Krypteringsalgoritmer i OpenCL : AES-256 och ECC ElGamal / Crypthography algorithms in OpenCL : AES-256 and ECC ElGamal

Sjölander, Erik

January 2012

De senaste åren har grafikkorten genomgått en omvandling från renderingsenheter till att klara av generella beräkningar, likt en vanlig processor. Med hjälp av språk som OpenCL blir grafikkorten kraftfulla enheter som går att använda effektivt vid stora beräkningar. Målet med detta examensarbete var att visa krypteringsalgoritmer som passar bra att accelerera med OpenCL på grafikkort. Ytterligare mål var att visa att programmet inte behöver omfattande omskrivning för att fungera i OpenCL. Två krypteringsalgoritmer portades för att kunna köras på grafikkorten. Den första algoritmen AES-256 testades i två olika implementationer, en 8- samt 32-bitars. Den andra krypteringsalgoritmen som användes var ECC ElGamal. Dessa två är valda för visa att både symmetrisk och öppen nyckelkryptering går att accelerera. Resultatet för AES-256 i ECB mod på GPU blev 7 Gbit/s, en accelerering på 25 gånger jämfört med CPU. För elliptiska kurvor ElGamal blev resultatet en acceleration på 55 gånger för kryptering och 67 gånger för avkryptering. Arbetet visar skalärmultiplikation med kurvan B-163 som tar 65us. Båda implementationerna bygger på dataparallellisering, där dataelementen distribueras över tillgänglig hårdvara. Arbetet är utfört på Syntronic Software Innovations AB i Linköping. / Last years, the graphic cards have become more powerful than ever before. A conversion from pure rendering components to more general purpose computing devices together with languages like OpenCL have created a new division for graphics cards. The goal of this thesis is to show that crypthography algorithms are well suited for acceleration with OpenCL using graphics cards. A second goal was to show that C-code can be easily translated into OpenCL kernel with just a small syntax change. The two algorithms that have been used are AES-256 implemented in 8- and 32-bits variants, and the second algorithm is Elliptic Curve Crypthography with the ElGamal scheme. The algoritms are chosen to both represent fast symmetric and the slower public-key schemes. The results for AES-256 in ECB mode on GPU, ended up with a throughtput of 7Gbit/s which is a acceleration of 25 times compared to a CPU. For Elliptic Curve, a single scalar point multiplication for the B-163 NIST curve is computed on the GPU in 65us. Using this in the ElGamal encryption scheme, an acceleration of 55 and 67 times was gained for encryption and decryption. The work has been made at Syntronic Software Innovations AB in Linköping, Sweden.

OpenCL

AES-256

ECC

ElGamal

GPU

CPU

Digital-Friendly EM/Power Side-Channel Attack Resilience for Legacy and Post-Quantum Crypto

Archisman Ghosh (8428161)

08 August 2024

<p dir="ltr">The proliferation of internet-connected embedded devices in contemporary computing environments has raised significant concerns regarding data security and confidentiality. Most embedded devices rely on computationally secure cryptographic algorithms to address these imperatives. However, despite the mathematical assurances, the physical implementation of these algorithms introduces vulnerabilities. Specifically, side-channel analysis (SCA) attacks exploit information leakage through various channels, including power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and other observable characteristics. </p><p dir="ltr">Previous research has introduced the concept of attenuating information-sensitive signatures using an analog cascoded current source for power delivery, coupled with an analog biased PMOS-based local negative feedback mechanism to stabilize the internal node. While this approach achieves robust signature suppression, resulting in higher minimum traces to disclosure (MTD) and enhanced security, it remains limited by its analog nature, making it less adaptable across different technology nodes. This thesis proposes a digital-friendly signature suppression technique that employs a digital cascoded current source and leverages a Ring-oscillator-based bleed path. These digital countermeasures can be further enhanced through time-domain obfuscation techniques. Our work demonstrates a state-of-the-art MTD of 1.25 billion traces for an AES-256 implementation. However, these countermeasures lack provable security guarantees, so continuous stress testing is essential for widespread deployment. Different intelligent attacks can be exploited on these physical countermeasures. Notably, this thesis also presents an intelligent attack on signature attenuation-based physical countermeasures and introduces an attack detector. Developing an intelligent attack detector is an integral part of the commercial adoption of physical countermeasures. </p><p dir="ltr">Next, generic physical countermeasures are often deployed in the $V_{DD}$ port as power side channel analysis is carried out through the $V_{DD}$ port. However, any digital circuit has two standard ports, namely $V_{DD}$ and clock port, and countermeasure through the clock port is mainly unexplored except for the system-level clock randomization technique. Even the clock-randomization technique is rendered ineffective in the presence of post-processing techniques. This thesis introduces a side channel resilience technique by introducing a larger slew at the clock, thereby improving MTD by $100\times$.</p><p dir="ltr">Next, these physical countermeasures do not come with any provable security guarantee. Hence, it is important to stress-test the countermeasures. This thesis does so and finds an exploitable point to reduce MTD by 1000$\times$. An attack detector of such an attack is also proposed.</p><p dir="ltr">Further, an attack detection strategy against side-channel analysis (SCA) or fault injection attacks (FIA) is also required. A detection and mitigation approach often gives us the option of duty-cycled countermeasures, hence reducing the energy overhead. This thesis proposes and analyzes a self-aware inductive loop-based attack detection strategy to detect SCA and FIA and enhance the signature attenuation countermeasures. </p><p dir="ltr">Finally, we explore opportunities for integrating these lightweight generic techniques into recently standardized Post-Quantum Cryptographic (PQC) cores. Specifically, we present an optimized implementation of the Saber PQC core, a NIST standardization finalist, achieving the lowest area and energy consumption. Future work could involve deploying lightweight PQC cores with synthesizable physical countermeasures to enhance security against quantum algorithms and physical side-channel attacks.</p>

Analog electronics and interfaces

Cryptography

Hardware security

Hardware Security

AES-256

Saber

Signature Attenuation Hardware

time varying transfer function

Countermeasure

Side channel attack

energy-effiiency

Digital