A High Energy-Efficient Reconfigurable VLIW Symmetric Cryptographic Processor with Loop Buffer Structure and Chain Processing Mechanism

By exploring symmetric cryptographic data level and instruction-level parallelism, the reconfigurable processor architecture for symmetric ciphers is presented based on Very-long instruction word (VLIW) structure. The application-specific instruction-set system for symmetric ciphers is proposed. As for the same arithmetic operation of symmetric ciphers, eleven kinds of reconfigurable cryptographic arithmetic units are designed by the reconfigurable technology. As to the requirement of high energy-efficient design, the loop buffer structure for instruction fetching unit is proposed to reduce the power consumption significantly with the same frequency as conventional, meanwhile, the chain processing mechanism is proposed to improve the cryptographic throughput without any area overhead. It has been fabricated with 0.18μm CMOS technology. The result shows that the processor can work up to 200MHz, and the fourteen kinds of cryptographic algorithms were mapped in the processor, the encryption throughput of AES, SNOW2.0 and SHA2 algorithm can achieve 1.19Gbps, 1.05Gbps, and 407Mbps respectively.     

A new methodology to implement the AES algorithm using partial and dynamic reconfiguration

Wireless networks are very widespread nowadays, so secure and fast cryptographic algorithms are needed. The most widely used security technology in wireless computer networks is WPA2, which employs the AES algorithm, a powerful and robust cryptographic algorithm. In order not to degrade the Quality of Service (QoS) of these networks, the encryption speed is very important, for which reason we have implemented the AES algorithm in an FPGA, taking advantage of the hardware characteristics and the software-like flexibility of these devices. In this paper, we propose our own methodology for doing an FPGA-based AES implementation. This methodology combines the use of three hardware languages (Handel-C, VHDL and JBits) with partial and dynamic reconfiguration, and a pipelined and parallel implementation. The same design methodology could be extended to other cryptographic algorithms. Thanks to all these improvements our pipelined and parallel implementation reaches a very high throughput (24.922 Gb/s) and the best efficiency (throughput/area ratio) of all the related works found in the literature (6.97 Mb/s per slice).     

Domain Specific Tools and Methods for Application in Security Processor Design

Security processors are used to implement cryptographic algorithmswith high throughput and/or low energy consumption constraints. The designof these processors is a balancing act between flexibility and energy consumption.The target is to create a processor with just enough programmability to covera set of algorithms—an application domain. This paper proposes GEZEL,a design environment consisting of a design language and an implementationmethodology that can be used for such domain specific processors. We use thesecurity domain as driver, and discuss the impact of the domain on the targetarchitecture. We also present a methodology to create, refine and verify asecurity processor.     

IDEA and AES, two cryptographic algorithms implemented using partial and dynamic reconfiguration

In this work, we present our experience in implementing two different cryptographic algorithms in an FPGA: IDEA and AES. Both implementations have been done by means of mixing Handel-C and VHDL and using partial and dynamic reconfiguration in order to reach a very high performance. In both cases, we have obtained very satisfactory results, achieving 27.948 Gb/s in the IDEA algorithm and 24.922 Gb/s in the AES algorithm.     

Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box

Cryptographic substitution boxes (S-boxes) are an integral part of modern block ciphers like the Advanced Encryption Standard (AES). There exists a rich literature devoted to the efficient implementation of cryptographic S-boxes, wherein hardware designs for FPGAs and standard cells received particular attention. In this paper we present a comprehensive study of different standard-cell implementations of the AES S-box with respect to timing (i.e. critical path), silicon area, power consumption, and combinations of these cost metrics. We examine implementations which exploit the mathematical properties of the AES S-box, constructions based on hardware look-up tables, and dedicated low-power solutions. Our results show that the timing, area, and power properties of the different S-box realizations can vary by up to almost an order of magnitude. In terms of area and area-delay product, the best choice are implementations which calculate the S-box output. On the other hand, the hardware look-up solutions are characterized by the shortest critical path. The dedicated low-power implementations do not only reduce power consumption by a large degree, but they also show good timing properties and offer the best power-delay and power-area product, respectively.     

On Random Pattern Testability of Cryptographic VLSI Cores

In this paper we show, that the statistical properties of cryptographic algorithms are the reason for the excellent pseudorandom testability of cryptographic processor cores. The work is especially concerned with modern symmetric block encryption algorithms and their VLSI implementations. For the examination typical basic operations of these cryptographic algorithms are categorized in classes and analyzed regarding their pseudorandom properties. Based on the results the pseudorandom properties of symmetric block ciphers can be determined by means of data flow graphs (DFG) and so-called predecessor operation lists. This is demonstrated with a paradigm algorithm, the symmetric block cipher 3WAY. The results of the theoretical analysis lead to a so-called global BIST concept for cryptographic processor cores. This self-test approach is characterized by central pseudorandom pattern generators and signature registers at the primary inputs and outputs of the cores. The global BIST is exemplarily applied to an implementation of the 3WAY algorithm. Finally, the quality of the developed test approach is determined by fault simulations.     

Novel Reversible Design of Advanced Encryption Standard Cryptographic Algorithm for Wireless Sensor Networks

The quantum of power consumption in wireless sensor nodes plays a vital role in power management since more number of functional elements are integrated in a smaller space and operated at very high frequencies. In addition, the variations in the power consumption pave the way for power analysis attacks in which the attacker gains control of the secret parameters involved in the cryptographic implementation embedded in the wireless sensor nodes. Hence, a strong countermeasure is required to provide adequate security in these systems. Traditional digital logic gates are used to build the circuits in wireless sensor nodes and the primary reason for its power consumption is the absence of reversibility property in those gates. These irreversible logic gates consume power as heat due to the loss of per bit information. In order to minimize the power consumption and in turn to circumvent the issues related to power analysis attacks, reversible logic gates can be used in wireless sensor nodes. This shifts the focus from power-hungry irreversible gates to potentially powerful circuits based on controllable quantum systems. Reversible logic gates theoretically consume zero power and have accurate quantum circuit model for practical realization such as quantum computers and implementations based on quantum dot cellular automata. One of the key components in wireless sensor nodes is the cryptographic algorithm implementation which is used to secure the information collected by the sensor nodes. In this work, a novel reversible gate design of 128-bit Advanced Encryption Standard (AES) cryptographic algorithm is presented. The complete structure of AES algorithm is designed by using combinational logic circuits and further they are mapped to reversible logic circuits. The proposed architectures make use of Toffoli family of reversible gates. The performance metrics such as gate count and quantum cost of the proposed designs are rigorously analyzed with respect to the existing designs and are properly tabulated. Our proposed reversible design of AES algorithm shows considerable improvements in the performance metrics when compared to existing designs.     

3GPP LTE国际加密标准ZUC算法

ZUC算法是中国自主设计的流密码算法,现已被3GPP LTE采纳为国际加密标准,即第四代移动通信加密标准。ZUC算法是中国第一个成为国际密码标准的密码算法,其标准化的成功,是中国在商用密码算法领域取得的一次重大突破,体现了中国商用密码应用的开放性和商用密码设计的高能力,必将增大中国在国际通信安全应用领域的影响力。文中简单介绍了ZUC算法及其特点。     

Instructions and hardware designs for accelerating SNOW 3G on a software-defined radio platform

Software-defined radio (SDR) is a new technology transitioning from research into commercial markets. SDR moves hardware-dominant baseband processing of multiple wireless communication protocols into software on a single chip. New cellular standards, such as HSPA+, LTE, and LTE+, require speeds in excess of 40 Mbps. SNOW 3G is a new stream cipher approved for use in these cellular protocols. Running SNOW 3G in software on our SDR platform provides a throughput of 19.1 Mbps per thread for confidentiality and 18.3 Mbps per thread for integrity. To have secure cellular communications in SDR platforms for these new protocols, the performance of security algorithms must be improved. This paper presents instruction set architecture (ISA) extensions and hardware designs for cellular confidentiality and integrity algorithms using SNOW 3G. Our ISA extensions and hardware designs are evaluated for the Sandbridge Sandblaster^? 3011 (SB3011) SDR platform. With our new SNOW 3G instructions, the performance of confidentiality and integrity improve by 70 and 2%, respectively. For confidentiality, power consumption increased by 2%, while energy decreased by 40%. For integrity, power consumption remained consistent, while energy decreased by 2%.     

FPGA based fast and high-throughput 2-slow retiming 128-bit AES encryption algorithm

This paper presents a high throughput digital design of the 128-bit Advanced Encryption Standard (AES) algorithm based on the 2-slow retiming technique on FPGA. The C-slow retiming is a well-known optimization and high performance technique. It can enhance designs with feedback loops and automatically rebalances the registers in the design. The C-slow retiming can break the critical path of the design into finer pieces to improve the throughput of the design. The complexity of the C-slow retiming on FPGA is to find the best register allocation in the data path of the design so that by increasing the number of registers, relocation of the registers to balance the AES architecture be in the best mode, and the critical path be optimally pipelined and improved. In this paper, architecture of the AES algorithm is implemented in the gate level by high-speed and breakable structures that are desirable for the 2-slow retiming. The Mix-columns transformation is implemented based on multiplication by constants 2 and 3 modules with combinational logic circuits. This work has been successfully verified and synthesized using Xilinx ISE 11 byVirtex-5, XC5VLX85 FPGA. The proposed implementation achieves a high throughput of 86 Gb/s and high maximum operation frequency of 671.524 MHz whereas the highest throughput and the highest operation frequency reported in the literature are 73.737 Gb/s and 576.07 MHz, respectively.     

基于MIPS处理器的AES算法指令集扩展方法与实现

由于MIPS处理器数据总线宽度的限制,其扩展的AES(高等加密标准)指令集无法有效实现其并行性的特点.为了提高AES扩展指令集的并行处理能力,利用MIPS处理器中乘法结果寄存器.可以一次实现对64比特数据的AES处理,有效利用处理器自身资源提高指令集的并行处理能力.同时,利用MIPS处理器的空闲流水周期可以流水化AES中的关键运算,缩短其关键路径以降低扩展执行单元对流水周期的影响,对不同实现方式的性能进行比较,结果表明该方法缩短了AES算法中复杂运算的关键路径长度从而使处理器的工作频率不受增加的功能单元的影响,同时有效地减少了芯片面积,并且继承了软件编程灵活性的优点。     

一种密码专用可编程逻辑阵列的分组密码能效模型及其映射算法

密码专用可编程逻辑阵列(CSPLA)是一种数据流驱动的密码处理结构，该文针对不同规模的阵列结构和密码算法映射实现能效关系的问题，首先以CSPLA的特定硬件结构为基础，以分组密码的高能效实现为切入点，建立基于该结构的分组密码算法映射能效模型并分析影响能效的相关因素，然后进一步根据阵列结构上算法映射的基本过程提出映射算法，最后选取几种典型的分组密码算法分别在不同规模的阵列进行映射实验。结果表明越大的规模并不一定能够带来越高的能效，为取得映射的最佳能效，阵列的规模参数应当与具体的硬件资源限制和密码算法运算需求相匹配，CSPLA规模为4×4～4×6时映射取得最优能效，AES算法最优能效为33.68 Mbps/mW，对比其它密码处理结构，CSPLA具有较优的能效特性。     

单片密码数据处理器系统级体系结构的研究

提出了一种单片密码数据处理器系统结构的设计 ,这些系统结构涉及到微处理器的体系结构、数据接口、用户身份识别接口、密码算法的专用部件、密码算法 RSA和 CHES的实现 IP模块 [1,2 ]以及伪随机数发生器 ,这些模块是单片密码数据处理器系统所必须有的 ,单片密码数据处理器的体系结构不同于其它系统 ,在结构上具有一定的保密作用 ,同时具有密码专用部件和密码专用指令用于加速密码数据处理的速度 ,因此具有许多密码特色 ,是信息安全设备设计中有效的 So C芯片实现的系统设计。     

Secure computing with the MPEG RVC framework

Recently, ISO/IEC standardized a dataflow-programming framework called Reconfigurable Video Coding (RVC) for the specification of video codecs. The RVC framework aims at providing the specification of a system at a high abstraction level so that the functionality (or behavior) of the system become independent of implementation details. The idea is to specify a system so that only intrinsic features of the algorithms are explicitly expressed, whereas implementation choices can then be made only once specific target platforms have been chosen. With this system design approach, one abstract design can be used to automatically create implementations towards multiple target platforms. In this paper, we report our investigations on applying the methodology standardized by the MPEG RVC framework to develop secure computing in the domains of cryptography and multimedia security, leading to the conclusion that the RVC framework can successfully be applied as a general-purpose framework to other fields beyond multimedia coding. This paper also highlights the challenges we faced in conducting our study, and how our study helped the RVC and the secure computing communities benefited from each other. Our investigations started with the development of a Crypto Tools Library (CTL) based on RVC, which covers a number of widely used ciphers and cryptographic hash functions such as AES, Triple DES, ARC4 and SHA-2. Performance benchmarking results on the RVC-based AES and SHA-2 implementations in both C and Java revealed that the automatically generated implementations can achieve a comparable performance to some manually written reference implementations. We also demonstrated that the RVC framework can easily produce implementations with multi-core support without any change to the RVC code. A security protocol for mutual authentication was also implemented to demonstrate how one can build heterogeneous systems easily with RVC. By combining CTL with Video Tool Library (a standard library defined by the RVC standard), a non-standard RVC-based H.264/AVC encoder and a non-standard RVC-based JPEG codec, we further demonstrated the benefits of using RVC to develop different kinds of multimedia security applications, which include joint multimedia encryption-compression schemes, digital watermarking and image steganography in JPEG compressed domain. Our study has shown that RVC can be used as a general-purpose implementation-independent development framework for diverse data-driven applications with different complexities.     

LVDS I/O interface for Gb/s-per-pin operation in 0.35-μm CMOS

This paper presents the design and the implementation of input/output (I/O) interface circuits for Gb/s-per-pin operation, fully compatible with low-voltage differential signaling (LVDS) standard. Due to the differential transmission technique and the low voltage swing, LVDS allows high transmission speeds and low power consumption at the same time. In the proposed transmitter, the required tolerance on the dc output levels was achieved over process, temperature, and supply voltage variations with neither external components nor trimming procedures, by means of a closed-loop control circuit and an internal voltage reference. The proposed receiver implements a dual-gain-stage folded-cascode architecture which allows a 1.2-Gb/s transmission speed with the minimum common-mode and differential voltage at the input. The circuits were implemented in a 3.3-V 0.35-μm CMOS technology in a couple of test chips. Transmission operations up to 1.2 Gb/s with random data patterns and up to 2 Gb/s in asynchronous mode were demonstrated. The transmitter and receiver pad cells exhibit a power consumption of 43 and 33 mW, respectively     

Lightweight Cryptography: A Solution to Secure IoT

In Internet of Things (IoT), the massive connectivity of devices and enormous data on the air have made information susceptible to different type of attacks. Cryptographic algorithms are used to provide confidentiality and maintain the integrity of the information. But small size, limited computational capability, limited memory, and power resources of the devices make it difficult to use the resource intensive traditional cryptographic algorithms for information security. In this scenario it becomes impertinent to develop lightweight security schemes for IoT. A thorough study on the lightweight cryptography as a solution to the security problem of resource-constrained devices in IoT has been presented in this work. This paper is a comprehensive attempt to provide an in-depth and state of the art survey of available lightweight cryptographic primitives till 2019. In this paper 21 lightweight block ciphers, 19 lightweight stream ciphers, 9 lightweight hash functions and 5 variants of elliptic curve cryptography (ECC) has been discussed i.e. in total 54 LWC primitives are compared in their respective classes. The comparison of the ciphers has been carried out in terms of chip area, energy and power, hardware and software efficiency, throughput, latency and figure of merit (FoM). Based on the findings it can be observed that AES and ECC are the most suitable for used lightweight cryptographic primitives. Several open research problems in the field of lightweight cryptography have also been identified.

     

Conditional Re‐encoding Method for Cryptanalysis‐Resistant White‐Box AES

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white‐box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white‐box attacks. The first white‐box AES (WB‐AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white‐box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB‐AES with 230 time complexity, and Michiels and others generalized it for all substitution‐linear transformation ciphers. Recently, a collision‐based cryptanalysis was also reported. In this paper, we revisit Chow and others’ first WB‐AES implementation and present a conditional re‐encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.     

一种低功耗2D DCT/IDCT处理器设计

设计了一种低功耗的2D DCT/IDCT处理器。为了降低功耗,设计基于行列分解的结构,采用了Loeffler的DCT/IDCT快速算法,并使用了零输入旁路、门控时钟、截断处理等技术,在满足设计需求的基础上降低了系统的功耗。常系数乘法器是该处理器的一个重要部件,文中基于并行乘法器结构设计了一种新型的低功耗常系数乘法器,它采用了CSD编码、Wallace Tree乘法算法,结合采用了截断处理、变数校正的优化技术,使得2D DCT/IDCT处理器整体性能有较大提高。设计的时钟频率为100 MHz,可以满足MPEG2 MP@HL实时解码的应用。采用SMIC0.18μm工艺进行综合,该2D DCT/IDCT处理器的面积为341 212μm2,功耗为14.971 mW。通过与其他结构的2DDCT/IDCT处理器设计分析与比较,在满足MPEG2 MP@HL实时解码应用的同时,实现了较低的功耗。     

基于随机性测试的SNOW 2.0算法部件分析与改进

SNOW族算法是目前序列密码算法设计的一个主流方向。针对SNOW族算法现有的安全漏洞,该文以最具代表性的SNOW 2.0算法为研究对象,采用随机性测试方法对其多个域上模加、非线性S盒以及线性反馈移位寄存器(LFSR)3个核心部件进行分析,提出基于随机S盒和高性能LFSR等部件改进的多套改进方案,有效提升SNOW族算法的安全性和实现性能。     

无线通信专用嵌入式处理器的设计与实现

多模基带处理器芯片的设计已成为研究的热点。文章结合无线通信处理算法的特点．利用指令级加速技术，设计了一种基于无线通信中复数运算的16位嵌入式处理器核。利用它可以通过灵活的配置软件完成基带处理中绝大部分的复数相关运算和控制功能。经实际流片测试，该处理器核具有面积小、功耗低的特点．可用于多模无线通信基带处理器的设计。