Hardware and software for cryptography and security

Research topics

  • High performance and secure arithmetic operators for finite field arithmetic Fp and F2m
  • Dedicated processor for ECC (elliplitic curve cryptography)
  • Countermeasures against physical attacks (side channel analysis, fault injection)
    • Redundant and randomized representations of numbers (e.g. scalar in [k]P)
    • Arithmetic operators with reduced side channel leakage
  • Hardware support for secure virtualization in embedded systems
  • Hardware random number generation for high performance and secure applications
    • TRNG (true random number generator) for ASIC and FPGA implementations
    • Hardware on-line randomness quality monitoring (statistical tests: FIPS 140-1, AIS 31)

High Performance and Secure Cryptographic Processor Design

A complete ECC (elliptic curve cryptography) processor is under development.

Main characteristics of the processor:

  • Functional units (FU) for finite field arithmetic in F2m and Fp: addition, subtraction, multiplication, multiplication by constants, inverse
  • Key recoding with arithmetic countermeasures (DBNS randomization, reconfigurable arithmetic operators)

Architecture of the processor:

archi-proc-ecc

Random Number Generation

High-throughput random number generators (RNGs) are required in many applications such as cryptography, signal processing, simulation methods, probabilistic algorithms… Their data rate is not the only important characteristic, their randomness quality is also a key parameter in some critical applications.

Two main kinds of RNGs exist:

  • True random number generators (TRNGs), they use a physical noise source to produce a random signal. TRNGs produce unpredictable random streams but with a limited data rate (up to a few Mb.s-1).
  • Pseudo random number generators (PRNGs), they use computational methods to produce random sequences with a very high data rate but with a (hopefully very long) periodic behavior. PRNGs cannot be used alone in security applications, they need to be initialized by TRNG seeds.

The CAIRN team works on hardware TRNGs with a high throughput and high randomness quality. We also designed and implemented a complete method for the on-line and real-time monitoring of the randomness quality in the RNG chip for ASIC and FPGA implementations.

Several TRNG architectures have been designed and implemented:

  • OCHRE V1: basic TRNG architectures in a 130 nm ASIC ST technology (1 mm2 circuit)
  • OCHRE V2: advanced TRNG architectures with on-line randomness quality monitoring in a 130 nm ASIC ST technology (4 mm2 circuit)
  • High data rate TRNG architectures with on-line randomness quality monitoring for Xilinx, Altera and Actel FPGAs.

Working group

A working group on computer arithmetic, cryptography and security is organized

Future Events:

Links

  • IACR (International Association for Cryptologic Research)
  • CHES (Cryptographic Hardware and Embedded Systems)