UpWB: An Uncoupled Architecture Design for White-box Cryptography Using Vectorized Montgomery Multiplication

被引:0
作者
Chen X. [1 ]
Yang B. [1 ]
Zhu J. [1 ]
Liu J. [3 ]
Yin S. [1 ]
Yang G. [1 ]
Zhu M. [2 ]
Wei S. [1 ]
Liu L. [1 ]
机构
[1] Beijing National Research Center for Information Science and Technology (BNRist), School of Integrated Circuits, Tsinghua University, Beijing
[2] Wuxi Micro Innovation Integrated Circuit Design Co., Ltd, Wuxi
[3] Shaanxi Normal University, Xi’an
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2024年 / 2024卷 / 02期
基金
中国国家自然科学基金;
关键词
domain-specific accelerator; space hardness; white-box cryptography;
D O I
10.46586/tches.v2024.i2.677-713
中图分类号
学科分类号
摘要
White-box cryptography (WBC) seeks to protect secret keys even if the attacker has full control over the execution environment. One of the techniques to hide the key is space hardness approach, which conceals the key into a large lookup table generated from a reliable small block cipher. Despite its provable security, space-hard WBC also suffers from heavy performance overhead when executed on general purpose hardware platform, hundreds of magnitude slower than conventional block ciphers. Specifically, recent studies adopt nested substitution permutation network (NSPN) to construct dedicated white-box block cipher [BIT16], whose performance is limited by a massive number of rounds, nested loop dependency and high-dimension dynamic maximal distance separable (MDS) matrices. To address these limitations, we put forward UpWB, an uncoupled and efficient accelerator for NSPN-structure WBC. We propose holistic optimization techniques across timing schedule, algorithms and operators. For the high-level timing schedule, we propose a fine-grained task partition (FTP) mechanism to decouple the parameter-oriented nested loop with different trip counts. The FTP mechanism narrows down the idle time for synchronization and avoids the extra usage of FIFO, which efficiently increases the computation throughput. For the optimization of arithmetic operators, we devise a flexible and vectorized modular multiplier (VMM) based on the complexity-reduced Montgomery algorithm, which can process multi-precision variable data, multi-size matrix-vector multiplication and different irreducible poly-nomials. Then, a configurable matrix-vector multiplication (MVM) architecture with diagonal-major dataflow is presented to handle the dynamic MDS matrix. The multi-scale (Inv)Mixcolumns are also unified in a compact manner by intensively sharing the common sub-operations and customizing the constant multiplier. To verify the proposed methodology, we showcase the unified design implementation for three recent families of WBCs, including SPNbox-8/16/24/32, Yoroi-16/32 and WARX-16. Evaluated on FPGA platform, UpWB outperforms the optimized software counterpart (executed on 3.2 GHz Intel CPU with AES-NI and AVX2 instructions) by 7× to 30× in terms of computation throughput. Synthesized under TSMC 28nm technology, 36× to 164× improvement of computation throughput is achieved when UpWB operates at the maximum frequency of 1.3 GHz and consumes a modest area 0.14 mm2. Besides, the proposed VMM also offers about 30% improvement of area efficiency without pulling flexibility down when compared to state-of-the-art work. © 2024, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:677 / 713
页数:36
相关论文
共 71 条
  • [1] Augot Daniel, Finiasz Matthieu, Direct construction of recursive MDS diffusion layers using shortened BCH codes, Fast Software Encryption-21st International Workshop, FSE 2014, pp. 3-17, (2014)
  • [2] Bock Estuardo Alpirez, Amadori Alessandro, Bos Joppe W., Brzuska Chris, Michiels Wil, Doubly half-injective prgs for incompressible white-box cryptography, Topics in Cryptology-CT-RSA 2019-The Cryptographers’ Track at the RSA Conference 2019, San Francisco, CA, USA, March 4-8, 2019, Proceedings, volume 11405 of Lecture Notes in Computer Science, pp. 189-209
  • [3] Bock Estuardo Alpirez, Amadori Alessandro, Brzuska Chris, Michiels Wil, On the security goals of white-box cryptography, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2020, 2, pp. 327-357, (2020)
  • [4] Bock Estuardo Alpirez, Brzuska Chris, Fischlin Marc, Janson Christian, Michiels Wil, Security reductions for white-box key-storage in mobile pay-ments, Advances in Cryptology-ASIACRYPT 2020-26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I, volume 12491 of Lecture Notes in Computer Science, pp. 221-252, (2020)
  • [5] Bock Estuardo Alpirez, Brzuska Chris, Lai Russell W. F., On provable white-box security in the strong incompressibility model, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2023, 4, pp. 167-187, (2023)
  • [6] Bogdanov Andrey, Isobe Takanori, White-box cryptography revisited: Space-hard ciphers, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1058-1069, (2015)
  • [7] Bogdanov Andrey, Isobe Takanori, Tischhauser Elmar, Towards practical whitebox cryptography: Optimizing efficiency and space hardness, Advances in Cryptology-ASIACRYPT 2016-22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part I, volume 10031 of Lecture Notes in Computer Science, pp. 126-158
  • [8] Beierle Christof, Kranz Thorsten, Leander Gregor, Lightweight multiplication in gf(2<sup>n</sup>) with applications to MDS matrices, Advances in Cryptology-CRYPTO 2016-36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I, volume 9814 of Lecture Notes in Computer Science, pp. 625-653
  • [9] Boyar Joan, Matthews Philip, Peralta Rene, On the shortest linear straight-line program for computing linear forms, Mathematical Foundations of Computer Science 2008, 33rd International Symposium, MFCS 2008, Torun, Poland, August 25-29, 2008, Proceedings, volume 5162 of Lecture Notes in Computer Science, pp. 168-179, (2008)
  • [10] Boyar Joan, Peralta Rene, New logic minimization techniques with applications to cryptology, Cryptology ePrint Archive, (2009)