FPGA based unified architecture for public key and private key cryptosystems

Recently, security in embedded system arises attentions because of modern electronic devices need cautiously either exchange or communicate with the sensitive data. Although security is classical research topic in worldwide communication, the researchers still face the problems of how to deal with these resource constraint devices and enhance the features of assurance and certification. Therefore, some computations of cryptographic algorithms are built on hardware platforms, such as field program gate arrays (FPGAs). The commonly used cryptographic algorithms for digital signature algorithm (DSA) are rivest-shamir-adleman (RSA) and elliptic curve cryptosystems (ECC) which based on the presumed difficulty of factoring large integers and the algebraic structure of elliptic curves over finite fields. Usually, RSA is computed over GF(p), and ECC is computed over GF(p) or GF(2 ^p ). Moreover, embedded applications need advance encryption standard (AES) algorithms to process encryption and decryption procedures. In order to reuse the hardware resources and meet the trade-off between area and performance, we proposed a new triple functional arithmetic unit for computing high radix RSA and ECC operations over GF(p) and GF(2 ^p ), which also can be extended to support AES operations. A new high radix signed digital (SD) adder has been proposed to eliminate the carry propagations over GF(p). The proposed unified design took up 28.7% less hardware resources than implementing RSA, ECC, and AES individually, and the experimental results show that our proposed architecture can achieve 141.8MHz using approximately 5.5k CLBs on Virtex-5 FPGA.     

A cryptographic checksum for integrity protection

This paper describes a cryptographic checksum technique for verifying the integrity of information in computer systems with no built-in protection. The technique is based on the use of repeated encryption using an cryptosystem as a pseudo-random number generator ( ), the use of a user specified key as a seed for the , and reduction in a pseudo-random modulus as a means for mixing user specified information with generated numbers.     

一种新的传感器网络的密钥协商算法

通过对现有加密技术分析和仿真,指出目前无线领域加密算法RSA耗能耗时,安全性较低.在MAC地址验证和Frobenius算法的基础上,提出一种新的基于MAC地址椭圆曲线加密(ECC)算法,该算法综合了公钥加密和对称密码的优点,非常适用于电量有限的无线传感器、移动手机终端等无线领域.通过该算法的描述实现,在实验仿真的基础上进行能耗分析,清楚地表明:该算法比指数加密算法RSA和传统的ECC算法更安全,更节约能耗.     

一种抗旁路攻击实现技术的分析和改进

B.Chevallier-Mames提出RSA和ECC(Elliptic Curve Crypto-system:椭圆曲线密码)箅法一种简单的抗旁路攻击实现技术.针对该防护技术,给出了可行的差分功耗攻击以及具体的攻击结果,提出了基于随机掩码的改进措施,可以消除原有实现中的安全漏洞,实验结果验证了改进措施的正确性和有效性.     

Server-aided honest computation for cryptographic applications

A lot of discussions for smart card based identification and digital signature schemes have been considered in the literature. In this paper, a novel approach is proposed for smart cards to perform signature validation and identification verification efficiently with the help of the powerful signature signer and the identity prover.     

A coprocessor architecture for fast protein structure prediction

Predicting the protein structure from an amino acid sequence is computationally very intensive. In order to speed up protein sequence matching and processing, we present a novel coprocessor architecture for fast protein structure prediction. The architecture consists of systolic arrays to speed up the data intensive sequence alignment and structure prediction steps, and finite state machines for the control dominated steps. The architecture has been synthesized using Synopsys DC Compiler in 0.18 micron CMOS technology and details of its area and timing performance have been provided. A procedure to develop architectures with area-time trade-offs has also been presented.     

Host cryptographic operations: A software implementation

A comparative overview of two well-defined key management schemes using the Data Encryption Standard, the IBM Cryptographic System and the Key Notarization System, is presented with emphasis on the interaction between the host operating system and the host cryptographic operations suggested in the two systems. Therefore, integrating cryptography into computer networks is a topic of current interest. A software scheme to implement the host cryptographic operations defined by the KNS is outlined.     

基于Verilog语言的循环式加法器的设计

加法器几乎在各种电路中都有着广泛的应用,论文提出的循环式加法器在保证较高的工作速度的同时,又能使系统所耗用的资源较少。笔者现已成功地设计了1024位循环式加法器,并应用到RSA密码体系的硬件电路中,得到了较好的效果。     

公钥密码方案的可证明安全性注记*

长期以来,人们对于可证明安全的认识存在着一些误区:可证明安全的方案一定是安全的,归约证明紧的一定比归约松的更安全。总结了与方案安全性有关的几个要素,分析了公钥密码方案可证明安全的实质,纠正了以往的一些错误认识,指出可证明安全的方案不一定是安全的,归约紧的方案不一定比归约松的更安全。方案的安全性要综合四个要素一起考虑,总的来说,攻击模型越难,攻击目标越容易,困难问题越难,而归约证明最紧的方案越安全。     

Efficient multimedia coprocessor with enhanced SIMD engines for exploiting ILP and DLP

Multimedia applications have become increasingly important in daily computing. These applications are composed of heterogeneous regions of code mixed with data-level parallelism (DLP) and instruction-level parallelism (ILP). A standard solution for a multimedia coprocessor resembles of single-instruction multiple-data (SIMD) engines into architectures exploiting ILP at compile time, such as very long instruction word (VLIW) and transport triggered architecture (TTA). However, the ILP regions fail to scale with the increased vector length to achieve high performance in the DLP regions. Furthermore, the register-to-register nature of SIMD instructions causes current SIMD engines to have limitations in handling memory alignment, data reorganization, and control flow. Many supporting instructions such as data permutations, address generations, and loop branches, are required to aid in the execution of the real SIMD computation instructions. To mitigate these problems, we propose optimized SIMD engines that have the capabilities for combining VLIW or TTA processing with a unified scalar and long vector computations as well as efficient SIMD hardware for real computation. Our new architecture is based on TTA and is called multimedia coprocessor (MCP). This architecture includes following features: (1) a simple coprocessor structure with 8-way TTA, (2) cost-effective SIMD hardware capable of performing floating-point operations, (3) long vector capabilities built upon existing SIMD hardware and a single register file and processor data path for both scalar operands and vector elements, and (4) an optimized SIMD architecture that addresses the SIMD limitations. Our experimental evaluations show that MCP can outperform conventional SIMD techniques by an average of 39% and 12% in performance for multimedia kernels and applications, respectively.     

A method for cryptographic key generation from fingerprints

Combining two known technologies—biometric and cryptographic—is an urgent problem. The main line of research in this direction is the use of biometric technologies for the control of cryptographic keys. In the present work, a method for the compact representation of fingerprints is proposed, and a method for cryptographic key generation on this basis is developed. The results of the experiments are appropriate for practical application. The generated keys can be used in cryptographic systems with secret and public keys.     

On a unified architecture for video-on-demand services

Current video-on-demand (VoD)) systems can be classified into two categories: 1) true-Voll) (TVoD) and 2) near-VoD (NVod)). TVoD systems allocate a dedicated channel for every user to achieve short response times so that the user can select what video to play, when to play it, and perform interactive VCR-like controls at will. By contrast, NVoD systems transmit videos repeatedly over multiple broadcast or multicast channels to enable multiple users to share a single video channel so that system cost can be substantially reduced. The tradeoffs are limited video selections, fixed playback schedule, and limited or no interactive control. TVoD systems can be considered as one extreme where service quality is maximized, while NVoD systems can be considered as the other extreme where system cost is minimized. This paper proposes a novel architecture called Unified VoD) (UVoD) that can be configured to achieve cost-performance tradeoff anywhere between the two extremes (i.e., TVoD and NVoD). Assuming that a video client can concurrently receive two video channels and has local buffers for caching a portion of the video data, the proposed UVoD architecture can achieve significant performance gains (e.g., 400% more capacity for a 500-channel system) over TVoD under the same latency constraint. This paper presents the UVoD architecture, establishes a performance model, and analyzes UVoD's performance via numerical and simulation results     

An IBE scheme using ECC combined public key

ECC combined public key is a new technology of scalable key management. In this paper, we propose an identity-based encryption (IBE) scheme using ECC combined public key (CPK). The scheme is based on bilinear maps between groups and proved semantically secure in the random oracle model under a variant of Computational Diffie-Hellman (CDH) assumption–Bilinear Diffie-Hellman (BDH) assumption.     

Secure administration of cryptographic role-based access control for large-scale cloud storage systems

Cloud systems provide significant benefits by allowing users to store massive amount of data on demand in a cost-effective manner. Role-based access control (RBAC) is a well-known access control model which can be used to protect the security of cloud data storage. Although cryptographic RBAC schemes have been developed recently to secure data outsourcing, these schemes assume the existence of a trusted administrator managing all the users and roles, which is not realistic in large-scale systems. In this paper, we introduce a cryptographic administrative model AdC-RBAC for managing and enforcing access policies for cryptographic RBAC schemes. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks are performed only by authorised administrative roles. Then we propose a role-based encryption (RBE) scheme and show how the AdC-RBAC model decentralises the administrative tasks in the RBE scheme thereby making it practical for security policy management in large-scale cloud systems.     

一种新型的基于Montgomery的模幂器结构

大数模乘是许多公钥密码体制的核心运算，也是运算效率提高的瓶颈。基于Montgomery模乘算法，该文提出了一种改进的快速模乘及其模幂算法，由于采用了新的booth编码，算法的循环次数减少近一半，因此性能提高近一倍。模幂器采用新型的保留进位加法器(CSA)树，此结构无须对每次模乘的结果求和。实验表明，在97MHz时钟频率下，1 024-bit模幂器的波特率为184Kb/s，适合于设计高速的公钥密码协处理器。     

信息安全中的公钥密码软件-大整数模拟实现

文章主要介绍用软件模拟实现了大整数模乘功能模块。该模拟软件解决了大整数在计算机内表示、数制转换、加法器模拟、加法链计算、计算补码、模加运算、模乘运算等关键难点问题．开发目的是要提高公钥密码运算速度，应用RSA公钥密码体制实现密钥管理、加密通信、数字签名以及身份验证等信息安全功能。     

RSA密码系统有效实现算法

本文提出了实现RSA算法的一种快速、适合于硬件实现的方案，在该方案中，我们作用加法链将求幂运算转化为求平方和乘法运算并大大降低了运算的次数，使用Montgomery算法将模N乘法转化为模R（基数）的算法，模R乘积的转化，以及使用一种新的数母加法器作为运算部件的基础。     

基于RSA算法的一种新的加密核设计

本文着重分析了RSA算法的核心-模幂运算,提出了有利于硬件实现的改进算法,并利用中国剩余定理加快了RSA的解密及数字签名的运算速度。在此基础上,最终提出并设计了一种结构简单,运算速度较快的加密核。通过VerilogHDL模型的仿真验证了此加密核设计的正确性及可行性。     

A pipelined computer architecture for unified elementary function evaluation

A pipelined computer architecture for rapid consecutive evaluation of several elementary functions (x/y, √x, sin x, cos, x, e^x, ln x, …) using basic CORDIC algorithms is proposed. Continued products iterations of the form (1 + σ_im 2^?k) allow linking n-identical ALU structures to permit n different function evaluations. New algorithms for sin^?1, cos^?1, cot^?1, sinh^?1, cosh^?1 and x^v are developed. Lastly, a new functional efficiency is defined for pipeline architectures which compares favorably to iterative arrays.Index terms—Digital Arithmetic, Pipeline, Unified Elementary Functions, Iterative Algorithms, CORDIC