Reconfigurable Cryptographic Processor

As a carrier to implement cryptographic algorithms, a cryptographic processor plays an important part in information security applications. With the development of network information technologies and integrated circuit technologies, the requirements for the cryptographic processors are no longer limited to pure computing performance. To support as many cryptographic algorithms and execution modes in the protocols as possible, a cryptographic processor should be flexible enough. To make a balance between performance and power consumption, energy efficiency (performance per watt) becomes a more reasonable metric compared with performance. To fight against increasingly intensive cipher-based physical attacks, security has gone beyond traditional metrics and become the most important one in cryptographic processors. Traditional cryptographic processors including application-specific integrated circuits (ASIC) and instruction set architecture processors (ISAP) cannot make a balance between the three metrics—flexibility, energy efficiency, and security.

This book focuses on the reconfigurable feature of cryptographic algorithms and analyzes the feasibility of implementing cryptographic algorithms with reconfigurable computing technologies, so as to provide a basis for the architecture design of the reconfigurable cryptographic processor. To study the reconfigurable cryptographic processor, a full understanding of cryptographic algorithms, the implementation object of the reconfigurable cryptographic processor, is a must. Based on the key factors of reconfigurable computing technologies, this book analyzes the features of cryptographic algorithms in terms of the execution process, algorithm structure, data width, computing granularity, core operations, parallelism, data dependency, common logic of algorithms computation, etc. This provides a basis for the architecture design of a reconfigurable cryptographic processor, including operator extraction, reconfigurable logic unit function, computing granularity, and scale of reconfigurable arrays. As each cryptographic algorithm has its unique features, this book will analyze the reconfigurable features of the block cipher, hash function, and public key cipher separately. There are numerous types of symmetric cipher, and the information system has the most urgent demand for the flexibility of symmetric ciphers. Therefore, the next section will focus on symmetric ciphers.

The hardware architecture of reconfigurable cryptographic processors is the customization of the generic reconfigurable computing architecture in the cryptographic field. On the basis of the generic architecture described in Sect. 1.​4.​1, designers need to optimize each concrete structure and parameter involved in the architecture framework in the cryptographic field. Different from the hardware architecture design of traditional cryptographic processors, i.e., the hardwired design of the data flow diagram for a single cipher algorithm in ASIC and the design of extended instruction set for specific operators and functions of cipher algorithm in ISAP, the hardware design of reconfigurable cryptographic processors shall integrate features of multiple cipher algorithms to implement the flexible and efficient reconfigurable datapath and reconfigurable controller. The reconfigurable computing unit, interconnection networks, heterogeneous module, data storage, configuration control method, configuration information organization, and storage are designed on the basis of common features of cipher algorithms. This chapter summarizes the basic design methods for the hardware architecture of reconfigurable cryptographic processors from the aspects of reconfigurable datapath and reconfigurable controller, thus helping designers analyze how to perform reasonable architecture designs based on a specified demand.

As an implementation of reconfigurable computing processors in specific fields, a reconfigurable cryptographic processor inherits the basic compilation framework of reconfigurable computing processors: The algorithm is described in high-level programming languages; the hardware and software partition is made through the static or dynamic analysis; then, the hardware part is transformed into the universal intermediate representation through the front-end compilation tools, which is then optimized through the middle-end compilation tools; finally, the mapping is implemented through back-end compilation tools including the synthesis tool, placement and routing tool, and the configuration information of the reconfigurable computing structure is generated. This chapter will be based on this framework and consider the particularity of the compilation method of reconfigurable cryptographic processors. As a cipher algorithm has many obvious code features such as the fixed-boundary loop, loop-carried data dependency, simple control flow, and quite different data granularity, the compilation method of the compiler of a reconfigurable cryptographic processor needs to be optimized based on these features. This chapter will start with general reconfigurable computing processors and introduce their universal compilation technologies and methods, including the main steps throughout compilation process. Then, this chapter will discuss the compilation methods of reconfigurable cryptographic processors, focusing on the steps which are very important for cipher application, such as code transformation and optimization, division and mapping of intermediate representations. Finally, this chapter will give examples about compilation and implementation of different cipher algorithms.

This chapter describes a reconfigurable cryptographic processor designed by the reconfigurable computing research team at the Institute of Microelectronics, Tsinghua University, and the processor is named Anole. Anole is designed for various symmetric cryptographic algorithms and hash algorithms, and its core structure includes a dynamically and partially reconfigurable processing array and the interconnection between processing elements for the function enhancement. The design optimization goal is to improve the energy and area efficiencies while maintaining flexibility. Three key technologies have been proposed including distributed control network (DCN), concurrent computation and reconfiguration (CCR), and configuration compression and organization (CCO). The basic architecture, key technologies, integrated development tools and chip implementation results of Anole are presented in detail as follows:

The physical attack countermeasures for reconfigurable cryptographic processors are mainly achieved in two ways. One way is to implement all the universal countermeasures to the reconfigurable architecture. Another way is to develop new countermeasures by using the characteristics of the reconfigurable computing. Traditional universal countermeasures do not take full advantage of the characteristics of reconfigurable computing and result in significant performance, area, and power overhead. In addition, new threatening attack methods such as the local electromagnetic attack with the attack precision of gate level, multiple fault attack which can introduce more than one fault in a single execution, and attacks based on ultra-low frequency (kHz level for instance) acoustic or electromagnetic signal continue to emerge. Various existing traditional countermeasures cannot be used to effectively resist these attacks. Compared with the direct application of traditional countermeasures, countermeasures designed based on the characteristics of reconfigurable cryptographic architecture can effectively reduce the performance, area, and power overhead caused by security improvement through resource reuse. What is more, the new countermeasures are expected to resist novel attack methods that have not been effectively overcome. On the one hand, the dynamic and partial reconfiguration feature can be fully exploited to develop countermeasures based on time and spatial randomization. When each execution of the cryptographic algorithm is performed at a different time and circuit region in the array, various precision attacks will not take effect. It just like that when an attacker wants to attack the backdoor of the cryptographic implementation, the randomization method keeps the position of the backdoor changing rapidly, making it difficult for the attacker to attack even when he or she has the key to the backdoor. On the other hand, we can make full use of the structural advantages of reconfigurable processors and fully combine the countermeasure design with the reconfigurable architecture, thus maximizing the advantages of reconfigurable computing. The rich array computing units and interconnection resources on the reconfigurable cryptographic processors can be used to resist physical attacks. With the resource reuse, the consumption caused by countermeasures can be significantly reduced. For example, a physically unclonable function (PUF) can be constructed based on array computing units, and lightweight authentication or security keys can be generated after the basic encryption/decryption operations are performed. The rich interconnection resources on the array can also be fully developed to resist attacks. When various topology attributes of interconnection network changed slightly and randomness was introduced, physical attack countermeasures can be implemented besides the normal data transmission.

With the continuous evolution of big data and globalization, the security environment has become increasingly serious. Among them, data security and cryptographic processor security issues are particularly prominent. In terms of data security, the demand for big data processing, represented by cloud computing, has brought new challenges to data security.