https://doi.org/10.1109/iscas.2006.1692582

2006-01-01

Abstract:Based on modified multiple-word radix-4 Montgomery algorithm and improved pipeline mechanism, an area efficient RSA crypto-processor is implemented, which supports reconfigurable keys up to 2048 bits. Based on 0.25 mu m standard CMOS technology, the new coprocessor achieves a 1024-bit encryption rate of 28Kbps at 180MHz and the core circuit without RAM contains 18,000 gates. The result shows that this processor is very suitable for area-constrained applications such as smart cards.

Gu Yehua,Zeng Xiaoyang,Han Jun,Ma Yongxin,Zhao Jia

DOI: https://doi.org/10.1109/ICSICT.2006.306498

2007-01-01

Abstract:A scalable design of RSA Crypto-coprocessor is presented in this paper, which supports variable keys up to 4096bits. By analyzing and improving the modified multiple-word Montgomery multiplication algorithm, its pipeline architecture is optimized and critical path is greatly shortened. Meanwhile, its performance is much higher compared with previous work. Therefore, the proposed design is very suitable to the low-cost and high-performance RSA cryptosystem and can be easily implemented in VLSI technology. ©2006 IEEE.

Titu Mary Ignatius,Thockchom Birjit Singha,Roy Paily Palathinkal

DOI: https://doi.org/10.1109/access.2024.3477961

IF: 3.9

2024-10-19

IEEE Access

Abstract:With the advancement of IoT edge devices, the threat to sensitive data processed at these devices is increasing. This research aims to enhance processor's built-in resilience against power analysis attacks (PAA) by expanding pipeline stages, employing diverse pipeline techniques, and integrating additional features. The paper proposes 32-bit RISC-V core micro-architectures with inbuilt cryptographic capabilities, extending the RISC-V ISA with custom AES instructions to reduce energy consumption, code size, and encryption time compared to software AES solutions. An area-efficient 128-bit, 12-clock AES based on the Masoleh S-box is integrated into the RISC-V core, resulting in low area and power overheads. Two cores are presented: Core1, a 3-stage pipelined core with a software pause, and Core2, a 4-stage pipelined core with a hardware pause for securing data with AES instructions. Despite their vulnerabilities, the integration of AES with RISC-V architecture significantly improves their intrinsic resilience against PAA. This work analyses the vulnerability and improvement in intrinsic resilience of these cores to side-channel attacks, the impact of hardware versus software pause and the effect of pipeline stages on security metrics. The proposed designs are validated on a Xilinx Basys3 FPGA and developed in UMC 65 nm technology node. Power traces generated during AES encryption are extracted using Synopsys PrimeTime PX and analyzed with a MATLAB power attack model to successfully recover all key bytes. Core1 and Core2 achieved higher throughput of and , respectively, than the Arm CryptoCell312. Core2's added circuits for hardware pause and increased number of pipeline stages significantly boost performance and enhance security against power attacks, with only a modest increase in area and power consumption.

computer science, information systems,telecommunications,engineering, electrical & electronic

dan zhang,guoqiang bai

DOI: https://doi.org/10.1109/edssc.2015.7285166

2015-01-01

Abstract:In this paper, we propose a high-performance implementation of elliptic curve cryptography over SCA-256 prime field by introducing an all-new isochronous architecture, which can also resist power-analysis attack. By modifying Montgomery ladder-based scalar multiplication, point addition (PA) and point double (PD) can operate synchronously, resisting simple power analysis (SPA) and double attack with minimum time-cost. Then PA and PD are designed to be strictly isochronous units by matching our configurable modular multiplication unit of pipelined stage. Both algorithm and hardware schedule are optimized from bottom to up, random cycles are also inserted to resist differential power analysis (DPA). In the hardware evaluation using CMOS standard cell library of 0.13 mu m, our ECC processor achieves 211 mu s and 8.5 mu J for one scalar multiplication with 208k gate counts. Compared to other related designs, our architecture offers not only 2 similar to 6 times better area-time product but also great power analysis resistance.

Qiang LIU,Fangzhen MA,Dong Tong,Xu CHENG

DOI: https://doi.org/10.3321/j.issn:0479-8023.2005.03.022

2005-01-01

Abstract:A novel and generic approach is presented to the hardware implementation of the RSA cryptoprocessor in deep sub-micro (DSM) technology with a redesigned systolic array. With deep sub-micro technology scaling, integrated circuit performance bottleneck has shifted from logic gates to global interconnection. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is proposed to eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode. The block-based global signal transportation scheme and the redundancy scheme are quite different from those of previous works.

Q Liu,Fz Ma,D Tong,X Cheng

DOI: https://doi.org/10.1109/mwscas.2004.1354396

2004-01-01

Abstract:High performance VLSI implementation of the RSA algorithm using the systolic array is presented. High-speed applications of RSA systems require parallel implementations of modular multipliers. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is used to further eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. A Carry-Save-Adder structure is used for calculating the iterative step of the algorithms which contributes to speed improvement and area saving. In addition, long modular multipliers suffer from the effect of large fanout. Novel architectures are proposed to eliminate the fanout bottleneck, which reduce the achievable minimum clock period of long modular multipliers. Compared to the original modular multiplier architecture with fanout bottleneck, the proposed architectures can achieve an increase of over 7% in throughput without increase in area. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode.

Li Zhu,Da-wu Gu,Chao Wang

DOI: https://doi.org/10.1007/s11741-008-0212-2

2008-01-01

Abstract:Based on the structure of the side channel attacks (SCAs) to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of CRT-based (the Chinese remained theorem) RSA is proposed. The proposed scheme can prevent simple power analysis (SPA), differential power analysis (DPA) and time attack, and is compatible with the existing RSA-CRT cryptosystem as well. In addition, an improvement for resisting fault attack is proposed, which can reduce extra computation time.