PhD. Thesis Title: FPGA Architectures for Cryptography
Abstract: The volume of sensitive electronic transactions taking place over insecure media such as the Internet has increased dramatically in recent years. Cryptography is the main tool by which the transmission and storage of information ranging from an individual’s credit card details to classified government data is kept secure. This thesis investigates flexible hardware architectures for the main components of a cryptographic system, including confidentiality, authentication, integrity and non-repudiation. Each of the circuits proposed are analysed in terms of their speed, area and efficiency, and the trade-off in terms of performance for flexibility is discussed. Field Programmable Gate Arrays (FPGAs) are chosen as the platform for implementation due to the fast development time and the dedicated arithmetic logic that these devices provide. An investigation of algorithms for encryption and authentication is performed initially. A design of the Advanced Encryption Standard (AES) is described, which supports encryption and decryption, key scheduling and feedback modes of operation. Iterative and unrolled designs of a Secure Hash Algorithm (SHA) are presented, and a comparison is made between them in order to identify the most efficient structure. Architectures for public key cryptography are also proposed in this thesis. A modular exponentiation architecture based on Montgomery modular multiplication is presented, which is suitable for public key schemes such as RSA and digital signatures. Two integrated modular units that support the underlying arithmetic of elliptic curve cryptography (ECC) over large prime characteristic fields are described. A new algorithm for modular inversion is proposed, which results in an improvement in performance over previous inverter designs. The overlap in the underlying arithmetic of the RSA and ECC schemes is also exploited in a dual mode public key processor design, which supports the disparate key sizes of both schemes efficiently. An implementation combining both symmetric and public key algorithms on a PCI prototyping card is proposed. This architecture supports data encryption and authentication in parallel, as well as digital signatures and key exchange. The final part of this thesis deals with the arithmetic of pairing-based cryptography, which has generated extensive research interest in recent years. An architecture for the Tate pairing over large prime characteristic fields is proposed, which requires less FPGA resources than existing Tate pairing designs over low characteristic fields.