VLSI Design of Advanced-Features AES Cryptoprocessor in the Framework of the European Processor Initiative

Nannipieri, Pietro; Matteo, Stefano Di; Baldanzi, Luca; Crocetti, Luca; Zulberti, Luca; Saponara, Sergio; Fanucci, Luca

doi:10.1109/tvlsi.2021.3129107

Cited by 18 publications

(18 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While these works provide ultra-high throughputs, the area usage is not proportional to the increase in throughput, hence, a low throughput-to-area ratio. In [3], a highly customized VLSI (Very Large Scale Integration) design of an advanced AES Cryptoprocessor is presented. The design supports multiple modes of operations targeting the European Processor Initiative (EPI) that features multiple hardware cryptographic accelerators, including SHA, which are controlled by a secure RISC-V processor.…”

Section: Related Workmentioning

confidence: 99%

“…FPGAs (Field Programmable Gate Arrays) are flexible alternatives that provide reconfiguration and lower costs for small production. In addition, they can facilitate the design/prototype of cryptographic hardware that combines multiple cryptographic primitives [1], [2], [3]. This flexibility enables the system to support various cryptographic operations and protocols required by applications such as IEEE 802.11, Bluetooth, Transport Layer Security (TLS), Global System for Mobile (GSM), ISO/IEC 29192, etc.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design and Implementation of a flexible Multi-purpose Cryptographic System on low cost FPGA

Maache

Kalache

2023

Int. j. electr. comput. eng. syst. (Online)

View full text Add to dashboard Cite

The design of cryptographic hardware that supports multiple cryptographic primitives is common in literature. In this work, a new design is presented consisting of a multi-purpose cryptographic system featuring both 128-bit pipelined AES-CORE (Advanced Encryption Standard) for high-speed symmetric encryption and a Keccak hash core on a low-cost FPGA. The KECCAK-CORE’s security and performance parameters are tunable in the sense that capacity, bitrate, and the number of rounds can be user-defined. Such flexibility enables the core to suit a large range of security requirements. The structure of Keccak’s sponge construction is exploited to enable different modes of operation. An example application outlined in this work is Pseudo Random Number Generation (PRNG). With few adjustments, the KECCAK-CORE was also operated as a post-processing unit for True Random Number Generation (TRNG) that uses the analog Lorenz chaotic circuit as a physical entropy source. The multi-purpose design was implemented in VHDL targeting an IntelFPGA Cyclone-V FPGA. For AES symmetric encryption, a maximum throughput of 31.1Gbps was achieved and a logic usage of 25146LEs (23% of the FPGA) in the case of the pipelined variant of AES-CORE. For the KECCAK-CORE, maximum throughput figures of 5.81, 8.4, and 11Gbps were achieved for the three SHA-3 variants 512, 384, and 256-bit respectively, with an area usage of 8947LEs (8%). The system as a whole occupies an area of 26909LEs (26%). The random sequences generated by the system operating in PRNG and TRNG post- processing modes successfully passed the National Institute of Standards and Technology (NIST) statistical test suite (NIST SP 800-22). The information entropy analysis performed on the post-processed TRNG sequences indicates an average of 0.935.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Design and Implementation of a flexible Multi-purpose Cryptographic System on low cost FPGA

Maache

Kalache

2023

Int. j. electr. comput. eng. syst. (Online)

View full text Add to dashboard Cite

show abstract

“…All these approaches can provide a security strength up to 256 bits, under specific design rules, and show different characteristics at an architectural level, which reflects also on performance. Although the CTR-DRBG solution permits implementing more efficient PRNGs both for the relative metric of throughput per area and for the absolute metrics of throughput (the highest one) and consumption of logic resources (the lowest one), it has been discarded, as [ 18 ] expresses about the effective capability of this mechanism to reach maximum security strength: its authors claim that the usage of DRBGs based on block ciphers should be avoided since the pseudo-random permutation inside each AES [ 3 ] round outputs a sequence that is distinguishable from a random source, while the DRBGs based on hash functions satisfy the security requirements. On the other hand, the DRBGs based on HMAC can be interpreted as a more complex version of the ones relying on hash functions, because they exploit the same underlying hash algorithm to which the HMAC scheme adds resources, data (the key), and operations (hence latency), therefore leading to a less efficient solution and introducing the issues related to the establishment of cryptographic keys.…”

Section: Design Of the Random Number Generatormentioning

confidence: 99%

“…This article focuses on the design and test of an all-digital hardware accelerator for random number generation, NIST-compliant at entropy level, with sustained throughput and technology independence. The complete hardware accelerator is to be exploited within the 7 nm European Processor Initiative [ 2 ] ASIC, together with other hardware accelerators that will rely on it (AES [ 3 ], ECC [ 4 ], SHA [ 5 ]). The paper is organized as follows.…”

Section: Introductionmentioning

confidence: 99%

Design and Test of an Integrated Random Number Generator with All-Digital Entropy Source

Crocetti

Matteo

Nannipieri

et al. 2022

Entropy

Self Cite

View full text Add to dashboard Cite

In the cybersecurity field, the generation of random numbers is extremely important because they are employed in different applications such as the generation/derivation of cryptographic keys, nonces, and initialization vectors. The more unpredictable the random sequence, the higher its quality and the lower the probability of recovering the value of those random numbers for an adversary. Cryptographically Secure Pseudo-Random Number Generators (CSPRNGs) are random number generators (RNGs) with specific properties and whose output sequence has such a degree of randomness that it cannot be distinguished from an ideal random sequence. In this work, we designed an all-digital RNG, which includes a Deterministic Random Bit Generator (DRBG) that meets the security requirements for cryptographic applications as CSPRNG, plus an entropy source that showed high portability and a high level of entropy. The proposed design has been intensively tested against both NIST and BSI suites to assess its entropy and randomness, and it is ready to be integrated into the European Processor Initiative (EPI) chip.

show abstract

“…Our framework can be exploited when designing robust systems against Side-Channel Attack (SCA) [11], ultra-low-power and heterogeneous [12], or space-grade SoCs, where the target technology, in both Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA) development flows, determines the time-based power consumption and area occupancy outcomes. It has been used in [6] to assist the design of a Post-Quantum Cryptography ISA extension for RISC-V, and in [13] to collect post-synthesis results of a cryptographic hardware accelerator for Advanced Encryption Standard (AES). To describe our work, we present an use case in which the performance of an Elliptic Curve Cryptography (ECC) accelerator [14] are assessed using the proposed framework, showing how the complexity of the design flow is reduced thanks to the automation provided.…”

Section: Introductionmentioning

confidence: 99%

A Script-Based Cycle-True Verification Framework to Speed-Up Hardware and Software Co-Design: Performance Evaluation on ECC Accelerator Use-Case

et al. 2022

Self Cite

View full text Add to dashboard Cite

Digital designs complexity has exponentially increased in the last decades. Heterogeneous Systems-on-Chip integrate many different hardware components which require a reliable and scalable verification environment. The effort to set up such environments has increased as well and plays a significant role in digital design projects, taking more than 50% of the total project time. Several solutions have been developed with the goal of automating this task, integrating various steps of the Very Large Scale Integration design flow, but without addressing the exploration of the design space on both the software and hardware sides. Early in the co-design phase, designers break down the system into hardware and software parts taking into account different choices to explore the design space. This work describes the use of a framework for automating the verification of such choices, considering both hardware and software development flows. The framework automates compilation of software, cycle-true simulations and analyses on synthesised netlists. It accelerates the design space exploration exploiting the GNU Make tool, and we focus on ensuring consistency of results and providing a mechanism to obtain reproducibility of the design flow. In design teams, the last feature increases cooperation and knowledge sharing from single expert to the whole team. Using flow recipes, designers can configure various third-party tools integrated into the modular structure of the framework, and make workflow execution customisable. We demonstrate how the developed framework can be used to speed up the setup of the evaluation flow of an Elliptic-Curve-Cryptography accelerator, performing post-synthesis analyses. The framework can be easily configured taking approximately 30 min, instead of few days, to build up an environment to assess the accelerator performance and its resistance to simple power analysis side-channel attacks.

show abstract

VLSI Design of Advanced-Features AES Cryptoprocessor in the Framework of the European Processor Initiative

Cited by 18 publications

References 30 publications

Design and Implementation of a flexible Multi-purpose Cryptographic System on low cost FPGA

Design and Implementation of a flexible Multi-purpose Cryptographic System on low cost FPGA

Design and Test of an Integrated Random Number Generator with All-Digital Entropy Source

A Script-Based Cycle-True Verification Framework to Speed-Up Hardware and Software Co-Design: Performance Evaluation on ECC Accelerator Use-Case

Contact Info

Product

Resources

About