1 / 21

Crypto Blaze : 8-Bit Security Microcontroller

Crypto Blaze : 8-Bit Security Microcontroller. Agenda. What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support. What is Crypto Blaze ?. A fully customizable soft microcontroller PicoBlaze 49 baseline16-bit instructions

ted
Télécharger la présentation

Crypto Blaze : 8-Bit Security Microcontroller

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptoBlaze:8-Bit Security Microcontroller

  2. Agenda • What is CryptoBlaze? • KryptoKit • GF(2m) Multiplier • Customize CryptoBlaze • Attacks • CryptoBlaze Support

  3. What is CryptoBlaze? • A fully customizable soft microcontroller • PicoBlaze • 49 baseline16-bit instructions • 8 general-purpose 8-bit registers • Set of Cryptographic processor architecture extensions (“KryptoKit”) • Field operations • S-Boxes • LFSR extensions

  4. PicoBlaze

  5. PicoBlaze Baseline Instruction Set

  6. KryptoKit * irreducible polynomial in trinomial or pentanomial form

  7. What is a Galois Field? • Finite Field with binary operands • Has all the math properties for closure on addition, multiplication, commutivity, etc. • An extension field permits polynomial notation and algebraic manipulation • Commonly used to describe Linear Feedback Shift Registers • Very interesting properties appropriate to CPLDs

  8. Finite Field Arithmetic • Field Arithmetic is cool • All operands ultimately the same number of bits • Suitable for fixed word size applications • Cryptography • Channel coding (Reed Solomon, BCH, Viterbi, etc.) • Digital signal processing • Addition for Galois Fields is just EX-OR • Multiplication can be done with Add/Shift • Needs polynomial “modulo” correction

  9. Example of 8 Bit Multiplication 8 4 3 57 * 83 = C1 (reduction polynomial = X + X + X + X + 1 = 100011011) 0101 0111 (57) x 1000 0011 (83) 01010111 01010111 00000000 00000000 00000000 00000000 00000000 01010111_______ 10101101111001 (answer, must be reduced) EX-OR 100011011_____ 00100000011001 (must be reduced again!) EX-OR 100011011___ 000011000001 = C1 (done! ie, stop when msb=1) Example: GF(23) Multiply

  10. GF(2m) Multiplier/Adder • Natural extension of Berlekamp-Massey structure • Based on work of Johannes Großschädl • Compiled & simulated • Works in serial or parallel modes • Can use DualEdge clocking for performance • Operates up to: 250+ MHz • Built up to 163 bits long in CoolRunner-II • App Note on GF(2m) Multiplier (Xapp 371)

  11. MULTIPLIER RESULT = (A x B)mod P Q Q Q Q D D D D A(3) A(2) A(1) A(0) MULTIPLICAND MSB Q Q Q Q MSB B(3) B(2) B(1) B(0) D D D D R(3) R(2) R(1) R(0) Q Q Q Q RESULT 0 0 0 0 D D D D 1 1 1 1 MSB MPY/ADD Q Q Q Q P(3) P(2) P(1) P(0) D D D D IRREDUCIBLE POLYNOMIAL NOTE: CLOCKS & EXTERNAL DATA INPUT CONNECTIONS ARE NOT SHOWN GF(24) Multiplier

  12. Result = 0 The Flow Loop = 3 Left shift Result (fill with 0) Result = Result (A i AND B) Loop = Loop -1 Yes Subtract Polynomial Loop = 0? Done No Yes Res. MS bit =1? No

  13. CryptoBlaze =PicoBlaze with Field Operations GF(23) MPY

  14. Applications • ECC-Error Channel Coding • Reed-Solomon • BCH operations • ECC-elliptic curve cryptography • RSA • Advanced Encryption Standard

  15. CoolRunner-II Enhanced Security • Multiple security bits • Nonvolatile • Reconfigurable • Multiple metal layers • Difficult to reverse engineer • Double Data Rate Operation • DataGate

  16. Design Your Own • Start with baseline instrs. - delete unused ones • Add choice of elements from KryptoKit • Evaluate tradeoffs of S/W vs. H/W solutions • First identify bottlenecks • Second evaluate replacement H/W • Invent new instructions • Tune the processor to suit your requirements • Easy to add to VHDL and the assembler

  17. Attacks • Anything that can get a cryptographic module to reveal its “secret” is an attack • Brute force attack (lots of trials) • Chosen text attacks • Side channel • Timing attacks • Power analysis • Tempest attack • Usually targets the protocol

  18. Power Analysis: Kerckhoffs meets Kirchoff • Looks at the current flow into a chip over time • Distinguishes “different” power behavior to reveal inner behavior of algorithm • Usually focuses on microprocessors, with knowledge of algorithm and instruction set • Easily identifies loop/branching behavior • loop behavior correlates to keystream bits • CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis

  19. - + input output   Basic Idea

  20. Power Attack Strategies • Loop behavior is identified with Power Analysis • Loop unrolling helps • Breaking up loops helps • Modifying instructions helps • Modifying hardware helps • bogus randomizing hardware • Homogenizing execution time helps • Main idea: changing the hardware helps! • Power tuning is possible

  21. CryptoBlazeConclusion • Building specialized processors can improve: • Performance • Power consumption • Security • Development support available free from Xilinx • Basic reference design • Cross Assembler • Krypto Kit • Fully supported by Xilinx Design Software

More Related