Presentation is loading. Please wait.

Presentation is loading. Please wait.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

Similar presentations


Presentation on theme: "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."— Presentation transcript:

1 CryptoBlaze: 8-Bit Security Microcontroller

2 Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support

3 Quick Start Training What is CryptoBlaze? A fully customizable soft microcontroller – PicoBlaze – 49 baseline16-bit instructions – 8 general-purpose 8-bit registers Set of Cryptographic processor architecture extensions (“KryptoKit”) – Field operations – S-Boxes – LFSR extensions

4 Quick Start Training PicoBlaze

5 Quick Start Training PicoBlaze Baseline Instruction Set

6 Quick Start Training KryptoKit * irreducible polynomial in trinomial or pentanomial form

7 Quick Start Training What is a Galois Field? Finite Field with binary operands Has all the math properties for closure on addition, multiplication, commutivity, etc. An extension field permits polynomial notation and algebraic manipulation Commonly used to describe Linear Feedback Shift Registers Very interesting properties appropriate to CPLDs

8 Quick Start Training Finite Field Arithmetic Field Arithmetic is cool – All operands ultimately the same number of bits – Suitable for fixed word size applications Cryptography Channel coding (Reed Solomon, BCH, Viterbi, etc.) Digital signal processing Addition for Galois Fields is just EX-OR Multiplication can be done with Add/Shift – Needs polynomial “modulo” correction

9 Quick Start Training Example: GF(2 3 ) Multiply Example of 8 Bit Multiplication 57 * 83 = C1 (reduction polynomial = X 8 + X X + 1 = ) (57) x (83) _______ (answer, must be reduced) EX-OR _____ (must be reduced again!) EX-OR ___ = C1 (done! ie, stop when msb=1)

10 Quick Start Training GF(2 m ) Multiplier/Adder Natural extension of Berlekamp-Massey structure Based on work of Johannes Großschädl Compiled & simulated Works in serial or parallel modes Can use DualEdge clocking for performance Operates up to: 250+ MHz Built up to 163 bits long in CoolRunner-II App Note on GF(2 m ) Multiplier (Xapp 371)

11 Quick Start Training GF(2 4 ) Multiplier

12 Quick Start Training Res. MS bit =1? Subtract Polynomial Left shift Result (fill with 0) Result = Result (A i AND B) Result = 0 Loop = 3 Loop = Loop -1 Loop = 0? Done Yes No Yes No The Flow

13 Quick Start Training CryptoBlaze =PicoBlaze with Field Operations GF(2 3 ) MPY

14 Quick Start Training Applications ECC-Error Channel Coding – Reed-Solomon – BCH operations ECC-elliptic curve cryptography RSA Advanced Encryption Standard

15 Quick Start Training CoolRunner-II Enhanced Security Multiple security bits Nonvolatile Reconfigurable Multiple metal layers Difficult to reverse engineer Double Data Rate Operation DataGate

16 Quick Start Training Design Your Own Start with baseline instrs. - delete unused ones Add choice of elements from KryptoKit Evaluate tradeoffs of S/W vs. H/W solutions – First identify bottlenecks – Second evaluate replacement H/W Invent new instructions Tune the processor to suit your requirements Easy to add to VHDL and the assembler

17 Quick Start Training Attacks Anything that can get a cryptographic module to reveal its “secret” is an attack – Brute force attack (lots of trials) – Chosen text attacks – Side channel Timing attacks Power analysis Tempest attack Usually targets the protocol

18 Quick Start Training Power Analysis: Kerckhoffs meets Kirchoff Looks at the current flow into a chip over time Distinguishes “different” power behavior to reveal inner behavior of algorithm Usually focuses on microprocessors, with knowledge of algorithm and instruction set Easily identifies loop/branching behavior – loop behavior correlates to keystream bits CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis

19 Quick Start Training Basic Idea inputoutput  - +

20 Quick Start Training Power Attack Strategies Loop behavior is identified with Power Analysis Loop unrolling helps Breaking up loops helps Modifying instructions helps Modifying hardware helps – bogus randomizing hardware Homogenizing execution time helps Main idea: changing the hardware helps! Power tuning is possible

21 Quick Start Training CryptoBlaze Conclusion Building specialized processors can improve: – Performance – Power consumption – Security Development support available free from Xilinx – Basic reference design – Cross Assembler – Krypto Kit Fully supported by Xilinx Design Software


Download ppt "CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks."

Similar presentations


Ads by Google