FPGA and ASIC Implementation of Rho and P-1 Methods of Factoring. Master s Thesis Presentation Ramakrishna Bachimanchi Director: Dr.
|
|
- Abraham Gray
- 8 years ago
- Views:
Transcription
1 FPGA and ASIC Implementation of Rho and P-1 Methods of Factoring Master s Thesis Presentation Ramakrishna Bachimanchi Director: Dr. Kris Gaj
2 Contents Introduction Background Hardware Architecture FPGA and ASIC Design Flow Results Conclusions
3 RSA In 1977 Ron Rivest, Adi Shamir & Leonard Adleman developed the first public key cryptosystems, they called RSA
4 RSA Public key {e, N} Private key {d, P,Q} Alice Encryption Network Decryption Bob { e, N } { d, P, Q } N = P Q P, Q - large prime factors e d 1 mod ((P-1)(Q-1))
5 Common Applications of RSA Secure WWW, SSL Network Browser WebServer S/MIME, PGP Alice Bob
6 Recommended key sizes for RSA Size of the RSA key = size of N=P Q Old standard: Individual users New standard: Short-term use ( up to 2010) 512 bits (155 decimal digits) 1024 bits Long-term use 2048 bits
7 Factoring RSA RSA-200 (663-bits) factored by Bahr, Boehm, Frank and Kleinjung When? Dec 2003 May 2005 Effort? First stage: About 1 year on various machines, equivalent to 55 years on Opteron 2.2 GHz CPU Second stage: 3 months on a cluster of GHz Opterons connected via a gigabit network
8 Number Field Sieve Best Algorithm to Factor Large Numbers Complexity: Sub-exponential time and memory N = Number to factor, k = Number of bits of N Exponential function, e k Sub-exponential function, e k1/3 (ln k) 2/3 Polynomial function, a k m
9 Steps of Number Field Sieve (NFS) Polynomial Selection Relation Collection Sieving 200 bit & 350 bit numbers Mini factoring Pollard rho p-1 method ECM Linear Algebra Square Root
10 Rho Algorithm
11 Pollard s Rho Method Birthday paradox: If more than 23 random people are in a room (or even if they aren't) there is a more than 50% probability that the birthdays of two of them fall on the same day of the year.
12 Pollard's rho method - Example N = = x i+1 = x i2 + 1 mod N x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x mod 97: x 2 x 5 x 8 mod q x 1 x 4 x 7 mod q x 0 x 3 x 6 x 9 mod q x 1 x 4 mod q q (x 1 x 4 ) q N q gcd(x 1 x 4, N) q=gcd( , ) = 97
13 Pollard s Rho Method x 3 mod q x 4 mod q x s x e mod q x e mod q.... x e-1 mod q... x s mod q x i+1 mod q x s+1 mod q period=e-s.. x s+2 mod q. x i mod q x 2 mod q x 1 mod q x 0 mod q x s x e mod q x s+1 x e+1 mod q.... x s+k x e+k mod q
14 Rho Algorithm- Floyd s Version Initialize b c x 0 1. ( ) 2 choose the polynomial as f x x a 2. calculate b f ( b) mod n and c f ( f ( c)) mod n 3. compute d gcd( b- c, n) 4. if 1 d n, a non trivial factor of n is found 5. if d 1 go to step 2 if d N change a and go to step 1
15 Rho Method - Floyd s Version x 1 -x 2 x 1 -x 3 x 1 -x 4 x 1 -x 5 x 1 -x x 1 -x i x 2 -x 3 x 2 -x 4 x 2 -x 5 x 2 -x 6 x 2 -x x 2 -x i x 3 -x 4 x 3 -x 5 x 3 -x 6 x 3 -x 7 x 3 -x x 3 -x i x 4 -x 5 x 4 -x 6 x 4 -x 7 x 4 -x 8 x 4 -x x 4 -x i x 5 -x 6 x 5 -x 7 x 5 -x 8 x 5 -x 9 x 5 -x x 5 -x i x 6 -x 7 x 6 -x 8 x 6 -x 9 x 6 -x 10 x 6 -x 11 x 6 -x x 6 -x i x 7 -x 8 x 7 -x 9 x 7 -x 10 x 7 -x 11 x 7 -x 12 x 7 -x 13 x 7 -x x 7 -x i x 8 -x 9 x 8 -x 10 x 8 -x 11 x 8 -x 12 x 8 -x 13 x 8 -x 14 x 8 -x 15 x 8 -x x 8 -x i x k -x k+1 x k -x k+2 x k -x k x k -x 2k x k -x i
16 Pollard s Rho Algorithm - Floyd s Version f(x)=x 2 +a with a {-2,0} # iterations t <100 q max (q max is the maximum factor we expect to find using rho method) We choose random x 0 in the range(0,n-1) and x 1 =f(x 0 ) V 2 V 1 d x 0 d=1 x 2 x 1 d=d*(x 2 -x 1 ) f(f()) f() x 4 x 2 d=d*(x 4 -x 2 ) x 6 x 3 d=d*(x 6 -x 3 )... x t x t/2 d=d*(x t -x t/2 ) x t+2 x (t+2)/2 d=d*(x t+2 -x (t+2)/2 ) x 2i x i d=d*(x 2i -x i ) x 2(i+1) x i+1 d=d*(x 2i+2 -x i+1 ) x 2t x t d=d*(x 2t -x t ) *x 2i+2 =f(f(x 2i )),x i+1 =f(x i ) q=gcd(d,n) Minimization for area and/or memory
17 Rho Algorithm- Floyd s Version Contd. Inputs x a f x x a N t even 2 : 0,, ( ),, (, 2) Outputs : q ( such that q N) v x f ( x ), v x f ( x ), temp v -v x - x, d for ( i 2; i t; i ) { v v v v a v 2 2 v v v a v 2 2 v v v a * all operations are done 1 1 temp v -v mod ulo N 2 1 d d* temp } q gcd ( d, N)
18 Rho Method - Brent s Version x 1 -x 2 x 1 -x 3 x 1 -x 4 x 1 -x 5 x 1 -x x 1 -x i x 2 -x 3 x 2 -x 4 x 2 -x 5 x 2 -x 6 x 2 -x x 2 -x i x 3 -x 4 x 3 -x 5 x 3 -x 6 x 3 -x 7 x 3 -x x 3 -x i x 4 -x 5 x 4 -x 6 x 4 -x 7 x 4 -x 8 x 4 -x x 4 -x i x 5 -x 6 x 5 -x 7 x 5 -x 8 x 5 -x 9 x 5 -x x 5 -x i x 6 -x 7 x 6 -x 8 x 6 -x 9 x 6 -x 10 x 6 -x 11 x 6 -x x 6 -x i x 7 -x 8 x 7 -x 9 x 7 -x 10 x 7 -x 11 x 7 -x 12 x 7 -x 13 x 7 -x x 7 -x i x 8 -x 9 x 8 -x 10 x 8 -x 11 x 8 -x 12 x 8 -x 13 x 8 -x 14 x 8 -x 15 x 8 -x x 8 -x i x k -x k+1 x k -x k+2 x k -x k x 2k -x 2 k + 2 k x 2k -x 2 k+1
19 Rho Method - Brent s Version Sequence of Operations v 2 d v 1 x 2 d=1 x 2 x 3 x 4 d=d*(x 4 -x 2 ) x 4 x 5 x 6 x 7 d*(x 7 -x 4 ) x 8 d*(x 8 -x 4 ) x 8 x 9 x 10 x 11 x 12 x 13 d*(x 13 -x 8 ) x 14 d*(x 14 -x 8 ) Minimization for x 15 d*(x 15 -x 8 ) execution time x 16 d*(x 16 -x 8 ) x 16 24%
20 Rho Algorithm- Brent s Version Inputs x a f x x a N t even 2 : 0,, ( ),, (, 2) Outputs : q ( such that q N) x f ( x ), v v x f ( x ), k for ( i 3; i 2 t; i ) { v f ( v ) if { 2 2 k k-1 k 1 (2 2 1 i 2 ) temp v -v 2 1 d d * temp } if { v k 1 ( i 2 ) v 1 2 k k 1 } } q gcd( d, N)
21 p-1 Algorithm
22 p-1 Algorithm Based on Fermat s Little Theorem a p-1 1(mod p) a m(p-1) 1(mod p) a m(p-1) 1 0(mod p) N number to be factored a, any small integer p, non-trivial factor of N Choose a small number a, such that 1<a<N Choose a special number k Compute a k (mod N) 1 Compute gcd(a k (mod N) 1, N)
23 p-1 algorithm Inputs : N a B 1 B 2 number to be factored arbitrary integer such that gcd(a, N)=1 smoothness bound for Phase1 smoothness bound for Phase2 Outputs: q - factor of N, 1 < q N or FAIL
24 p-1 algorithm Phase 1 ei 1: k p such that p - consecutive primes B k 2: q a mod N 0 3: q gcd( q 1, N) p i 0 i 4 : if q 1 5: return q (factor of N) 6: else 7: go to Phase 2 8: end if i ei e - largest exponent such that p B i precomputations 1 main computations postcomputations i 1
25 p-1 algorithm Phase 2 09: d 1 10: for each prime p B to B do p : d d ( q 1) (mod N) 12 : end for 13: q gcd( d, N) 14: if q 1 then 15: return q 16: else 17: return FAIL 18: end if main computations postcomputations
26 p-1 Phase 1 Numerical example N = = a = 2 B 1 = 20 k = = q 0 =a k mod N = mod = q = gcd ( ; ) = 1361 Why did the method work? q-1 = 1360 = k a k mod q = a (q-1) m mod q = 1 q a k -1
27 Modular Exponentiation- Sliding Window Method Input : g, e ( e e... e, e ) with e 1, and an int eger w 1 Output : g 1. precomputation e 1 2 t t g g, g g 2. A 1, i t 3. while i 0 do the following 2 For i from to do g g g w 1 1 (2 1) : 2i 1 2i 1 * 2 2 if e 0 then do : A A, i i -1 i i-l 1 i i 1 t otherwise ( e 0), find the longest bitstring e e... e such that i - l 1 w and e 4.Re turn( A) l 1, i i i-1 l and do the following 2 A A g( e e... e ) i l *, 1 l
28 Sliding Window Method- Example calculating g 50, e = (110010) 2, window size 2 Pre-computations g 3 Main computations, A , window size = 2 and the value = 11 = 3 A (A) 4.g 3 = g A A 2 = g A A 2 = g , window size = 1 and the value = 1 = 1 A (A) 2.g 1 = g A A 2 = g 50
29 Hardware Architecture
30 Top-level View FPGA / ASIC Control Unit I/O Host computer Global memory Rho, p-1, unified Units RAM
31 Low Level Arithmetic Units
32 Montgomery Multiplication A _M _C hoice B A _M write start w w B M A ws ws ws S1in S2in Es Es Eb Eb loada S1 S2 B reset M reset A (Shift_Reg) reg_rst reg_rst reset clk reset M U LT IPLIE R read S1out S2out zeros Bout zeros w w Mout read w w Ai qi BB mm w w w w A(0) Ai C 32 read done_m ul Based on McIvor, McLoone, et al. Asilomar 2003: full-length CSAs word-length CPAs S1in S2in >>1 >>1 A1 A2 B C CSR42 + ws read ws data_out S2out(0) S1out(0) SUM CARRY sum carry w w S1out(ws-1 downto 0) S2out(ws-1 downto 0) ws ws Bout(0) Ai U V W Y w w w w CSR42 CSA w+1 w+1 CSA w+2 w+2 qi S C
33 Addition / Subtraction a d d r1 W E L a d d r2 B A_M _Choice L U T 3 2 X 3 2 M E M A _ M A_M write add_sub M A _ M _ C h o ic e A _ M B < < 1 2 M clk reset ADDE R/ SUB TRACTO R O P 1 O P 2 E A 3 2 b ti re g A 3 2 b ti re g B E B s u b 32 + s u m 1 s u m 2 E C 1 C read Original design C o u t A D D E R C in C 1 E C 2 C 2 < > re a d s ig n Z
34 Global Memory- Rho n for unit1 n for unit n for unit m Same for all units x 0 a t No. of iterations
35 Local Memory- Rho data_out g_l A_M Grei 32 0 M temp data_in Kout 32 C V1 6 Aaddr 1 V2 u_l a 6 Baddr B 32 d WEA Local Memory 63
36 Computation Flow MUL ADD/SUB 1 to 2t-1 v 2 v 2 2 cond1 temp (v 2 -v 1 ) cond1 d d*temp 1 to 2t-1 v 2 v 2 + a cond1: 2 k +2 k-1 +1 i-1 2 k+1
37 Control Unit - Rho Memory Initialization Main Computations Reading Out Results
38 Global Memory p-1 0 Phase N for unit 1 N for unit 2... N for unit m 0 Phase GCD_table[1]... GCD_table[GMAXD] M min M max Determines j such that 1 j D and gcd(j, D) = 1 g 2 g 1 initial values for All units prime_table[1] prime_table[2] k N... Determines m,j such that P = m.d-j is a prime k prime_table[pmax D ]
39 Local Memory p-1 a) 0 Phase N g 2 g 1 g b) 0 Phase N /d d 2 d d 11 d g s *s = 2 k -1 d 209 d D d m.d 511 d = g e 511 d md - d j x
40 Control Unit Phase 1 Phase 2 Memory Initialization Memory Initialization Pre-Computations Modular Exponentiation Reading Out Results Main-Computations Reading Out Results
41 Unified Architecture ADD/SUB Local Memory for p-1 Control Unit MUL Local Memory for Rho Global Memory
42 Control Unit Memory Initialization Rho-Computations P-1 -Computations Reading Out Results
43 Control Unit Total 17 state machines with 140 states 5 state machines with 45 states in Rho 12 state machines with 103 states in P-1 5 Shift registers 9 Registers 13 Counters 22 Comparators Original design
44 Design Flow
45 FPGA vs ASIC FPGA Field Programmable Gate Array Array of logic blocks Switchable interconnect resources Final user can set switches Immediate use ( Zero fab time) Not good for high volume applications ASIC Application Specific Integrated Circuit Standard cells and Macros Requires full manufacturing sequence Good for high volume applications
46 FPGA Design Flow Design Entry Design Verification Specification RTL Description (VHDL / Verilog HDL) Functional Simulation Synthesis Post-Synthesis Simulation Implementation Timing Simulation Configuration On Chip Testing
47 ASIC Design Flow Front-End Design Synthesis Timing Analysis Design Analyzer Primetime Back-End Design Floorplanning Placement Clock Tree Synthesis Astro Routing Design for Manufacturing
48 Results
49 Families of Xilinx FPGA Devices Low-cost High-performance Spartan 3 Virtex II (< $130*) (< $2,700*) Spartan 3E Virtex 4 (< $35*) (< $3,000*) *approximate cost of the largest device per unit for a batch of 10,000 units
50 FPGA Implementation of Single Units Results Rho P-1 Unified Resources -CLB Slices 1,680(4%) 1,749(5%) 2,042(6%) -LUTs 2,714(4%) 2,875(4%) 3,451(5%) -FFs 1,518(2%) 1,645(2%) 1,740(2%) -BRAMs 0/144 2/144 2/144 Max. Clock Frequency 130 MHz 131 MHz 115 MHz Target device is Virtex II XC2v6000-6
51 Number of unified units per FPGA Spartan 3 Virtex II Spartan 3E Virtex 4 XC3S XC2V XC3S XC4VLX Low-cost High-performance Low-cost High-performance
52 Performance Unified Operations per Second 2, x 1.41 x Spartan 3 Virtex II Spartan 3E Virtex 4 XC3S XC2V XC3S XC4VLX Low-cost High-performance Low-cost High-performance
53 Performance to cost ratio Unified Operations per second per $ x 14.9 x Spartan 3 Virtex II Spartan 3E Virtex 4 XC3S XC2V XC3S XC4VLX Low-cost High-performance Low-cost High-performance
54 ASIC - Layout of p-1 - floorplanning
55 Layout of p-1 - placement
56 Layout of p-1 clock tree synthesis
57 Layout of p-1 Global Routing
58 Layout of p-1 Detailed Routing
59 Results - ASIC Implementation Unified architecture Operation rho p-1 Area 1.15 mm mm2 1.8 mm2 Max. Clock Frequency 200 MHz 200MHz 200 MHz Time for execution 3.52 ms 9.56 ms 13.1 ms # of operations per second (using maximum no. of units) 96,022 34,100 16,615 Core utilization ratio 70% 70% 65% Area of Virtex II FPGA is x 19.8 mm2 (estimation by R.J. Lim Fong, MS Thesis, VPI, 2004)
60 FPGA vs ASIC - Area 338 ASIC FPGA x Rho x x P-1 Unified Area of Virtex II FPGA is x 19.8 mm2 (estimation by R.J. Lim Fong, MS Thesis, VPI, 2004)
61 Rho in an ASIC 130 nm Global Memory Local Memory
62 ASIC 130 nm vs. Virtex II 6000 rho (20 units) mm mm 51x Area of Virtex II 6000 (estimation by R.J. Lim Fong, MS Thesis, VPI, 2004) 2.7 mm 2.82 mm Area of an ASIC with equivalent functionality
63 ASICs vs. FPGAs Source: I. Kuon, J. Rose, University of Toronto Measuring the Gap Between FPGAs and ASICs IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 62, no. 2, Feb 2007.
64
65
66 Contributions Verified the VHDL code through functional and timing simulation by comparison with the operation of test software implementation written in C. Ported the VHDL code to 4 different families of FPGA devices and to a standard-cell ASIC based on 130 nm TSMC library
67 Conclusions Low-cost FPGA devices, such as Spartan 3, outperformed high-performance devices, such as Virtex II, in terms of performance to cost ratio by a factor of 14.9 ASIC Implementation outperforms FPGA with a factor of 50* in terms of area and 1.5 times in terms of frequency. *In case of rho it is 50, for other architectures it may be less
68 Conclusions Low cost FPGA devices Spartan 3 and Spartan 3E are suitable for code-breaking ASIC implementation is suitable when large number of chips (>1,000,000) are considered
69 Future Work Implementation of Trial Division in Hardware Implementation of ECM in Hardware using one multiplier and one adder/subtractor Integrating Trial division, Rho, P-1 and ECM to build a co-factoring machine Experiments on COPACOBANA
70 Thank you! Questions???
Hardware Implementations of RSA Using Fast Montgomery Multiplications. ECE 645 Prof. Gaj Mike Koontz and Ryon Sumner
Hardware Implementations of RSA Using Fast Montgomery Multiplications ECE 645 Prof. Gaj Mike Koontz and Ryon Sumner Overview Introduction Functional Specifications Implemented Design and Optimizations
More informationMathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information
The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet
More informationPrimality Testing and Factorization Methods
Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,
More informationAn Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method
An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method Jens Franke 1, Thorsten Kleinjung 1, Christof Paar 2, Jan Pelzl 2, Christine Priplata 3, Martin Šimka4, Colin Stahlke
More informationDDS. 16-bit Direct Digital Synthesizer / Periodic waveform generator Rev. 1.4. Key Design Features. Block Diagram. Generic Parameters.
Key Design Features Block Diagram Synthesizable, technology independent VHDL IP Core 16-bit signed output samples 32-bit phase accumulator (tuning word) 32-bit phase shift feature Phase resolution of 2π/2
More informationFactoring Algorithms
Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors
More informationHigh-Level Synthesis for FPGA Designs
High-Level Synthesis for FPGA Designs BRINGING BRINGING YOU YOU THE THE NEXT NEXT LEVEL LEVEL IN IN EMBEDDED EMBEDDED DEVELOPMENT DEVELOPMENT Frank de Bont Trainer consultant Cereslaan 10b 5384 VT Heesch
More informationLibrary (versus Language) Based Parallelism in Factoring: Experiments in MPI. Dr. Michael Alexander Dr. Sonja Sewera.
Library (versus Language) Based Parallelism in Factoring: Experiments in MPI Dr. Michael Alexander Dr. Sonja Sewera Talk 2007-10-19 Slide 1 of 20 Primes Definitions Prime: A whole number n is a prime number
More informationFACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY
FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this
More informationArithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28
Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer
More informationInteger Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware
Integer Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware Giacomo de Meulenaer, François Gosset, Guerric Meurice de Dormale, Jean-Jacques Quisquater UCL/DICE
More informationFactoring Algorithms
Institutionen för Informationsteknologi Lunds Tekniska Högskola Department of Information Technology Lund University Cryptology - Project 1 Factoring Algorithms The purpose of this project is to understand
More informationSpeeding Up RSA Encryption Using GPU Parallelization
2014 Fifth International Conference on Intelligent Systems, Modelling and Simulation Speeding Up RSA Encryption Using GPU Parallelization Chu-Hsing Lin, Jung-Chun Liu, and Cheng-Chieh Li Department of
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationInteger Factorization using the Quadratic Sieve
Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give
More informationPublic-Key Cryptanalysis 1: Introduction and Factoring
Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto
More informationFPGA Implementation of RSA Encryption Engine with Flexible Key Size
FPGA Implementation of RSA Encryption Engine with Flexible Key Size Muhammad I. Ibrahimy, Mamun B.I. Reaz, Khandaker Asaduzzaman and Sazzad Hussain Abstract An approach to develop the FPGA of a flexible
More informationFactoring. Factoring 1
Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like
More informationAES (Rijndael) IP-Cores
AES (Rijndael) IP-Cores Encryption/Decryption and Key Expansion Page 1 Revision History Date Version Description 24 February 2006 1.0 Initial draft. 15 March 2006 1.1 Block diagrams added. 26 March 2006
More informationExample-driven Interconnect Synthesis for Heterogeneous Coarse-Grain Reconfigurable Logic
Example-driven Interconnect Synthesis for Heterogeneous Coarse-Grain Reconfigurable Logic Clifford Wolf, Johann Glaser, Florian Schupfer, Jan Haase, Christoph Grimm Computer Technology /99 Overview Ultra-Low-Power
More information9/14/2011 14.9.2011 8:38
Algorithms and Implementation Platforms for Wireless Communications TLT-9706/ TKT-9636 (Seminar Course) BASICS OF FIELD PROGRAMMABLE GATE ARRAYS Waqar Hussain firstname.lastname@tut.fi Department of Computer
More informationFactorization Methods: Very Quick Overview
Factorization Methods: Very Quick Overview Yuval Filmus October 17, 2012 1 Introduction In this lecture we introduce modern factorization methods. We will assume several facts from analytic number theory.
More informationI. Introduction. MPRI Cours 2-12-2. Lecture IV: Integer factorization. What is the factorization of a random number? II. Smoothness testing. F.
F. Morain École polytechnique MPRI cours 2-12-2 2013-2014 3/22 F. Morain École polytechnique MPRI cours 2-12-2 2013-2014 4/22 MPRI Cours 2-12-2 I. Introduction Input: an integer N; logox F. Morain logocnrs
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationFACTORING. n = 2 25 + 1. fall in the arithmetic sequence
FACTORING The claim that factorization is harder than primality testing (or primality certification) is not currently substantiated rigorously. As some sort of backward evidence that factoring is hard,
More informationSeeking Opportunities for Hardware Acceleration in Big Data Analytics
Seeking Opportunities for Hardware Acceleration in Big Data Analytics Paul Chow High-Performance Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Toronto Who
More informationArea time efficient hardware architecture for factoring integers with the elliptic curve method
Area time efficient hardware architecture for factoring integers with the elliptic curve method Jan Pelzl, Martin Šimka, Thorsten Kleinjung, Jens Franke, Christine Priplata, Colin Stahlke, Miloš Drutarovský,
More informationPublic-key cryptography RSA
Public-key cryptography RSA NGUYEN Tuong Lan LIU Yi Master Informatique University Lyon 1 Objective: Our goal in the study is to understand the algorithm RSA, some existence attacks and implement in Java.
More informationMATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction
MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationFactoring integers and Producing primes
Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationBest Practises for LabVIEW FPGA Design Flow. uk.ni.com ireland.ni.com
Best Practises for LabVIEW FPGA Design Flow 1 Agenda Overall Application Design Flow Host, Real-Time and FPGA LabVIEW FPGA Architecture Development FPGA Design Flow Common FPGA Architectures Testing and
More informationImplementation and Design of AES S-Box on FPGA
International Journal of Research in Engineering and Science (IJRES) ISSN (Online): 232-9364, ISSN (Print): 232-9356 Volume 3 Issue ǁ Jan. 25 ǁ PP.9-4 Implementation and Design of AES S-Box on FPGA Chandrasekhar
More informationFaster deterministic integer factorisation
David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers
More informationDigital Systems Design! Lecture 1 - Introduction!!
ECE 3401! Digital Systems Design! Lecture 1 - Introduction!! Course Basics Classes: Tu/Th 11-12:15, ITE 127 Instructor Mohammad Tehranipoor Office hours: T 1-2pm, or upon appointments @ ITE 441 Email:
More information7a. System-on-chip design and prototyping platforms
7a. System-on-chip design and prototyping platforms Labros Bisdounis, Ph.D. Department of Computer and Communication Engineering 1 What is System-on-Chip (SoC)? System-on-chip is an integrated circuit
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationFPGA Implementation of an Extended Binary GCD Algorithm for Systolic Reduction of Rational Numbers
FPGA Implementation of an Extended Binary GCD Algorithm for Systolic Reduction of Rational Numbers Bogdan Mătăsaru and Tudor Jebelean RISC-Linz, A 4040 Linz, Austria email: bmatasar@risc.uni-linz.ac.at
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationIntroduction to Programmable Logic Devices. John Coughlan RAL Technology Department Detector & Electronics Division
Introduction to Programmable Logic Devices John Coughlan RAL Technology Department Detector & Electronics Division PPD Lectures Programmable Logic is Key Underlying Technology. First-Level and High-Level
More informationRSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?
RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1
More informationHardware-Software Codesign in Embedded Asymmetric Cryptography Application a Case Study
Hardware-Software Codesign in Embedded Asymmetric Cryptography Application a Case Study Martin Šimka1, Viktor Fischer 2, and Miloš Drutarovský 1 1 Department of Electronics and Multimedia Communications,
More informationANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING Sonam Mahajan 1 and Maninder Singh 2 1 Department of Computer Science Engineering, Thapar University, Patiala, India 2 Department of Computer Science Engineering,
More informationModern Factoring Algorithms
Modern Factoring Algorithms Kostas Bimpikis and Ragesh Jaiswal University of California, San Diego... both Gauss and lesser mathematicians may be justified in rejoicing that there is one science [number
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationRAPID PROTOTYPING OF DIGITAL SYSTEMS Second Edition
RAPID PROTOTYPING OF DIGITAL SYSTEMS Second Edition A Tutorial Approach James O. Hamblen Georgia Institute of Technology Michael D. Furman Georgia Institute of Technology KLUWER ACADEMIC PUBLISHERS Boston
More informationTwo Binary Algorithms for Calculating the Jacobi Symbol and a Fast Systolic Implementation in Hardware
Two Binary Algorithms for Calculating the Jacobi Symbol and a Fast Systolic Implementation in Hardware George Purdy, Carla Purdy, and Kiran Vedantam ECECS Department, University of Cincinnati, Cincinnati,
More informationAn Overview of Integer Factoring Algorithms. The Problem
An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationComputer and Network Security
MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest
More informationPrimality - Factorization
Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationHow To Factoring
Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 1, 2014 Factoring integers, Producing primes and
More informationFactoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute
RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationFactHacks: RSA factorization in the real world
FactHacks: RSA factorization in the real world Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Nadia Heninger Microsoft Research New England Tanja Lange Technische
More informationElementary factoring algorithms
Math 5330 Spring 013 Elementary factoring algorithms The RSA cryptosystem is founded on the idea that, in general, factoring is hard. Where as with Fermat s Little Theorem and some related ideas, one can
More informationCryptography & Network-Security: Implementations in Hardware
Kris Gaj joined ECE GMU in Fall 1998 Cryptography & Network-Security: Implementations in Hardware http://ece.gmu.edu/crypto-text.htm 6 Ph.D. Students Pawel Chodowiec Charikleia Zouridaki Chang Shu Sashisu
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationLesson 7: SYSTEM-ON. SoC) AND USE OF VLSI CIRCUIT DESIGN TECHNOLOGY. Chapter-1L07: "Embedded Systems - ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 7: SYSTEM-ON ON-CHIP (SoC( SoC) AND USE OF VLSI CIRCUIT DESIGN TECHNOLOGY 1 VLSI chip Integration of high-level components Possess gate-level sophistication in circuits above that of the counter,
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationWhite Paper FPGA Performance Benchmarking Methodology
White Paper Introduction This paper presents a rigorous methodology for benchmarking the capabilities of an FPGA family. The goal of benchmarking is to compare the results for one FPGA family versus another
More informationVHDL GUIDELINES FOR SYNTHESIS
VHDL GUIDELINES FOR SYNTHESIS Claudio Talarico For internal use only 1/19 BASICS VHDL VHDL (Very high speed integrated circuit Hardware Description Language) is a hardware description language that allows
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationA Practical Parallel CRC Generation Method
F EATURE ARTICLE by Evgeni Stavinov A Practical Parallel CRC Generation Method Do you understand the mechanics of the cyclic redundancy check (CRC) well enough to build a customized parallel CRC circuit
More informationThe implementation and performance/cost/power analysis of the network security accelerator on SoC applications
The implementation and performance/cost/power analysis of the network security accelerator on SoC applications Ruei-Ting Gu grating@eslab.cse.nsysu.edu.tw Kuo-Huang Chung khchung@eslab.cse.nsysu.edu.tw
More informationTwo Integer Factorization Methods
Two Integer Factorization Methods Christopher Koch April 22, 2014 Abstract Integer factorization methods are algorithms that find the prime divisors of any positive integer. Besides studying trial division
More informationLogiCORE IP AXI Performance Monitor v2.00.a
LogiCORE IP AXI Performance Monitor v2.00.a Product Guide Table of Contents IP Facts Chapter 1: Overview Target Technology................................................................. 9 Applications......................................................................
More informationHow To Design A Chip Layout
Spezielle Anwendungen des VLSI Entwurfs Applied VLSI design (IEF170) Course and contest Intermediate meeting 3 Prof. Dirk Timmermann, Claas Cornelius, Hagen Sämrow, Andreas Tockhorn, Philipp Gorski, Martin
More informationQuantum Computing Lecture 7. Quantum Factoring. Anuj Dawar
Quantum Computing Lecture 7 Quantum Factoring Anuj Dawar Quantum Factoring A polynomial time quantum algorithm for factoring numbers was published by Peter Shor in 1994. polynomial time here means that
More informationHardware and Software
Hardware and Software 1 Hardware and Software: A complete design Hardware and software support each other Sometimes it is necessary to shift functions from software to hardware or the other way around
More informationDigitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai 2007. Jens Onno Krah
(DSF) Soft Core Prozessor NIOS II Stand Mai 2007 Jens Onno Krah Cologne University of Applied Sciences www.fh-koeln.de jens_onno.krah@fh-koeln.de NIOS II 1 1 What is Nios II? Altera s Second Generation
More informationIntroduction to Digital System Design
Introduction to Digital System Design Chapter 1 1 Outline 1. Why Digital? 2. Device Technologies 3. System Representation 4. Abstraction 5. Development Tasks 6. Development Flow Chapter 1 2 1. Why Digital
More informationAgenda. Michele Taliercio, Il circuito Integrato, Novembre 2001
Agenda Introduzione Il mercato Dal circuito integrato al System on a Chip (SoC) La progettazione di un SoC La tecnologia Una fabbrica di circuiti integrati 28 How to handle complexity G The engineering
More informationSDLC Controller. Documentation. Design File Formats. Verification
January 15, 2004 Product Specification 11 Stonewall Court Woodcliff Lake, NJ 07677 USA Phone: +1-201-391-8300 Fax: +1-201-391-8694 E-mail: info@cast-inc.com URL: www.cast-inc.com Features AllianceCORE
More informationVivado Design Suite Tutorial
Vivado Design Suite Tutorial High-Level Synthesis UG871 (v2012.2) August 20, 2012 Notice of Disclaimer The information disclosed to you hereunder (the Materials ) is provided solely for the selection and
More informationHardware Implementation of Improved Adaptive NoC Router with Flit Flow History based Load Balancing Selection Strategy
Hardware Implementation of Improved Adaptive NoC Rer with Flit Flow History based Load Balancing Selection Strategy Parag Parandkar 1, Sumant Katiyal 2, Geetesh Kwatra 3 1,3 Research Scholar, School of
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationHigh-Performance Modular Multiplication on the Cell Processor
High-Performance Modular Multiplication on the Cell Processor Joppe W. Bos Laboratory for Cryptologic Algorithms EPFL, Lausanne, Switzerland joppe.bos@epfl.ch 1 / 19 Outline Motivation and previous work
More informationDesign of a High Speed Communications Link Using Field Programmable Gate Arrays
Customer-Authored Application Note AC103 Design of a High Speed Communications Link Using Field Programmable Gate Arrays Amy Lovelace, Technical Staff Engineer Alcatel Network Systems Introduction A communication
More informationModeling Latches and Flip-flops
Lab Workbook Introduction Sequential circuits are digital circuits in which the output depends not only on the present input (like combinatorial circuits), but also on the past sequence of inputs. In effect,
More informationHardware Implementation of the Stone Metamorphic Cipher
International Journal of Computer Science & Network Security VOL.10 No.8, 2010 Hardware Implementation of the Stone Metamorphic Cipher Rabie A. Mahmoud 1, Magdy Saeb 2 1. Department of Mathematics, Faculty
More informationOptimising the resource utilisation in high-speed network intrusion detection systems.
Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald Tripp www.kent.ac.uk Network intrusion detection Network intrusion detection systems are provided to detect
More informationFactoring pq 2 with Quadratic Forms: Nice Cryptanalyses
Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses Phong Nguyễn http://www.di.ens.fr/~pnguyen & ASIACRYPT 2009 Joint work with G. Castagnos, A. Joux and F. Laguillaumie Summary Factoring A New Factoring
More informationOpen Flow Controller and Switch Datasheet
Open Flow Controller and Switch Datasheet California State University Chico Alan Braithwaite Spring 2013 Block Diagram Figure 1. High Level Block Diagram The project will consist of a network development
More informationStep : Create Dependency Graph for Data Path Step b: 8-way Addition? So, the data operations are: 8 multiplications one 8-way addition Balanced binary
RTL Design RTL Overview Gate-level design is now rare! design automation is necessary to manage the complexity of modern circuits only library designers use gates automated RTL synthesis is now almost
More informationCase Study: Improving FPGA Design Speed with Floorplanning
Case Study: Improving FPGA Design Speed with Floorplanning - An introduction to Xilinx PlanAhead 10.1 by Consultant Kent Salomonsen (kent.salomonsen@teknologisk.dk) Picture this: the RTL is simulating
More informationIJESRT. [Padama, 2(5): May, 2013] ISSN: 2277-9655
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY Design and Verification of VLSI Based AES Crypto Core Processor Using Verilog HDL Dr.K.Padama Priya *1, N. Deepthi Priya 2 *1,2
More informationExploiting Stateful Inspection of Network Security in Reconfigurable Hardware
Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware Shaomeng Li, Jim Tørresen, Oddvar Søråsen Department of Informatics University of Oslo N-0316 Oslo, Norway {shaomenl, jimtoer,
More informationHow To Know If A Message Is From A Person Or A Machine
The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau
More informationA First Course in Digital Design Using VHDL and Programmable Logic
A First Course in Digital Design Using VHDL and Programmable Logic Shawki Areibi Abstract Present industry practice has created a high demand for systems designers with knowledge and experience in using
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSystem-on. on-chip Design Flow. Prof. Jouni Tomberg Tampere University of Technology Institute of Digital and Computer Systems. jouni.tomberg@tut.
System-on on-chip Design Flow Prof. Jouni Tomberg Tampere University of Technology Institute of Digital and Computer Systems jouni.tomberg@tut.fi 26.03.2003 Jouni Tomberg / TUT 1 SoC - How and with whom?
More informationDistributed Elastic Switch Architecture for efficient Networks-on-FPGAs
Distributed Elastic Switch Architecture for efficient Networks-on-FPGAs Antoni Roca, Jose Flich Parallel Architectures Group Universitat Politechnica de Valencia (UPV) Valencia, Spain Giorgos Dimitrakopoulos
More informationFactoring and Discrete Log
Factoring and Discrete Log Nadia Heninger University of Pennsylvania June 1, 2015 Textbook RSA [Rivest Shamir Adleman 1977] Public Key N = pq modulus e encryption exponent Private Key p, q primes d decryption
More information