完整後設資料紀錄
DC 欄位語言
dc.contributor.author李人偉en_US
dc.contributor.authorLee, Jen-Weien_US
dc.contributor.author李鎮宜en_US
dc.contributor.authorLee, Chen-Yien_US
dc.date.accessioned2014-12-12T02:33:50Z-
dc.date.available2014-12-12T02:33:50Z-
dc.date.issued2012en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079511851en_US
dc.identifier.urihttp://hdl.handle.net/11536/71964-
dc.description.abstract現今,電子通訊帶給人類社會極大便利的資訊交流快速發展,相對應的保護個人訊息安全需求也日趨漸增。在資訊安全領域裡面,傳統的對稱式密碼系統能在使用者端妥善的加密保護資料隱密性,但這都還不足以解決金鑰配置、明文完整性以及不合法授權使用的問題。非對稱式密碼系統,又稱公開金鑰密碼系統,其被開發用來滿足前述應用的需求。在過去的幾年中,橢圓曲線密碼學是一個被提出相對傳統RSA演算法安全度較高的可實現方法,但是目前還尚未有合適橢圓曲線密碼處理器的設計對應方法。 在本論文,我們從系統的角度探索密碼處理器的設計,包含從最上層的演算法、次之硬體運算單元架構以及底層的電子電路設計。為了追求高硬體效能,我們著手採用了一些改善硬體速度、硬體複雜度以及能量消耗的設計技巧,除此之外,一個合宜的密碼處理器,也必須包含側漏資訊攻擊的防禦。如何能在硬體運算時不洩漏和金鑰有關的訊息,也不因為防禦設計上造成硬體複雜度增加過度的代價,這些都將是設計上的挑戰也是我們實現電路的目標。 如上所述,我們提出了一些新的設計方法,包含隨機式運算與金鑰不相依的硬體排程方法,此設計的特色除了適合系統實現的整合,也因為不需額外的參數與離線計算,所以硬體計算可以符合標準化的規範,另外一個優點是和過去的文獻相比,我們的側漏資訊攻擊防禦硬體代價也相較為低。為了提供更穩健的保護能力,我們也提出一個新的單一晶片真實亂數產生器設計方法,其能提供足夠的亂度給硬體作隨機式運算。針對這些提出的設計方法,我們的橢圓曲線密碼處理器架構在硬體效能與側漏資訊攻擊防禦都有相較過去文獻的優異表現。 更進一步呈現我們的研究貢獻,透過聯電90奈米製程,我們針對各種應用製作開發晶片。第一顆為0.41 mm^2 160位元長的橢圓曲線密碼處理器,其能各別在GF(p160)與GF(2^160)有限域的0.34 ms 11.7 µJ與0.29 ms 9.3 µJ下完成一次橢圓曲線點乘法計算,此優異的硬體效能表示其將適合在手機通訊產品上的開發使用。第二顆是521位元長的橢圓曲線密碼處理器,其能各別在GF(p521)與GF(2^521)有限域的3.40 ms與2.77 ms時間內完成一次橢圓曲線點乘法計算,其中透過橢圓曲線點產生法,能減少一半的公開金鑰傳遞訊息量,此設計是達到至今運算最快的橢圓曲線密碼處理器,其將適合高速的雲端伺服器應用。另外一顆是操作在低電壓0.5 V與低時脈頻率25 MHz的192位元長的橢圓曲線密碼處理器,其能各別在GF(p192)與GF(2^192)有限域的10.8 ms 438 µJ與9.2 ms 437 µJ下完成一次橢圓曲線點乘法計算,此優異的低能量消耗表示其將適合在未來的物聯網產品上的開發使用。最後,這些晶片也都經過收集上百萬條能量軌跡的側漏資訊攻擊防禦量測驗證其安全性。zh_TW
dc.description.abstractNowadays, the fast development of network communication in electronics industry brings the people to a quick and convenient life, while the demand in safety for protecting the personal private data from revealing significantly increases as well. In security, the conventional symmetric-key scheme can locally achieve the encryption, but the decryption key and ciphertext are still needed to be sent without disclosure, modification, duplication, forgery, and even unauthorized access. The asymmetric-key scheme or so called public-key cryptosystems (PKC) is developed to satisfy these requirements. In recent years, a new coming approach, elliptic curve cryptography (ECC), has been adopted in several applications for ensuring the security of information exchange. However, the suitable solution of ECC processor has not appeared so far. In this dissertation, we investigate the design of crypto engine through a system view, from top to down, including the algorithm, operation scheduling, processing-element architecture, and also circuit-level implementation. For pursuing the achievement of high-performance accelerator, several improvement techniques for the hardware speed, hardware complexity, and power consumption are promoted. Besides, to deliver a decent design of crypto engine, the device security such as the counter-measure of side-channel attacks (SCAs) is also included in our implementation target. And then, both of these design issues lead to a big challenge, where it requires the device to be implemented without both of the key-dependent processed data and much overhead of SCA resistance. As above, we proposed a new design method, which is based on the randomized computation and key-independent scheduling manner, to protect the private date stored in device from the side-channel information leakage. The feature is that it is suitable for the system integration and the usage of the standard without any pre-computation. Another advantage is that the overhead of protected design is lower than that of related previous works. The robustness of SCA resistance is examined by exploiting an on-chip true-random number generator (TRNG) with sufficient randomness. Moreover, the corresponding design architecture of hardware implementation is introduced, and our ECC processor outperforms both in the hardware efficiency and protection against SCAs as compared with the other approaches. To show more our contributions, we further conduct our research for several standard applications. Fabricated by UMC 90-nm CMOS technology, a 0.41 mm^2 160-bit ECC chip can achieve 0.34/0.29 ms 11.7/9.3 µJ for one GF(p)/GF(2^m) elliptic curve scalar multiplication (ECSM), which is effective at the hardware cost and suitable for the mobile device; a 521-bit ECC chip performs each GF(p521) ECSM in 3.40 ms and GF(2^521) ECSM in 2.77 ms, where it saves 50% data transmission of public key by on-chip elliptic curve point generation (ECPG). This is the fastest design and also applicable for the cloud computing; a 192-bit ECC chip achieves 10.8/9.2 ms 438/437 µW GF(p192)/GF(2^192) ECSM at scaled 0.5 V and 25 MHz, where it is efficient at the power consumption and suitable for the applications of Internet of Things (IoT). In addition, the SCA resistance for each design is demonstrated by millions of measurements.en_US
dc.language.isoen_USen_US
dc.subject橢圓曲線zh_TW
dc.subject側漏資訊攻擊zh_TW
dc.subject能量分析攻擊zh_TW
dc.subject密碼處理器zh_TW
dc.subject有限域zh_TW
dc.subject異質運算元zh_TW
dc.subjectElliptic Curveen_US
dc.subjectSide-Channel Attacksen_US
dc.subjectPower-Analysis Attacksen_US
dc.subjectCryptographic Processoren_US
dc.subjectFinite Fieldsen_US
dc.subjectHeterogeneous Processing Elementsen_US
dc.title具側漏資訊攻擊防禦之高硬體效能橢圓曲線密碼處理器zh_TW
dc.titleHigh-Performance Elliptic Curve Cryptographic Processor with Side-Channel Attack Resistanceen_US
dc.typeThesisen_US
dc.contributor.department電子工程學系 電子研究所zh_TW
顯示於類別:畢業論文


文件中的檔案:

  1. 185101.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。