article

Security on FPGAs: State-of-the-art implementations and attacks

Authors:
Thomas Wollinger

Ruhr-Universität Bochum, Bochum, Germany

Ruhr-Universität Bochum, Bochum, Germany
View Profile

,
Jorge Guajardo

Infineon Technologies AG, Munich, Germany

Infineon Technologies AG, Munich, Germany
View Profile

,
Christof Paar

Ruhr-Universität Bochum, Bochum, Germany

Ruhr-Universität Bochum, Bochum, Germany
View Profile

Authors Info & Claims

ACM Transactions on Embedded Computing Systems Volume 3 Issue 3pp 534–574https://doi.org/10.1145/1015047.1015052

Published:01 August 2004Publication History

ACM Transactions on Embedded Computing Systems

Abstract

In the last decade, it has become apparent that embedded systems are integral parts of our every day lives. The wireless nature of many embedded applications as well as their omnipresence has made the need for security and privacy preserving mechanisms particularly important. Thus, as field programmable gate arrays (FPGAs) become integral parts of embedded systems, it is imperative to consider their security as a whole. This contribution provides a state-of-the-art description of security issues on FPGAs, both from the system and implementation perspectives. We discuss the advantages of reconfigurable hardware for cryptographic applications, show potential security problems of FPGAs, and provide a list of open research problems. Moreover, we summarize both public and symmetric-key algorithm implementations on FPGAs.

References

Actel Corporation. 2002. Design Security in Nonvolatile Flash and Antifuse. Avaialble at http://www.actel.com/appnotes/DesignSecurity.pdf.]]Google Scholar
Agrawal, D., Archambeault, B., Rao, J. R., and Rohatgi, P. 2002. The EM side-channel(s). In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, 29--45.]] Google ScholarDigital Library
Ajluni, C. 1995. Two new imaging techniques to improve IC defect indentification. Electron. Des. 43, 14 (July), 37--38.]]Google Scholar
Algotronix Ltd. Method and Apparatus for Secure Configuration of a Field Programmable Gate Array. PCT Patent Application PCT/GB00/04988.]]Google Scholar
Altera Corporation 2000. Nios Soft Core Embeded Processor. Altera Corporation. Available at http://www.altera.com/products/devices/nios/nio-index.html.]]Google Scholar
Altera Corporation 2002a. Excalibur Device Overview. Altera Corporation. Available at http:// www.altera.com/products/devices/arm/arm-index.html.]]Google Scholar
Altera Corporation 2002b. Stratix FPGA Family. Altera Corporation. Available at http://www. altera.com/products/devices/dev-index.jsp.]]Google Scholar
American National Standards Institute. 1998. ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation. American National Standards Institute. Available at http://webstore.ansi.org/ansidocstore/dept.asp?dept_id=80.]]Google Scholar
Amphion. High Performance AES Encryption Cores. Available at http://www.chipcenter.com/ networking/images/prod/prod226.pdf.]]Google Scholar
Anderson, R. and Kuhn, M. 1997. Low cost attacks on tamper resistant devices. In 5th International Workshop on Security Protocols, B. Christianson, B. Crispo, T. M. A. Lomas, and M. Roe, eds. Lecture Notes in Computer Science, vol. 1361. Springer-Verlag, Berlin, 125--136.]] Google ScholarDigital Library
Ansi. 1981. American National Standards Data Encryption Algorithm X3.92-1981. American National Standards Association.]]Google Scholar
Aplan, J. M., Eaton, D. D., and Chan, A. K. 1999. Security Antifuse that Prevents Readout of some but not other Information from a Programmed Field Programmable Gate Array. United States Patent, Patent Number 5898776.]]Google Scholar
Aritome, S., Shirota, R., Hemink, G., Endoh, T., and Masuoka, F. 1993. Reliability issues of flash memory cells. Proc. IEEE 81, 5 (May), 776--788.]]Google ScholarCross Ref
Athanas, P. and Abbott, A. 1995. Real-time image processing on a custom computing platform. IEEE Comput. 28, 2 (Feb.), 16--24.]] Google ScholarDigital Library
Austin, K. 1995. Data Security Arrangements for Semicondutor Programmable Devices. United States Patent, Patent Number 5388157.]]Google Scholar
Barrett, P. 1986. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In Advances in Cryptology---CRYPTO '86, A. M. Odlyzko, ed. Lecture Notes in Computer Science, vol. 263. Springer-Verlag, Berlin, Germany, 311--323.]] Google ScholarDigital Library
Benaloh, J. and Dai, W. Fast modular reduction. Rump session of CRYPTO '95.]]Google Scholar
Biham, E. and Shamir, A. 1997. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology---CRYPTO '97, B. Kaliski, Jr., ed. Lecture Notes in Computer Science, vol. 1294. Springer-Verlag, Berlin, 513--525.]] Google ScholarDigital Library
Blake, I., Seroussi, G., and Smart, N. 1999. Elliptic Curves in Cryptography. London Mathematical Society Lecture Notes Series, vol. 265, Cambridge University Press.]] Google ScholarDigital Library
Blum, T. 1999. Modular Exponentiation on Reconfigurable Hardware. M.S. thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA.]]Google Scholar
Blum, T. and Paar, C. 1999. Montgomery modular multiplication on reconfigurable hardware. In Proceedigns of the 14th IEEE Symposium on Computer Arithmetic (ARITH-14). 70--77.]] Google ScholarDigital Library
Blum, T. and Paar, C. 2001. High radix Montgomery modular exponentiation on reconfigurable hardware. IEEE Trans. Comput. 50, 7 (July), 759--764.]] Google ScholarDigital Library
Bondalapati, K. and Prasanna, V. 2002. Reconfigurable computing systems. Proc. IEEE.]]Google Scholar
Boneh, D., DeMillo, R. A., and Lipton, R. J. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Advances in Cryptology---EUROCRYPT '97, W. Fumy, ed. Lecture Notes in Computer Science, vol. 1233. Springer-Verlag, Berlin, 37--51.]] Google ScholarDigital Library
Bora, P. and Czajka, T. 1999. Implementation of the Serpent Algorithm Using Altera FPGA Devices. Available at http://csrc.nist.gov/encryption/aes/round2/pubcmnts.htm.]]Google Scholar
Borriello, G. and Want, R. 2000. Embedded computation meets the world wide web. Commun. ACM 43, 5 (May), 59--66.]] Google ScholarDigital Library
Brickell, E. F. 1982. A fast modular multiplication algorithm with applications to two key cryptography. In Advances in Cryptology---CRYPTO '82, D. Chaum and R. L. Rivest, and A. T. Sherman, eds. Plenum Publishing, New York, USA, 51--60.]]Google Scholar
Buell, D., Arnold, J., and Kleinfelder, W. 1996. Splash 2: FPGAs in a Custom Computing Machine. John Wiley and Sons.]]Google Scholar
Chameleon Systems Inc. Available at http://www.chameleonsystems.com/.]]Google Scholar
Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. 1999a. A cauttionary note regarding the evaluation of AES condidates on smart cards. In Proceedings of the Second AES Candidate Conference (AES2), Rome, Italy.]]Google Scholar
Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. 1999b. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology---CRYPTO '99, M. Wiener, ed. Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, Berlin, 398--412.]] Google ScholarDigital Library
Chodowiec, P. and Gaj, K. 2003. Very compact FPGA implementation of the AES algorithm. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 319--333.]]Google Scholar
Chudnovsky, D. and Chudnovsky, G. 1986. Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Adv. Appl. Math. 7, 4, 385--434.]] Google ScholarDigital Library
Clavier, C., Coron, J., and Dabbous, N. 2000. Differential power analysis in the presence of hardware countermeasures. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 252--263.]] Google ScholarDigital Library
Clavier, C. and Coron, J.-S. 2000. On Boolean and arithmetic masking against differential power analysis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 231--237.]] Google ScholarDigital Library
Compton, K. and Hauck, S. 2002. Reconfigurable computing: A survey of systems and software. ACM Comput. Surveys 34, 2 (June), 171--210.]] Google ScholarDigital Library
Dandalis, A., Prasanna, V. K., and Rolim, J. D. P. 2000a. A comparative study of performance of AES final candidates using FPGAs. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Worcester, Massachusetts, USA, 125--140.]] Google ScholarDigital Library
Dandalis, A., Prasanna, V. K., and Rolim, J. D. P. 2000b. An adaptive cryptographic engine for IPSec architectures. In Eighth Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM '00, K. L. Pocek and J. M. Arnold, eds.]] Google ScholarDigital Library
Davies, N. and Gellersen, H.-W. 2002. Beyond prototypes: Challenges in deploying ubiquitous systems. IEEE Pervasive Computing 1, 1 (Jan.--Mar.), 26--35.]] Google ScholarDigital Library
de Waleffe, D. and Quisquater, J.-J. 1990. CORSAIR: A smart card for public key cryptosystems. In Advances in Cryptology---CRYPTO '90, A. J. Menezes and S. A. Vanstone, eds. Lecture Notes in Computer Science, vol. 537. Springer-Verlag, Berlin, 502--514.]] Google ScholarDigital Library
Dhem, J.-F. 1994. Modified version of the Barret modular multiplication algorithm. UCL Technical Report CG-1994/1, Université Catholique de Louvain.]]Google Scholar
Dhem, J.-F. 1998. Design of an Efficient Public-key Cryptographic Library for RISC-Based Smart Cards. Ph.D. thesis, UCL---Université Catholique de Louvain, Louvain-la-Neuve, Belgium.]]Google Scholar
Dierks, T. and Allen, C. 1999. RFC 2246: The TLS Protocol Version 1.0. Corporation for National Research Initiatives, Internet Engineering Task Force, Network Working Group, Reston, Virginia, USA.]] Google ScholarDigital Library
Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 644--654.]]Google ScholarDigital Library
Dipert, B. 2000. Cunning Circuits Confound Crooks. Available at http://www.e-insite.net/ ednmag/contents/images/21df2.pdf.]]Google Scholar
Dussé, S. R. and Kaliski, B. S. 1990. A cryptographic library for the Motorola DSP56000. In Advances in Cryptology---EUROCRYPT'90, I. B. Damgård, ed. Lecture Notes in Computer Science, vol. 473. Springer-Verlag, Berlin, Germany, 230--244.]] Google ScholarDigital Library
Dworkin, M. 2001. NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation---Methods and Techniques. National Institute of Standards and Technology/U.S. Department of Commerce. Available at http://csrc.nist.gov/encryption/tkmodes.html.]] Google ScholarDigital Library
Dworkin, M. 2002. Draft NIST SP 800-38B, Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode---Methods and Techniques. National Institute of Standards and Technology/U.S. Department of Commerce. Available at http://csrc.nist.gov/encryption/tkmodes.html.]]Google Scholar
Elbirt, A. 1999. An FPGA Implementation and Performance Evaluation of the CAST-256 Block Cipher. Tech. Rep., Cryptography and Information Security Group, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA. May.]]Google Scholar
Elbirt, A. and Paar, C. 2000. An FPGA implementation and performance evaluation of the serpent block cipher. In FPGA '00---ACM/SIGDA International Symposium on Field Programmable Gate Arrays. ACM, Monterey, CA, USA, 33--40.]] Google ScholarDigital Library
Elbirt, A. and Paar, C. 2001. An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists. IEEE Trans. Very Large Integ. (VLSI) Syst. 4, 9, 545--557.]] Google ScholarDigital Library
Elbirt, A., Yip, W., Chetwynd, B., and Paar, C. 2000. An FPGA implementation and performance evaluation of the AES block cipher candidate algorithm finalists. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 13--27.]]Google Scholar
Elbirt, A., Yip, W., Chetwynd, B., and Paar, C. 2001. An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists. IEEE Trans. VLSI Des. 9, 4 (Aug.), 545--557.]] Google ScholarDigital Library
Eldridge, S. E. and Walter, C. D. 1993. Hardware implementation of Montgomery's modular multiplication algorithm. IEEE Trans. Comput. 42, 6 (July), 693--699.]] Google ScholarDigital Library
Erickson, C. R. 1999. Configuration Stream Encryption. United States Patent, Patent Number 5970142.]]Google Scholar
Federal Information Processing Standards. 1977. NIST FIPS PUB 46, Data Encryption Standard. Federal Information Processing Standards, National Bureau of Standards, U.S. Department of Commerce.]]Google Scholar
Ferreira, R., Malzahn, R., Marissen, P., Quisquater, J.-J., and Wille, T. 1996. FAME: A 3rd generation coprocessor for optimising public key cryptosystems in smart card applications. In Proceedings of CARDIS 1996, Smart Card Research and Advanced Applications, P. H. Hartel, P. Paradinas, and J.-J. Quisquater, eds. Stichting Mathematisch Centrum, CWI, Amsterdam, The Netherlands, 59--72.]]Google Scholar
Fischer, V. and Drutarovsky, M. 2001. Two methods of Rijndael implementation in reconfigurable hardware. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 77--92.]] Google ScholarDigital Library
Frecking, W. and Parhi, K. K. 1999. A unified method for iterative computation of modular multiplications and reduction operations. In International Conference on Computer Design---ICCD '99. 80--87.]] Google ScholarDigital Library
Freier, A. O., Karlton, P., and Kocher, P. C. 1996. The SSL Protocol Version 3.0. Transport Layer Security Working Group INTERNET-DRAFT.]]Google Scholar
Gaj, K. and Chodowiec, P. 2000. Comparison of the hardware performance of the AES candidates using reconfigurable hardware. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 40--54.]]Google Scholar
Gaj, K. and Chodowiec, P. 2001. Fast implementation and fair comparison of the final candidates for advanced encryption standard using field programmable gate arrays. In Topics in Cryptology---CT-RSA 2001, D. Naccache, ed. Lecture Notes in Computer Science, vol. 2020. Springer-Verlag, Berlin, 84--99.]] Google ScholarDigital Library
Gordon, D. M. 1998. A survey of fast exponentiation methods. J. Algorithms 27, 129--146.]] Google ScholarDigital Library
Goubin, L. and Patarin, J. 1999. DES and differential power analysis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 1999, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, 158--172.]] Google ScholarDigital Library
Guccione, S. A. and Levi, D. Jbits: A Java-Based Interface to FPGA Hardware. Tech. rep., Xilinx Corporation, San Jose, CA, USA. Available at http://www.io.com/guccione/Papers/Papers.html.]]Google Scholar
Gutmann, P. 1996. Secure deletion of data from magnetic and solid-state memory. In Sixth USENIX Security Symposium. 77--90.]] Google ScholarDigital Library
Gutmann, P. 2001. Data remanence in semiconductor devices. In 10th USENIX Security Symposium. 39--54.]] Google ScholarDigital Library
Haddad, S., Chang, C., Swaminathan, B., and Lien, J. 1989. Degradations due to hole trapping in flash memory cells. IEEE Electron Dev. Lett. 10, 3 (Mar.), 117--119.]]Google ScholarCross Ref
Hauser, J. and Wawrzynek, J. 1997. Garp: A MIPS processor with reconfigurable coprocessor. In IEEE Symposium on FPGAs for Custom Computing Machines, K. Pocek and J. Arnold, eds. 12--21.]] Google ScholarDigital Library
Järvinen, K. U., Tommiska, M., and Skyttä, J. 2003. A fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In 2003 ACM/SIGDA 11th International Symposium on Field programmable Gate Arrays---FPGA 2003. ACM Press, 207--215.]] Google ScholarDigital Library
Jeffrey, G. P. 2002. Field Programmable Gate Arrays. United States Patent, Patent Number 6356637.]]Google Scholar
Kaliski, Jr., B. S., Koç, Ç. K., and Paar, C., eds. 2002. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, Germany.]] Google ScholarDigital Library
Kaps, J. P. 1998. High speed FPGA architectures for the Data Encryption Standard. M.S. thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA.]]Google Scholar
Kaps, J. P. and Paar, C. 1998. Fast DES implementation on FPGAs and its application to a universal key-search machine. In Fifth Annual Workshop on Selected Areas in Cryptography, Queen's University, Kingston, Ontario, Canada. S. Tavares and H. Meijer, eds. Lecture Notes in Computer Science, vol. 1556. Springer-Verlag, Berlin, Germany.]] Google ScholarDigital Library
Kaps, J.-P. and Paar, C. 1999. DES auf FPGAs (DES on FPGAs, in German). Datenschutz Datensicherheit 23, 10, 565--569. Invited contribution.]]Google Scholar
Kean, T. 2001. Secure configuration of field programmable gate arrays. In International Conference on Field-Programmable Logic and Applications 2001 (FPL 2001). Lecture Notes in Computer Science, vol. 2147. Springer-Verlag, Berlin, 142--151.]] Google ScholarDigital Library
Kelem, S. H. and Burnham, J. L. 2000. System and Method for PLD Bitstram Encryption. United States Patent, Patent Number 6118868.]]Google Scholar
Kent, S. and Atkinson, R. 1998. RFC 2401: Security Architecture for the Internet Protocol. Corporation for National Research Initiatives, Internet Engineering Task Force, Network Working Group, Reston, Virginia, USA.]] Google ScholarDigital Library
Kessner, D. 2000. Copy Protection for SRAM based FPGA Designs. Available at http://www. free-ip.com/copyprotection.html.]]Google Scholar
Knuth, D. E. 1981. The Art of Computer Programming. vol. 2: Seminumerical Algorithms, 2nd ed. Addison-Wesley, Reading, Massachusetts, USA.]] Google ScholarDigital Library
Koblitz, N. 1987. Elliptic curve cryptosystems. Math. Comput. 48, 203--209.]]Google ScholarCross Ref
Koç, Ç. K. and Hung, C. Y. 1991. Bit-level systolic arrays for modular multiplication. J. VLSI Signal Proces. 3, 3, 215--223.]]Google ScholarDigital Library
Koç, Ç. K., Naccache, D., and Paar, C., eds. 2001. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, Germany.]]Google Scholar
Koç, Ç. K. and Paar, C., eds. 1999. Workshop on Cryptographic Hardware and Embedded Systems---CHES'99. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Germany.]]Google Scholar
Koç, Ç. K. and Paar, C., eds. 2000. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, Germany.]]Google Scholar
Kocher, P., Jaffe, J., and Jun, B. 1999. Differential power analysis. In Advances in Cryptology---CRYPTO '99, M. Wiener, ed. Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, Berlin, 388--397.]] Google ScholarDigital Library
Kommerling, O. and Kuhn, M. 1999. Design principles for tamper-resistant smartcard processors. In USENIX Workshop on Smartcard Technology (Smartcard '99) 9--20.]] Google ScholarDigital Library
Kornerup, P. 1994. A systolic, linear-array multiplier for a class of right-shift algorithms. IEEE Trans. Comput. 43, 8 (Aug.), 892--898.]] Google ScholarDigital Library
Lai, X. and Massey, J. 1990. A proposal for a new block encryption standard. In Advances in Cryptology---EUROCRYPT '90, I. B. Damgård, ed. Lecture Notes in Computer Science, vol. 473. Springer-Verlag, Berlin, Germany, 389--404.]] Google ScholarDigital Library
Lai, X. and Massey, J. L. 1991. Markov ciphers and differential cryptanalysis. In Advances in Cryptology---EUROCRYPT '91, D. W. Davies, ed. Lecture Notes in Computer Science, vol. 547. Springer-Verlag, Berlin, Germany, 17--38.]]Google Scholar
Lai, X., Massey, Y., and Murphy, S. 1991. Markov ciphers and differential cryptoanalysis. In Advances in Cryptology---EUROCRYPT '91, D. W. Davies, ed. Lecture Notes in Computer Science, vol. 547. Springer-Verlag, Berlin, Germany.]]Google Scholar
Lenstra, A. and Verheul, E. 2001. Selecting cryptographic key sizes. J. Cryptol. 14, 4, 255--293.]]Google ScholarDigital Library
Leonard, J. and Magione-Smith, W. 1997. A case study of partially evaluated hardware circuits: Keyspecific DES. In Field-Programmable Logic and Applications, 7th International Workshop, FPL '97, W. Luk, P. Cheung, and M. Glesner, eds. Springer-Verlag, London, UK.]] Google ScholarDigital Library
Lipmaa, H. 2002. Fast Software Implementations of AES. Available at http://www.tcs.hut. fi/helger/aes/rijndael.html.]]Google Scholar
Massey, J. L. and Lai, X. 1992. Device for Converting a Digital Block and the use Thereof. European Patent, Patent Number 482154.]]Google Scholar
McLoone, M. and McCanny, J. 2001. High performance single-chip FPGA rijndael algorithm. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 65--76.]] Google ScholarDigital Library
Menezes, A. and Johnson, D. 1999. The elliptic curve digitial signature algorithm (ECDSA). Tech. rep. CORR 99-34, Department of C & O, University of Waterloo, Ontario, Canada.]]Google Scholar
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Boca Raton, Florida, USA.]] Google ScholarDigital Library
Miller, V. 1986. Uses of elliptic curves in cryptography. In Advances in Cryptology---CRYPTO '85, H. C. WIlliams, ed. Lecture Notes in Computer Science, vol. 218. Springer-Verlag, Berlin, Germany, 417--426.]] Google ScholarDigital Library
Montgomery, P. L. 1985. Modular multiplication without trial division. Math. Computat. 44, 170 (Apr.), 519--521.]]Google ScholarCross Ref
Naccache, D. and M'Raïhi, D. 1996. Cryptographic smart cards. IEEE Micro 16, 3, 14--24.]] Google ScholarDigital Library
Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., and Roback, E. 2000. Report on the Development of the Adavanced Encryption Standard (AES). Available at csrc.nist.gov/encryption/aes/round2/r2report.pdf, National Institute of Standards and Technology/U.S. Department of Commerce. October 2.]]Google Scholar
Norris, M. J. and Simmons, G. J. 1981. Algorithms for high-speed modular arithmetic. Congressus Numeratium 31, 153--163.]]Google Scholar
Omura, J. K. 1990. A public key cell design for smart card chips. In International Symposium on Information Theory and its Applications. 983--985.]]Google Scholar
Orlando, G. and Paar, C. 2001. A scalable GF(p) elliptic curve processor architecture for programmable hardware. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 348--363.]] Google ScholarDigital Library
Örs, S., Oswald, E., and Preneel, B. 2003. Power-analysis attacks on an FPGA---First experimental results. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 35--50.]]Google Scholar
Orup, H. 1995. Simplifying quotient determination in high-radix modular multiplication. In Proceedigns of the 12th IEEE Symposium on Computer Arithmetic (ARITH 12). 193--199.]] Google ScholarDigital Library
Orup, H. and Kornerup, P. 1991. A high-radix hardware algorithm for calculating the exponential ME modulo N. In Proceedigns of the 10th IEEE Symposium on Computer Arithmetic (ARITH 10), P. Kornerup and D. W. Matula, eds. 51--56.]]Google Scholar
P1363 2000. IEEE P1363-2000: IEEE Standard Specifications for Public Key Cryptography. Available at http://standards.ieee.org/catalog/olis/busarch.html.]]Google Scholar
Pang, R. C., Wong, J., Frake, S. O., Sowards, J. W., Kondapalli, V. M., Goetting, F. E., Trimberger, S. M., and Rao, K. K. 2000. Nonvolatile/Battery-Backed Key in PLD. United States Patent, Patent Number 6366117.]]Google Scholar
Papadas, C., Ghibaudo, G., Pananakakis, G., Riva, C., Ghezzi, P., Gounelle, C., and Mortini, P. 1991. Retention characteristics of single-poly EEPROM cells. In European Symposium on Reliability of Electron Devices, Failure Physics and Analysis. 517.]]Google Scholar
Patterson, C. 2000a. A dynamic implementation of the serpent block cipher. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Çetin K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 142--156.]] Google ScholarDigital Library
Patterson, C. 2000b. High Performance DES Encryption in Virtex FPGAs Using JBits. In IEEE Symposium on Field--Programmable Custom Computing Machines (FCCM 2000), K. L. Pocek and J. M. Arnold, eds.]] Google ScholarDigital Library
Preneel, B., Van Rompay, B., Örs, S., Biryukov, A., Granboulan, L., Dottax, E., Dichtl, M., Schafheutle, M., Serf, P., Pyka, S., Biham, E., Barkan, E., Dunkelman, O., Stolin, J., Ciet, M., Quisquater, J.-J., Sica, F., Raddum, H., and Parker, M. 2003. Performance of Optimized Implementations of the NESSIE Primitives. Tech. rep. February 20. Available at http://www.cryptonessie.org/.]]Google Scholar
Quisquater, J.-J. Fast modular exponentiation without division. Rump session of EUROCRYPT '90.]]Google Scholar
Quisquater, J.-J. 1992. Encoding System according to the so-called RSA Method, by Means of a Microcontroller and Arrangement Implementing this System. United States Patent, Patent Number 5166978.]]Google Scholar
Quisquater, J.-J. and Couvreur, C. 1982. Fast decipherment algorithm for RSA public--key cryptosystem. Electron. Lett. 18, 905--907.]]Google ScholarCross Ref
Quisquater, J.-J. and Samyde, D. 2001. Electro magnetic analysis (EMA): Measures and countermeasures for smart cards. In International Conference on Research in Smart Cards, E-smart 2001, Cannes, France. 200--210.]] Google ScholarDigital Library
Rashid, A., Leonard, J., and Mangione-Smith, W. 1998. Dynamic circuit generation for solving specific problem instances of boolean satisfiability. In IEEE Symposium on FPGAs for Custom Computing Machines---FCCM '98, Napa Valley, California, USA. 196--205.]] Google ScholarDigital Library
Riaz, M. and Heys, H. 1999. The FPGA implementation of RC6 and CAST-256 encryption algorithms. In Proceedings: IEEE 1999 Canadian Conference on Electrical and Computer Engineering, Edmonton, Alberta, Canada.]]Google Scholar
Richard, G. 1998. Digital Signature Technology Aids IP Protection. In EETimes---News. Available at http://www.eetimes.com/news/98/1000news/digital.html.]]Google Scholar
Rivest, R. L., Shamir, A., and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120--126.]] Google ScholarDigital Library
San, K., Kaya, C., and Ma, T. 1995. Effects of erase source bias on flash EPROM device reliability. IEEE Trans. Electron Dev. 42, 1 (Jan.), 150--159.]]Google ScholarCross Ref
Schaumont, P., Verbauwhede, I., Keutzer, K., and Sarrafzadeh, M. 2001. A quick safari through the reconfiguration jungle. In Proceedings of the 38th Conference on Design Automation---DAC 2001. ACM Press, New York, NY, USA, 172--177.]] Google ScholarDigital Library
Schneier, B. 1996. Applied Cryptography, 2nd ed. John Wiley & Sons Inc., New York, New York, USA.]]Google Scholar
Schroder, D. 1998. Semiconducor Material and Device Characterization, 2nd ed. John Wiley and Sons.]] Google ScholarDigital Library
Seamann, G. 2000. FPGA Bitstreams and Open Designs. Available at http://www. opencollector.org/news/Bitstream.]]Google Scholar
Sedlak, H. 1987. The RSA cryptography processor. In Advances in Cryptology---EUROCRYPT '87, D. Chaum and W. L. Price, eds. Lecture Notes in Computer Science, vol. 304. Springer-Verlag, Berlin, Germany, 95--105.]]Google Scholar
Shamir, A. 2000. Protecting smart cards form power analysis with detached power supplies. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 71--77.]] Google ScholarDigital Library
Shand, M. and Vuillemin, J. 1993. Fast implementations of RSA cryptography. In Proceedigns of the 11th IEEE Symposium on Computer Arithmetic (ARITH-11), E. Swartzlander, Jr., M. J. Irwin, and G. Jullien, eds. 252--259.]]Google Scholar
Shang, L., Kaviani, A., and Bathala, K. 2002. Dynamic power consumption on the Virtex-II FPGA family. In 2002 ACM/SIGDA 10th International Symposium on Field Programmable Gate Arrays. ACM Press, 157--164.]] Google ScholarDigital Library
Skorobogatov, S. and Anderson, R. 2002. Optical fault induction attacks. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002, B. S. Kaliski, Jr., Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, 2--12.]] Google ScholarDigital Library
Soden, J. and Anderson, R. 1993. IC failure analysis: techniques and tools for quality and reliability improvement. Proc. IEEE 81, 5 (May), 703--715.]]Google ScholarCross Ref
Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., and Legat, J.-D. 2003a. A methodology to implement block ciphers in reconfigurable hardware and its application to fast and compact AES RIJNDAEL. In 2003 ACM/SIGDA 11th International Symposium on Field programmable gate arrays---FPGA 2003. ACM Press, 216--224.]] Google ScholarDigital Library
Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., and Legat, J.-D. 2003b. Efficient implementation of rijndael encryption in reconfigurable hardware: Improvements and design tradeoffs. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 334--350.]]Google Scholar
Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Samyde, D., and Quisquater, J.-J. 2003. Power analysis of FPGAs: How practical is the attack. In 13th International Conference on Field Programmable Logic and Applications---FPL 2003, P. Cheung, G. Constantinides, and J. de Sousa, eds. Lecture Notes in Computer Science, vol. 2778. Springer-Verlag, Berlin.]]Google ScholarCross Ref
Sung, C. and Wang, B. I. 1999. Method and Apparatus for Securing Programming Data of Programmable Logic Device. United States Patent, Patent Number 5970142.]]Google Scholar
Tao, J., Cheung, N., and Ho, C. 1993. Metal electromigration damage healing under bidirectional current stress. IEEE Trans. Elecron Dev. 14, 12 (Dec.), 554--556.]]Google Scholar
Taylor, R. and Goldstein, S. 1999. A high-performance flexible architecture for cryptography. In Workshop on Cryptographic Hardware and Embedded Systems---CHES '99, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 231--245.]] Google ScholarDigital Library
Tessier, R. and Burleson, W. 2000. Reconfigurable computing for digital signal processing: A survey. J. VLSI Signal Process. 28, 1 (June), 7--27.]] Google ScholarDigital Library
Thomas, S., Anthony, D., Berson, T., and Gong, G. 2003. The W7 Stream Cipher Algorithm. Available at http://www.watersprings.org/pub/id/draft-thomas-w7cipher-03.txt. Internet Draft.]]Google Scholar
Trimberger, S., Pang, R., and Singh, A. 2000. A 12 Gbps DES encryptor/decryptor core in an FPGA. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 157--163.]] Google ScholarDigital Library
Triscend Corporation. Available at http://www.triscend.com/.]]Google Scholar
U.S. Department of Commerce/National Institute of Standard and Technology. 2000. FIPS 186-2, Digital Signature Standard (DSS). U.S. Department of Commerce/National Institute of Standard and Technology. Available at http://csrc.nist.gov/encryption.]]Google Scholar
U.S. Department of Commerce/National Institute of Standard and Technology. 2001. FIPS PUB 197, Specification for the Advanced Encryption Standard (AES). U.S. Department of Commerce/National Institute of Standard and Technology. Available at http://csrc.nist.gov/ encryption/aes.]]Google Scholar
U.S. Department of Commerce/National Institute of Standards and Technology. 1999. NIST FIPS PUB 46-3, Data Encryption Standard (DES). U.S. Department of Commerce/National Institute of Standards and Technology. Available at http://csrc.nist.gov/encryption/ tkencryption.html.]]Google Scholar
van der Pol, J. and Koomen, J. 1990. Relation between the hot carrier lifetime of transistors and CMOS SRAM products. In International Reliability Physics Symposium (IRPS 1990). 178.]]Google Scholar
Vuillemin, J. E., Bertin, P., Roncin, D., Shand, M., Touati, H. H., and Boucard, P. 1996. Programmable active memories: Reconfigurable systems come of age. IEEE Trans. VLSI Syst. 4, 1 (Mar.), 56--69.]] Google ScholarDigital Library
Walter, C. D. 1991. Faster modular multiplication by operand scaling. In Advances in Cryptology---CRYPTO '91, J. Feigenbaum, ed. Lecture Notes in Computer Science, vol. 576. Springer-Verlag, Berlin, 313--323.]] Google ScholarDigital Library
Weaver, N. and Wawrzynek, J. 2000. A comparison of the AES candidates amenability to FPGA implemenation. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 28--39.]]Google Scholar
Wilcox, D. C., Pierson, L., Robertson, P., Witzke, E., and Gass, K. 1999. A DES ASIC suitable for network encryption at 10 Gbps and beyond. In Workshop on Cryptographic Hardware and Embedded Systems---CHES '99, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 37--48.]] Google ScholarDigital Library
Williams, T., Kapur, R., Mercer, M., Dennard, R., and Maly, W. 1996. IDDQ testing for high performance CMOS---The next ten years. In IEEE European Design and Test Conference (ED&TC'96). 578--583.]] Google ScholarDigital Library
Wollinger, T., Wang, M., Guajardo, J., and Paar, C. 2000. How well are high-end DSPs suited for the AES algorithms? In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 94--105.]]Google Scholar
Wong, S., Vassiliadis, S., and Cotofana, S. 2002. Future directions of (pprogrammable and reconfigurable) embedded processors. In Embedded Processor Design Challenges, Workshop on Systems, Architectures, Modeling, and Simulation---SAMOS 2002.]]Google Scholar
Wu, H. 1999. Low complexity bit-parallel finite field arithmetic using polynomial basis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 1999, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, 280--291.]] Google ScholarDigital Library
Xilinx Inc. Using Bitstream Encryption. Handbook of the Virtex II Platform. Available at http://www.xilinx.com.]]Google Scholar
Xilinx Inc. 1999. XC4000E and XC4000X Series Field Programmable Gate Arrays, Version 1.6. Xilinx Inc., San Jose, California, USA.]]Google Scholar
Xilinx Inc. 2001. Virtex 2.5V Field Programmable Gate Arrays, Version 2.5. Xilinx Inc., San Jose, California, USA.]]Google Scholar
Xilinx Inc. 2002. VirtexTM-II Platform FPGA Data Sheet. Xilinx Inc. Available at http://www.xilinx.com/partinfo/databook.htm.]]Google Scholar
Xilinx Inc. 2003. Virtex-II ProTM Platform FPGAs: Introduction and Overview, Version 2.4. Xilinx Inc. Available at http://direct.xilinx.com/bvdocs/publications/ds083.pdf.]]Google Scholar
Yip, K.-W. and Ng, T.-S. 2000. Partial-encryption technique for intellectual property protection of FPGA-based products. IEEE Trans. Consumer Electron. 46, 1, 183--190.]] Google ScholarDigital Library

Index Terms

Recommendations

Self-Reconfigurable Embedded Systems on Low-Cost FPGAs

Hardware acceleration significantly increases the performance of embedded systems built on programmable logic. Allowing a FPGA-based MicroBlaze processor to self-select the coprocessors it uses can help reduce area requirements and increase a system's ...
Read More
Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective

Embedded systems present significant security challenges due to their limited resources and power constraints. This paper focuses on the issues of building secure embedded systems on reconfigurable hardware and proposes a security architecture for ...
Read More
Compact modular exponentiation accelerator for modern FPGA devices

We present a compact FPGA implementation of a modular exponentiation accelerator suited for cryptographic applications. The implementation efficiently exploits the properties of modern FPGAs. The accelerator consumes 434 logic elements, four 9-bit DSP ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

ACM Transactions on Embedded Computing Systems Volume 3, Issue 3
August 2004
202 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/1015047
Issue’s Table of Contents

Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 1 August 2004
Published in tecs Volume 3, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cryptography
FPGA
attacks
cryptographic applications
reconfigurable hardware
reverse engineering
security
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 117
  Total Citations
  View Citations
- 4,917
  Total Downloads
- Downloads (Last 12 months)39
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security on FPGAs: State-of-the-art implementations and attacks

ACM Transactions on Embedded Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

Self-Reconfigurable Embedded Systems on Low-Cost FPGAs

Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective

Compact modular exponentiation accelerator for modern FPGA devices

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Security on FPGAs: State-of-the-art implementations and attacks

ACM Transactions on Embedded Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

Self-Reconfigurable Embedded Systems on Low-Cost FPGAs

Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective

Compact modular exponentiation accelerator for modern FPGA devices

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media