crypto blaze : 8-bit security microcontroller
DESCRIPTION
Crypto Blaze : 8-Bit Security Microcontroller. Agenda. What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support. What is Crypto Blaze ?. A fully customizable soft microcontroller PicoBlaze 49 baseline16-bit instructions - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/1.jpg)
CryptoBlaze: 8-Bit Security
Microcontroller
![Page 2: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/2.jpg)
Quick Start Training
Agenda
• What is CryptoBlaze?• KryptoKit• GF(2m) Multiplier• Customize CryptoBlaze• Attacks• CryptoBlaze Support
![Page 3: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/3.jpg)
Quick Start Training
What is CryptoBlaze?
• A fully customizable soft microcontroller – PicoBlaze– 49 baseline16-bit instructions– 8 general-purpose 8-bit registers
• Set of Cryptographic processor architecture extensions (“KryptoKit”)– Field operations– S-Boxes– LFSR extensions
![Page 4: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/4.jpg)
Quick Start Training
PicoBlaze
![Page 5: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/5.jpg)
Quick Start Training
PicoBlaze Baseline Instruction Set
Control Arith./Logical Shift/Rotate Interrupt;I/OJUMP aa ADD sX, KK SR0 sX INTERRUPTJUMP Z, aa ADDCY sX, KK SRX sX RETURNIJUMP NZ, aa SUB sX, KK SRA sX INTP DISABLEJUMP NC, aa SUBCY sX, KK RR sX INTP ENABLECall aa ADD sX, sY SL0 sX ENABLE INTPCall Z, aa ADDCY sX, xY SL1 sX DISABLE INTPCall NZ, aa SUB sX, sY SLX sX INPUT sX, PPCall C, aa SUBCY sX, sY SLA sX INPUT sX, sYCall NC, aa LOAD sX, KK RL sX OUTPUT sX, PPRETURN AND sX, KK OUTPUT sX, sYRETURN Z OR sX, KKRETURN NZ XORsX, KKRETURN C LOAD sX, sYRETURN NC Or sX, sY
AND sX, sYXOR sX, sY
![Page 6: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/6.jpg)
Quick Start Training
KryptoKitFunction Size Resource Usage CommentsGF(24) multiplier 4 bit 12 macrocells Gates+flopsGF(28) multiplier 8 bit 24 macrocells Gates+flopsGF(216) multiplier 16 bit 48 macrocells Gates+flopsGF(232) multiplier 32 bit 96 macrocells Gates+flopsGF(2163) multiplier 163 bit 340 macrocells Serial inputAES S-box 8 bit 384 ANDs,8 ORs Flops unusedLFSRs variable One / stage ANDs unusedIrreduc.Polynom. variable 3-5 ANDs * Flops unusedLog (28) 8 bit 383 ANDs,8 ORs Flops unusedExp (28) 8 bit 370 ANDs,8 ORs Flops unusedGF(28 ) Inverter 8 bit 397 ANDs,8 ORs Flops unused
* irreducible polynomial in trinomial or pentanomial form
![Page 7: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/7.jpg)
Quick Start Training
What is a Galois Field?
• Finite Field with binary operands• Has all the math properties for closure on
addition, multiplication, commutivity, etc.• An extension field permits polynomial notation
and algebraic manipulation• Commonly used to describe Linear Feedback
Shift Registers• Very interesting properties appropriate to CPLDs
![Page 8: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/8.jpg)
Quick Start Training
Finite Field Arithmetic
• Field Arithmetic is cool– All operands ultimately the same number of bits– Suitable for fixed word size applications
• Cryptography• Channel coding (Reed Solomon, BCH, Viterbi, etc.)• Digital signal processing
• Addition for Galois Fields is just EX-OR• Multiplication can be done with Add/Shift
– Needs polynomial “modulo” correction
![Page 9: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/9.jpg)
Quick Start Training
Example: GF(23) MultiplyExample of 8 Bit Multiplication
57 * 83 = C1 (reduction polynomial = X 8 + X 4 + X 3 + X + 1 = 100011011)
0101 0111 (57) x 1000 0011 (83) 01010111 01010111 00000000 00000000 00000000 00000000 00000000 01010111_______ 10101101111001 (answer, must be reduced) EX-OR 100011011_____ 00100000011001 (must be reduced again!) EX-OR 100011011___ 000011000001 = C1 (done! ie, stop when msb=1)
![Page 10: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/10.jpg)
Quick Start Training
GF(2m) Multiplier/Adder
• Natural extension of Berlekamp-Massey structure• Based on work of Johannes Großschädl• Compiled & simulated • Works in serial or parallel modes• Can use DualEdge clocking for performance• Operates up to: 250+ MHz• Built up to 163 bits long in CoolRunner-II• App Note on GF(2m) Multiplier (Xapp 371)
![Page 11: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/11.jpg)
Quick Start Training
GF(24) Multiplier
DQ
DQ
DQ
1
0D
Q
DQ
DQ
1
0D
Q
DQ
DQ
1
0D
Q
DQ
DQ
0
1
DQ
DQ
DQ
DQ
MPY/ADD
MULTIPLIER
MSB
MULTIPLICAND
MSB
IRREDUCIBLE POLYNOMIAL
RESULTMSB
NOTE: CLOCKS & EXTERNAL DATA INPUT CONNECTIONS ARE NOT SHOWN
R(3) R(2) R(1) R(0)
P(3) P(2) P(1) P(0)
A(3) A(2) A(1) A(0)
B(3) B(2) B(1) B(0)
RESULT = (A x B)mod P
![Page 12: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/12.jpg)
Quick Start Training
Res. MS bit =1?
Subtract Polynomial
Left shift Result (fill with 0)Result = Result (A i AND B)
Result = 0 Loop = 3
Loop = Loop -1
Loop = 0? DoneYes
No
Yes
No
The Flow
![Page 13: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/13.jpg)
Quick Start Training
CryptoBlaze =PicoBlaze with Field Operations
GF(23) MPY
![Page 14: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/14.jpg)
Quick Start Training
Applications
• ECC-Error Channel Coding– Reed-Solomon – BCH operations
• ECC-elliptic curve cryptography• RSA • Advanced Encryption Standard
![Page 15: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/15.jpg)
Quick Start Training
CoolRunner-II Enhanced Security
• Multiple security bits• Nonvolatile• Reconfigurable• Multiple metal layers• Difficult to reverse engineer• Double Data Rate Operation• DataGate
![Page 16: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/16.jpg)
Quick Start Training
Design Your Own• Start with baseline instrs. - delete unused ones• Add choice of elements from KryptoKit• Evaluate tradeoffs of S/W vs. H/W solutions
– First identify bottlenecks– Second evaluate replacement H/W
• Invent new instructions• Tune the processor to suit your requirements• Easy to add to VHDL and the assembler
![Page 17: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/17.jpg)
Quick Start Training
Attacks• Anything that can get a cryptographic module to
reveal its “secret” is an attack– Brute force attack (lots of trials)– Chosen text attacks– Side channel
• Timing attacks• Power analysis• Tempest attack
• Usually targets the protocol
![Page 18: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/18.jpg)
Quick Start Training
Power Analysis: Kerckhoffs meets Kirchoff
• Looks at the current flow into a chip over time• Distinguishes “different” power behavior to reveal
inner behavior of algorithm• Usually focuses on microprocessors, with knowledge
of algorithm and instruction set• Easily identifies loop/branching behavior
– loop behavior correlates to keystream bits
• CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis
![Page 19: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/19.jpg)
Quick Start Training
Basic Idea
input output
-+
![Page 20: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/20.jpg)
Quick Start Training
Power Attack Strategies• Loop behavior is identified with Power Analysis• Loop unrolling helps• Breaking up loops helps• Modifying instructions helps• Modifying hardware helps
– bogus randomizing hardware
• Homogenizing execution time helps• Main idea: changing the hardware helps!• Power tuning is possible
![Page 21: Crypto Blaze : 8-Bit Security Microcontroller](https://reader035.vdocuments.us/reader035/viewer/2022062422/568141df550346895dadbcc0/html5/thumbnails/21.jpg)
Quick Start Training
CryptoBlaze Conclusion• Building specialized processors can improve:
– Performance– Power consumption– Security
• Development support available free from Xilinx– Basic reference design– Cross Assembler– Krypto Kit
• Fully supported by Xilinx Design Software