# CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

## Presentation on theme: "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."— Presentation transcript:

CryptoBlaze: 8-Bit Security Microcontroller

Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support

Quick Start Training What is CryptoBlaze? A fully customizable soft microcontroller – PicoBlaze – 49 baseline16-bit instructions – 8 general-purpose 8-bit registers Set of Cryptographic processor architecture extensions (“KryptoKit”) – Field operations – S-Boxes – LFSR extensions

Quick Start Training PicoBlaze

Quick Start Training PicoBlaze Baseline Instruction Set

Quick Start Training KryptoKit * irreducible polynomial in trinomial or pentanomial form

Quick Start Training What is a Galois Field? Finite Field with binary operands Has all the math properties for closure on addition, multiplication, commutivity, etc. An extension field permits polynomial notation and algebraic manipulation Commonly used to describe Linear Feedback Shift Registers Very interesting properties appropriate to CPLDs

Quick Start Training Finite Field Arithmetic Field Arithmetic is cool – All operands ultimately the same number of bits – Suitable for fixed word size applications Cryptography Channel coding (Reed Solomon, BCH, Viterbi, etc.) Digital signal processing Addition for Galois Fields is just EX-OR Multiplication can be done with Add/Shift – Needs polynomial “modulo” correction

Quick Start Training Example: GF(2 3 ) Multiply Example of 8 Bit Multiplication 57 * 83 = C1 (reduction polynomial = X 8 + X 4 3 + X + 1 = 100011011) 0101 0111 (57) x 1000 0011(83) 01010111 00000000 01010111_______ 10101101111001 (answer, must be reduced) EX-OR100011011_____ 00100000011001 (must be reduced again!) EX-OR100011011___ 000011000001 = C1 (done! ie, stop when msb=1)

Quick Start Training GF(2 m ) Multiplier/Adder Natural extension of Berlekamp-Massey structure Based on work of Johannes Großschädl Compiled & simulated Works in serial or parallel modes Can use DualEdge clocking for performance Operates up to: 250+ MHz Built up to 163 bits long in CoolRunner-II App Note on GF(2 m ) Multiplier (Xapp 371)

Quick Start Training GF(2 4 ) Multiplier

Quick Start Training Res. MS bit =1? Subtract Polynomial Left shift Result (fill with 0) Result = Result (A i AND B) Result = 0 Loop = 3 Loop = Loop -1 Loop = 0? Done Yes No Yes No The Flow

Quick Start Training CryptoBlaze =PicoBlaze with Field Operations GF(2 3 ) MPY

Quick Start Training Applications ECC-Error Channel Coding – Reed-Solomon – BCH operations ECC-elliptic curve cryptography RSA Advanced Encryption Standard

Quick Start Training CoolRunner-II Enhanced Security Multiple security bits Nonvolatile Reconfigurable Multiple metal layers Difficult to reverse engineer Double Data Rate Operation DataGate

Quick Start Training Design Your Own Start with baseline instrs. - delete unused ones Add choice of elements from KryptoKit Evaluate tradeoffs of S/W vs. H/W solutions – First identify bottlenecks – Second evaluate replacement H/W Invent new instructions Tune the processor to suit your requirements Easy to add to VHDL and the assembler

Quick Start Training Attacks Anything that can get a cryptographic module to reveal its “secret” is an attack – Brute force attack (lots of trials) – Chosen text attacks – Side channel Timing attacks Power analysis Tempest attack Usually targets the protocol

Quick Start Training Power Analysis: Kerckhoffs meets Kirchoff Looks at the current flow into a chip over time Distinguishes “different” power behavior to reveal inner behavior of algorithm Usually focuses on microprocessors, with knowledge of algorithm and instruction set Easily identifies loop/branching behavior – loop behavior correlates to keystream bits CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis

Quick Start Training Basic Idea inputoutput  - +

Quick Start Training Power Attack Strategies Loop behavior is identified with Power Analysis Loop unrolling helps Breaking up loops helps Modifying instructions helps Modifying hardware helps – bogus randomizing hardware Homogenizing execution time helps Main idea: changing the hardware helps! Power tuning is possible

Quick Start Training CryptoBlaze Conclusion Building specialized processors can improve: – Performance – Power consumption – Security Development support available free from Xilinx – Basic reference design – Cross Assembler – Krypto Kit Fully supported by Xilinx Design Software

Download ppt "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."

Similar presentations