Implementation of SCA-Resistant CPU and an ECDLP Engine on FPGA Platform

Mane, Suvarna Hanamant

22 May 2012

The rapid increase in the use of embedded systems for performing secure transactions, has proportionally increased the security threat, faced by such devices. Security threats are an issue of concern at both software and hardware level. The field of cryptography has been intensively researched for secure implementation techniques, methods to attack secure systems and countermeasures to avoid such attacks. In this thesis, we provide solutions for two interesting problems in the field of hardware security using reconfigurable hardware. First, we discuss a countermeasure to prevent side-channel analysis (SCA) attacks on an embedded system. We present an SCA-resistant processor design in the context of an embedded design flow for FPGA. It integrates an SCA-resistant custom instruction set on a soft-core CPU and derives an SCA resistance from dual-rail precharge principle. The resulting countermeasure applies to a broad class of block ciphers that consist of lookup tables and logical operations. While many countermeasures have been proposed previously, we show that our solution achieves an excellent trade-off between SCA resistance, (software and hardware) design complexity, performance, and circuit area cost. Secondly, we present a system to attack a special type of cryptography called Elliptic Curve Cryptography(ECC). It targets the Elliptic Curve Discrete Logarithmic Problem (ECDLP) for a NIST-standardized ECC-curve over 112-bit prime field. We implement a successful demonstration of an ECC cryptanalytic engine using the Pollard rho algorithm on a hardware-software co-integrated platform. We propose a novel, generalized architecture for polynomial-basis multiplication over prime field and its extension to a dedicated square module. Its design strategy is portable to other prime field moduli. / Master of Science

Prime-field arithmetic

Design Methods for Cryptanalysis

Judge, Lyndon Virginia

24 January 2013

Security of cryptographic algorithms relies on the computational difficulty of deriving the secret key using public information. Cryptanalysis, including logical and implementation attacks, plays an important role in allowing the security community to estimate their cost, based on the computational resources of an attacker. Practical implementations of cryptanalytic systems require complex designs that integrate multiple functional components with many parameters. In this thesis, methodologies are proposed to improve the design process of cryptanalytic systems and reduce the cost of design space exploration required for optimization. First, Bluespec, a rule-based HDL, is used to increase the abstraction level of hardware design and support efficient design space exploration. Bluespec is applied to implement a hardware-accelerated logical attack on ECC with optimized modular arithmetic components. The language features of Bluespec support exploration and this is demonstrated by applying Bluespec to investigate the speed area tradeoff resulting from various design parameters and demonstrating performance that is competitive with prior work. This work also proposes a testing environment for use in verifying the implementation attack resistance of secure systems. A modular design approach is used to provide separation between the device being tested and the test script, as well as portability, and openness. This yields an open-source solution that supports implementation attack testing independent of the system platform, implementation details, and type of attack under evaluation. The suitability of the proposed test environment for implementation attack vulnerability analysis is demonstrated by applying the environment to perform an implementation attack on AES. The design of complex cryptanalytic hardware can greatly benefit from better design methodologies and the results presented in this thesis advocate the importance of this aspect. / Master of Science

Implementation attack

Design method

Bluespec

Prime field arithmetic

Pollard rho

Elliptic curve cryptography (ECC)

Field programmable gate arrays

Hardware software co-design

Fault attack

Side-channel analysis (SCA)