Efficient CRT-Based RSA Cryptosystems

1
Efficient CRT-Based RSA Cryptosystems Immune
against the Hardware Fault Attack and the FPGA
Implementations

Yonghong Yang
Supervisors Prof. Z. Abid Prof. W. Wang
Department of Electrical and Computer
Engineering the University of Western Ontario,
Canada
2
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

3
Introduction
Network security is needed everywhere
4
Introduction

• Wide applications need security

• Electronic banking and voting
• Electronic commerce, such as online bidding
• Email, file exchange/submission
• Web browsing, etc.

5
Introduction

• Cryptography

• The mathematical science to secure the
• confidentiality/authentication of data by
• replacing them with a transformed version
• Two types secret-key and public-key

• Cryptography guarantees the needed security

• Privacy or confidentiality
• Data integrity
• Authentication
• Non-repudiation

6
Introduction

• Secret-Key Cryptography

• Traditional method of cryptography
• Theoretical basis communication theory of
  secrecy
• systems
• Single key is used to encrypt and decrypt
  texts
• DES, NSA and IDEA etc.

• Disadvantages

• Difficult key management
• Keys need to be changed frequently
• Cannot yield efficient signature mechanisms

7
Introduction

• Public-Key Cryptography

• Relatively new field 1975, initiated by the
• paper New directions in cryptography
• Different keys are used for encryption and
• decryption
• RSA, DSA, DSS etc.

8
Introduction

• Public-Key Cryptography

• Advantages

• Easier key management
• Key can remain unchanged for longer time
• Yields efficient digital signature mechanisms

• Disadvantage

• Slower throughputs since keys have larger
• wordlengths

9
Introduction

• RSA Cryptography

One of the most widely used, simplest
public- key cryptography so far

• Scheme

Alice
Bob
Decrypt using by Bs private key
Encrypt using Bs public key
Sign with As private key
Check signature by As public key
10
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

11
Literature Review

• RSA Cryptosystem

• Public quantities n, e secret quantities d,

• Encryption/decryption

• Encryption
• Decryption

• Signing/signature verification

• Signing
• Signature verification

12
Literature Review

• Chinese Remainder Theorem Based RSA

• Chinese Remainder Theorem is often used to
• speedup the operations of RSA

• Attacks on the CRT-based RSA

• Hardware fault attack
• Timing attack
• Power attack

13
Literature Review

• Countermeasures to the attack

• Padding the message,
• drawback collision-free hash function
  (hard)
• Checking the intermediate or final results,
• drawback double the operational time and
• not secure
• Revising the signature expression,
• make sure no secret information is leaked

14
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

15
Proposed Two-Prime RSA

• Standard CRT-based two-prime RSA

To calculate
16
Proposed Two-Prime RSA

• Standard CRT-based two-prime RSA

• Vulnerable to the hardware fault attack
• When available
• 
  and
• factors the system

17
Proposed Two-Prime RSA

• CRT-2 protocol proposed by Yen et al.

1.
2.
3.
where
18
Proposed Two-Prime RSA

• Proposed Two-Prime RSA

1.
2.
3.
where
19
Proposed Two-Prime RSA

• Block diagram of the proposed two-prime RSA

20
Proposed Two-Prime RSA

• Comparison of the operational speed

Division Modular exponentiation Modular exponentiation
CRT-2 protocol by Yen. et al.
The proposed two-prime RSA
where (
)
,
and
21
Proposed Two-Prime RSA

• Factorization complexity

• The complexity of factoring the proposed RSA
• system
• The complexity of factoring CRT-2
• Similar

22
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

23
Proposed Multi-Prime RSA

• Standard CRT-based multi-prime RSA

24
Proposed Multi-Prime RSA

• Immunity of CRT-based multi-prime RSA

• When (j-1) faulty signatures available,
  calculations
• according to these (j-1) faulty signatures
  factors the
• multi-prime RSA
• Still vulnerable to the hardware fault attack

25
Proposed Multi-Prime RSA

• Proposed Multi-Prime RSA

1.
2.
3.
for
26
Proposed Multi-Prime RSA

• The proposed multi-prime RSA

27
Proposed Two-Prime RSA

• Extended CRT-2 protocol

1.
2.
3.
for
28
Proposed Multi-Prime RSA

• Comparison of the operational speed

Division Division Modular exponentiation Modular exponentiation
Extended CRT-2 protocol
The proposed multi-prime RSA
where ( , and
)
29
Proposed Multi-Prime RSA

• Operational speed improvement has been verified
  
• by one example of three-prime RSA

• Similar factorization complexity

• Still for obtaining any factor from the
  
• proposed multi-prime RSA

• Predicted to use fewer hardware resources

• Will be verified by Implementation results later

30
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

31
FPGA Implementations

• Design flow

32
FPGA Implementations

• Structure of modular exponentiation algorithm

(to calculate )
33
FPGA Implementations

• Structure of Montgomery modular multiplication
• algorithm (to calculate
  )

34
FPGA Implementations

• Hardware structure of Montgomery modular
  multiplication

35
FPGA Implementations

• Structure of proposed two-prime RSA

36
FPGA Implementations

• Structure of standard CRT-based two-prime RSA

37
FPGA Implementations

• Structure of CRT-2 protocol

38
FPGA Implementations
Implementa-tion results
CLB usage LUT usage Equivalent gates
Standard CRT-based two-prime RSA 1,226 4,775 46,324
Proposed two-prime RSA 1,431 5,615 55,913
CRT-2 protocol 1,997 6,577 85,229
Standard three-prime RSA 1,759 6,939 68,144
Proposed three-prime RSA 2,130 8,252 82,233
Extended CRT-2 protocol 2,646 9,121 109,756
39
FPGA Implementations

• Implementation results

Standard 2-prime Proposed 2-prime 2-prime (CRT-2)
Resources Usage () 82.6 100 152
Standard 3-prime Proposed 3-prime 3-prime (CRT-2)
Resources usage () 82 100 133
Conclusion Not many more resources than the
standard CRT-based RSA and much fewer than the
systems based on CRT-2 protocol
40
Outline

• Introduction

• Literature Review

• Proposed Efficient Two-Prime RSA Cryptosystem

• Proposed Efficient Multi-Prime RSA Cryptosystem

• FPGA Implementations and Results

• Conclusions

41
Conclusions

• Conclusions

• The immunity of the RSA cryptosystems against
  the hardware
• fault attack is greatly increased
• The proposed RSA cryptosystems provide more
  efficient
• operations than previous work, and they bear
  similar
• immunity against the hardware fault attack.
• The proposed RSA cryptosystems use fewer
  resources than
• previous work in hardware implementations
• The standard CRT-based RSA cryptosystems with
  more
• factors bears more difficult for the hardware
  fault attack

42
Conclusions

• Future work

• Speed up the basic block modular
  exponentiation
• computation
• Implement the RSA cryptosystems with enhanced
  immunity
• against other implementation attacks
• Download the RSA cryptosystems implemented in
  Chapter
• 5 to the FPGA chip

43
Thesis Examination
Thanks !
and
Questions ?