Presentation is loading. Please wait.

Presentation is loading. Please wait.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

Published byDarlene Redin Modified over 9 years ago

Similar presentations

Presentation on theme: "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."— Presentation transcript:

1 CryptoBlaze: 8-Bit Security Microcontroller

2 Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support

3 Quick Start Training What is CryptoBlaze? A fully customizable soft microcontroller – PicoBlaze – 49 baseline16-bit instructions – 8 general-purpose 8-bit registers Set of Cryptographic processor architecture extensions (“KryptoKit”) – Field operations – S-Boxes – LFSR extensions

4 Quick Start Training PicoBlaze

5 Quick Start Training PicoBlaze Baseline Instruction Set

6 Quick Start Training KryptoKit * irreducible polynomial in trinomial or pentanomial form

7 Quick Start Training What is a Galois Field? Finite Field with binary operands Has all the math properties for closure on addition, multiplication, commutivity, etc. An extension field permits polynomial notation and algebraic manipulation Commonly used to describe Linear Feedback Shift Registers Very interesting properties appropriate to CPLDs

8 Quick Start Training Finite Field Arithmetic Field Arithmetic is cool – All operands ultimately the same number of bits – Suitable for fixed word size applications Cryptography Channel coding (Reed Solomon, BCH, Viterbi, etc.) Digital signal processing Addition for Galois Fields is just EX-OR Multiplication can be done with Add/Shift – Needs polynomial “modulo” correction

9 Quick Start Training Example: GF(2 3 ) Multiply Example of 8 Bit Multiplication 57 * 83 = C1 (reduction polynomial = X 8 + X 4 3 + X + 1 = 100011011) 0101 0111 (57) x 1000 0011(83) 01010111 00000000 01010111_______ 10101101111001 (answer, must be reduced) EX-OR100011011_____ 00100000011001 (must be reduced again!) EX-OR100011011___ 000011000001 = C1 (done! ie, stop when msb=1)

10 Quick Start Training GF(2 m ) Multiplier/Adder Natural extension of Berlekamp-Massey structure Based on work of Johannes Großschädl Compiled & simulated Works in serial or parallel modes Can use DualEdge clocking for performance Operates up to: 250+ MHz Built up to 163 bits long in CoolRunner-II App Note on GF(2 m ) Multiplier (Xapp 371)

11 Quick Start Training GF(2 4 ) Multiplier

12 Quick Start Training Res. MS bit =1? Subtract Polynomial Left shift Result (fill with 0) Result = Result (A i AND B) Result = 0 Loop = 3 Loop = Loop -1 Loop = 0? Done Yes No Yes No The Flow

13 Quick Start Training CryptoBlaze =PicoBlaze with Field Operations GF(2 3 ) MPY

14 Quick Start Training Applications ECC-Error Channel Coding – Reed-Solomon – BCH operations ECC-elliptic curve cryptography RSA Advanced Encryption Standard

15 Quick Start Training CoolRunner-II Enhanced Security Multiple security bits Nonvolatile Reconfigurable Multiple metal layers Difficult to reverse engineer Double Data Rate Operation DataGate

16 Quick Start Training Design Your Own Start with baseline instrs. - delete unused ones Add choice of elements from KryptoKit Evaluate tradeoffs of S/W vs. H/W solutions – First identify bottlenecks – Second evaluate replacement H/W Invent new instructions Tune the processor to suit your requirements Easy to add to VHDL and the assembler

17 Quick Start Training Attacks Anything that can get a cryptographic module to reveal its “secret” is an attack – Brute force attack (lots of trials) – Chosen text attacks – Side channel Timing attacks Power analysis Tempest attack Usually targets the protocol

18 Quick Start Training Power Analysis: Kerckhoffs meets Kirchoff Looks at the current flow into a chip over time Distinguishes “different” power behavior to reveal inner behavior of algorithm Usually focuses on microprocessors, with knowledge of algorithm and instruction set Easily identifies loop/branching behavior – loop behavior correlates to keystream bits CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis

19 Quick Start Training Basic Idea inputoutput  - +

20 Quick Start Training Power Attack Strategies Loop behavior is identified with Power Analysis Loop unrolling helps Breaking up loops helps Modifying instructions helps Modifying hardware helps – bogus randomizing hardware Homogenizing execution time helps Main idea: changing the hardware helps! Power tuning is possible

21 Quick Start Training CryptoBlaze Conclusion Building specialized processors can improve: – Performance – Power consumption – Security Development support available free from Xilinx – Basic reference design – Cross Assembler – Krypto Kit Fully supported by Xilinx Design Software

Download ppt "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.
© 2003 Xilinx, Inc. All Rights Reserved Course Wrap Up DSP Design Flow.

© 2003 Xilinx, Inc. All Rights Reserved Course Wrap Up DSP Design Flow.
DSPs Vs General Purpose Microprocessors

DSPs Vs General Purpose Microprocessors
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
Fixed Point Numbers The binary integer arithmetic you are used to is known by the more general term of Fixed Point arithmetic. Fixed Point means that we.

Fixed Point Numbers The binary integer arithmetic you are used to is known by the more general term of Fixed Point arithmetic. Fixed Point means that we.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
A Survey of Logic Block Architectures For Digital Signal Processing Applications.

A Survey of Logic Block Architectures For Digital Signal Processing Applications.
EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.
Octavian Cret, Kalman Pusztai Cristian Vancea, Balint Szente Technical University of Cluj-Napoca, Romania CREC: A Novel Reconfigurable Computing Design.

Octavian Cret, Kalman Pusztai Cristian Vancea, Balint Szente Technical University of Cluj-Napoca, Romania CREC: A Novel Reconfigurable Computing Design.
Implementing Cryptographic Pairings on Smartcards Mike Scott.

Implementing Cryptographic Pairings on Smartcards Mike Scott.
A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.

A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.
Design Technology Center National Tsing Hua University IC-SOC Design Driver Highlights Cheng-Wen Wu.

Design Technology Center National Tsing Hua University IC-SOC Design Driver Highlights Cheng-Wen Wu.

Similar presentations

Ads by Google