Dissertations / Theses on the topic 'Crypto Processor'

Architectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keys

Le présent travail porte sur la modélisation et l’implémentation un crypto-processeur reconfigurable capable de garantir le niveau de sécurité exigé. L’étude de la résistance du crypto-système étudié aux différents types d’attaques (statistiques, linéaires et différentielles) peut nous mettre sur la trace de possibles failles, d’en extraire les points faibles et de proposer les contres mesures adéquates. C’est ainsi qu’on a pu proposer des approches de correction afin d’améliorer la robustesse de l’algorithme de cryptage symétrique par blocs. Pour cet effet, on a proposé un flot de conception optimisé pour la modélisation, la vérification et la correction des primitives cryptographiques. Mais la contribution majeure du présent travail fût l’exploitation des propriétés de la théorie de chaos. Pour la conception du crypto-processeur proposé, on a fait appel aux avantages de la modélisation à haut niveau. On a proposé d'utiliser les deux niveaux d'abstraction CABA et TLM. L’utilisation simultanée de ces deux niveaux est possible par le biais du niveau ESL, ce qui garantit de minimiser d’une part l’effort permettant de spécifier les fonctionnalités demandées et d’autre part de négliger les détails inutiles au niveau haut de la conception
Regarding the increasing complexity of cryptographic devices, testing their security level against existing attacks requires a fast simulation environment. The Advanced Encryption Standard (AES) is widely used in embedded systems in order to secure the sensitive data. Still, some issues lie in the used key and the S-BOX. The present work presents a SystemC implementation of a chaos-based crypto-processor for the AES algorithm.The design of the proposed architecture is studied using the SystemC tools. The proposed correction approach exploits the chaos theory properties to cope with the defaulting parameters of the AES algorithm. Detailed experimental results are given in order to evaluate the security level and the performance criteria. In fact, the proposed crypto- system presents numerous interesting features, including a high security level, a pixel distributing uniformity, a sufficiently large key-space with improved key sensitivity, and acceptable speed

This thesis study presents design and SystemC implementation of a Crypto Processor for Advanced Encryption Standard (AES), Data Encryption Standard (DES) and Triple DES (TDES) algorithms. All of the algorithms are implemented in single architecture instead of using separate architectures for each of the algorithm. There is an Instruction Set Architecture (ISA) implemented for this Crypto Processor and the encryption and decryption of algorithms can be performed by using the proper instructions in the ISA. A permutation module is added to perform bit permutation operations, in addition to some basic structures of general purpose micro processors. Also the Arithmetic Logic Unit (ALU) structure is modified to process some crypto algorithm-specific operations. The design of the proposed architecture is studied using SystemC. The architecture is implemented in modules by using the advantages of SystemC in modular structures. The simulation results from SystemC are analyzed to verify the proposed design. The instruction sets to implement the crypto algorithms are presented and a detailed hardware synthesis study has been carried out using the tool called SystemCrafter.

Fundação de Apoio a Pesquisa e à Inovação Tecnológica do Estado de Sergipe - FAPITEC/SE
The present dissertation, entitled "Inquisitorial persecution and Crypto-Judaism: A study of the processes involving the sergeant-general Diogo Vaz and his relatives (1662-1673)", has as a research object the description and analysis of the Inquisition, specifically in the persecution of New Christians accused of Judaizers in the Iberian Peninsula, as well as in the Colony. We sought to investigate the cases of Diogo Vaz Penalvo, his sister Anna Rodrigues and other members of his family. For this, we are based on the categories of the Ginzburg (2001) index of the microhistory studied by Giovanni Levi (1992) and Ginzburg (2006), the category of pariah explained by Weber (2010) and the sociology of secrecy, of Simmel (2009), of fundamental importance for the maintenance of Crypto-Judaism. From this, we follow the following steps: to reconstruct the steps of members of a family arrested by the Holy Office and compare them with other cases already studied, collaborating with the study of religious practices that resisted Catholicism in the colonial period; to find in the reports of the documents indications of religious practices considered deviant from the Catholic faith. Finally, this research aims to contribute to the study of the inquisition with a focus on the persecution of the Crypto-Jews, in an attempt to know the religious practices of a family that suffered for more than a decade humiliation, exile and fire.
A presente dissertação, intitulada “A perseguição inquisitorial e o Criptojudaísmo: Estudo dos processos envolvendo o sargento-mor Diogo Vaz e seus familiares (1662-1673)”, tem como objeto de pesquisa a descrição e análise da Inquisição, especificamente na perseguição aos cristãos-novos acusados de judaizantes na Península Ibérica, assim como na Colônia. Buscamos investigar os casos de Diogo Vaz Penalvo, de sua irmã Anna Rodrigues e de outros membros da sua família. Para tal, baseamo-nos nas categorias do paradigma indiciário de Ginzburg (2001), da micro-história estudada por Giovanni Levi (1992) e Ginzburg (2006), a categoria de pária explicada por Weber (2010) e a sociologia do segredo, de Simmel (2009), de fundamental importância para a manutenção do criptojudaísmo. A partir disso, seguimos os seguintes caminhos: reconstruir os passos de membros de uma família presa pelo Santo Ofício e compará-los com outros casos já estudados, colaborando com o estudo de práticas religiosas que resistiram ao catolicismo no período colonial; encontrar nos relatos dos documentos indícios de práticas religiosas consideradas desviantes da fé católica. Por fim, esta pesquisa visa contribuir para o estudo do tema da inquisição com o foco na perseguição aos criptojudeus, na tentativa de conhecer as práticas religiosas de uma família que sofreu durante mais de uma década a humilhação, o degredo, a tomada de bens e o fogo.
São Cristóvão, SE

Due to the limited supply and perishable nature of blood products, effective management of blood collection is critical for high quality healthcare delivery. Whole blood is typically collected over a 6 to 8 hour collection window from volunteer donors at sites, e.g., schools, universities, churches, companies, that are a significant distance from the blood products processing facility and then transported from collection site to processing facility by a blood mobile. The length of time between collecting whole blood and processing it into cryoprecipitate ("cryo"), a critical blood product for controlling massive hemorrhaging, cannot take longer than 8 hours (the 8 hour collection to completion constraint), while the collection to completion constraint for other blood products is 24 hours. In order to meet the collection to completion constraint for cryo, it is often necessary to have a "mid-drive collection"; i.e., for a vehicle other than the blood mobile to pickup and transport, at extra cost, whole blood units collected during early in the collection window to the processing facility. In this dissertation, we develop analytical models to: (1) analyze which collection sites should be designated as cryo collection sites to minimize total collection costs while satisfying the collection to completion constraint and meeting the weekly production target (the non-split case), (2) analyze the impact of changing the current process to allow collection windows to be split into two intervals and then determining which intervals should be designated as cryo collection intervals (the split case), (3) insure that the weekly production target is met with high probability. These problems lead to MDP models with large state and action spaces and constraints to guarantee that the weekly production target is met with high probability. These models are computationally intractable for problems having state and action spaces of realistic cardinality. We consider two approaches to guarantee that the weekly production target is met with high probability: (1) a penalty function approach and (2) a chance constraint approach. For the MDP with penalty function approach, we first relax a constraint that significantly reduces the cardinality of the state space and provides a lower bound on the optimal expected weekly cost of collecting whole blood for cryo while satisfying the collection to completion constraint. We then present an action elimination procedure that coupled with the constraint relaxation leads to a computationally tractable lower bound. We then develop several heuristics that generate sub-optimal policies and provide an analytical description of the difference between the upper and lower bounds in order to determine the quality of the heuristics. For the multiple decision epoch MDP model with chance constraint approach, we first note by example that a straightforward application of dynamic programming can lead to a sub-optimal policy. We then restrict the model to a single decision epoch. We then use a computationally tractable rolling horizon procedure for policy determination. We also present a simple greedy heuristic (another rolling horizon decision making procedure) based on ranking the collection intervals by mid-drive pickup cost per unit of expected cryo collected, which results in a competitive sub-optimal solution and leads to the development of a practical decision support tool (DST). Using real data from the American Red Cross (ARC), we estimate that this DST reduces total cost by about 30% for the non-split case and 70% for the split case, compared to the current practice. Initial implementation of the DST at the ARC Southern regional manufacturing and service center supports our estimates and indicates the potential for significant improvement in current practice.

Lors de leur séjour dans l’atmosphère, les aérosols sont soumis, entre autres, à des processus d’agrégation, ainsi que de condensation sur leurs surfaces. Ces processus, dit de vieillissement, dépendent du temps de résidence des particules dans l’atmosphère, des conditions météorologiques et de l’environnement chimique rencontré. Cette étude vise à caractériser l’aérosol inorganique et étudier son évolution physico-chimique sur quelques dizaines de milliers de mètres, dans les panaches industriels et urbains où les concentrations atmosphériques en particules fines (PM₁₀) sont relativement élevées. Il s’agit notamment de rendre compte de l’évolution des particules d’aérosol primaire lors d’épisodes de formation d’aérosols secondaires inorganiques.Dans ce cadre, dans un premier temps, une nouvelle méthodologie d’analyse des aérosols inorganiques, à basse température, par cryo-microscopie électronique (cryo-TSEM-EDX) a été mise au point. L’enjeu était notamment de rendre compte de l’état de mélange des composés atmosphériques d’origine secondaire (composés semi-volatils), avec l’aérosol primaire. Ces développements analytiques ont tout d’abord été réalisés à l’aide de composés modèles, avant d’être validés sur particules environnementales. Dans un second temps, l’étude des processus physico-chimiques mis en jeu lors du vieillissement des aérosols, à l’échelle locale (quelques kilomètres), a été réalisée au cours d’une campagne intensive de terrain sur le dunkerquois, visant à étudier plus particulièrement l’évolution des émissions industrielles en milieu urbain. Des prélèvements ont ainsi été réalisés en bordure de zone industrielle et sur de sites "récepteurs" sous l’influence potentielle des émissions industrielles. Les analyses réalisées sur ces particules par cryo-SEM-EDX ont notamment montré qu’en zone péri-urbaine, à quelques kilomètres de la zone industrielle, des particules émises par la sidérurgie, comme les oxydes de fer, évoluaient rapidement, pour se retrouver, en mélange interne, associés à de la matière organique particulaire. En parallèle, nous avons pu caractériser, sur ces sites récepteurs, la présence d’aérosols inorganiques secondaires absents de la zone source et donc formés au sein de l’air ambiant, lors du survol de l’agglomération dunkerquoise
During their transport in the atmosphere, aerosols are subject, for example, to aggregation and condensation processes on their surfaces. These processes, so-called aging, depend on particle residence time in the atmosphere, meteorological conditions and chemical environment. This study aims to characterize inorganic aerosols and to highlight their physico-chemical evolution on a few tens of thousands meters, from an industrial area to the urban environment of Dunkirk (Northern France), in which PM₁₀ concentrations are quite important. It notably includes reporting on the evolution of primary particles during the formation of secondary inorganic aerosols. First, a new analytical methodology of inorganic aerosols, at low temperature, with cryo-electronic microscopy (cryo-TSEM-EDX) has been developed. Our goal was to characterize the mixing state of secondary atmospheric components (semi-volatile components) with primary aerosols. These analytical developments have been realized with model particles, before validation on real atmospheric particles. In a second time, the study of physico-chemical processes involved in the aging of industrial inorganic aerosols has been undertaken through an intensive field campaign. The objective is to describe the particles evolution between the industrial zone and receptor sites located in the suburb of Dunkirk. Our main results show that Fe-rich particles (Fe oxides), released in the atmosphere by steelworks, incorporate particulate organic matter in a few kilometers, between the source and receptor sites. In addition, the formation of secondary inorganic aerosols (SIA), not present at the source, has been evidenced. Clearly, these SIA have been formed during the transport of air masses over the urban area

Pontoscolex corethrurus est le ver de terre le plus répandu dans les zones tropicales et sub-tropicales ; il est par conséquent très étudié en science du sol. Il est présent dans toutes sortes d’habitats, des sols pauvres de prairie aux sols riches de forêt primaire, et ses caractéristiques écologiques sont bien connues. Ses caractéristiques biologiques ont été moins étudiées. Peu de données sur la variation génétique au sein de cette morphoespèce sont disponibles à l’exception de la découverte en 2014 de deux lignées génétiquement différentes dans l’île São Miguel des Açores. De plus, son degré de ploïdie n’est pas connu et sa stratégie de reproduction n’est pas bien décrite. L’un des objectifs de cette thèse était de comprendre les mécanismes et les caractéristiques qui font de P. corethrurus un envahisseur efficace. Notre deuxième objectif était de rechercher des lignées cryptiques dans le monde entier et de décrire leurs relations phylogénétiques. Un troisième objectif était d’identifier quelle lignée était invasive et de caractériser la structure génétique de ses populations dans les aires native et d’introduction. Le dernier objectif était de tester si les différentes espèces du complexe avaient différents degrés de ploïdie, ce qui pourrait expliquer l’isolement reproducteur entre ces espèces. Une synthèse bibliographique de 265 études couvrant tous les aspects des connaissances sur P. corethrurus a montré que la stratégie – r et la plasticité de ce ver sont les caractéristiques clefs qui lui permettent d’envahir avec succès différents habitats. Afin d’étudier la diversité cryptique au sein de P. corethrurus à une échelle mondiale, j’ai examiné 792 spécimens collectés dans 25 pays et îles différents. Ces spécimens ont été analysés à l’aide de deux marqueurs mitochondriaux (COI et ADNr 16S), deux marqueurs nucléaires (internal transcribed spacers 2 et ADNr 28S) et une matrice de données de séquence multilocus obtenue à l’aide de la méthode AHE (Anchored Hybrid Enrichment). De plus, un total de 11 caractères morphologiques, internes comme externes, ont été étudiés dans toutes les lignées caractérisées génétiquement. Quatre espèces cryptiques (L1, L2, L3 et L4) ont été observées au sein du complexe d’espèces P. corethrurus. Elles ont été trouvées en sympatrie dans plusieurs localités et des analyses basées sur des marqueurs AFLP n’ont pas montré d’hybridation entre L1 et L3. La possibilité d’isolement reproducteur lié à des degrés de ploïdie différents a été évaluée à l’aide d’expérimentations de cytogénétique pour lesquelles plusieurs obstacles ont été rencontrés, à différentes étapes. Des résultats n’ont été obtenus que pour L4 (2n = 70). L’une des espèces du complexe, L1, était géographiquement répandue. Cette espèce correspondait aux spécimens topotypiques (échantillons provenant du jardin de Fritz Müller où P. corethrurus a été décrit en premier en 1856). Nous avons ciblé cette espèce invasive dans une étude de génétique des populations et de phylogéographie. En utilisant le gène COI et des marqueurs AFLP, nous avons révélé une faible diversité génétique dans la zone tropicale, probablement due à des évènements de colonisation récents et à une reproduction asexuelle. Cependant, la diversité génétique relativement élevée dans certaines populations, associée à un déséquilibre de liaison relativement faible, suggère aussi des évènements de reproduction sexuelle. A ce jour, c’est le premier travail réalisé à l’échelle mondiale sur la diversité génétique cryptique, la génétique des populations et la phylogéographie d’une espèce de vers de terre pérégrine dans la zone tropicale. J’ai produit la première revue complète des caractéristiques de P. corethrurus. De plus, son statut taxinomique a été clarifié ainsi que sa stratégie de reproduction qui est mixte (parthénogénèse et amphimixie). Ces informations seront utiles pour les expérimentations et les recherches futures sur les espèces du complexe P. corethrurus
Pontoscolex corethrurus is the most widespread earthworm species in the tropical and sub-tropical zones, it is hence one of the most studied earthworm in soil science. Ecological aspects of P. corethrurus, which is known to be present in a wide range of habitats from poor soils of pasture to rich soils of primary forest, were intensively investigated but biological aspects are less addressed. In particular, information on the genetic variation within the morphospecies is scarce except for the finding of two genetically differentiated lineages in São Miguel Island of Azores archipelago in 2014. Moreover, the ploidy degree of the morphospecies is not yet known and its reproduction strategy is not well understood. One of the objectives of this thesis was to understand the mechanisms and characteristics which make P. corethrurus a successful invader. Our second objective was to look for cryptic lineages in the whole world and to describe the phylogenetic relationships between them. A third objective was to identify which lineage was invasive and to characterize its population genetic structure in the native and the introduced ranges. The last objective was to test if the different species of the complex have different ploidy degrees (polyploid complex). This could eventually explain the reproductive isolation among these species. A bibliographic synthesis of 265 studies covering all subjects of knowledge on P. corethrurus showed that the r strategy and plasticity of this earthworm are the key characteristics which make it a successful invader in different habitats. In order to investigate the cryptic diversity within P. corethrurus in a world-wide scale, I examined 792 specimens collected from 25 different countries and islands. These specimens were analyzed using two mitochondrial (COI and 16S rDNA) and two nuclear (internal transcribed spacers 2 and 28S rDNA) markers and a large-scale multilocus sequence data matrix obtained using the Anchored Hybrid Enrichment (AHE) method. In addition, a total of 11 morphological characters, both internal and external, were investigated in all genetically characterized lineages. Four cryptic species (L1, L2, L3 and L4) were found within the P. corethrurus species complex, and four potentially new species within the genus Pontoscolex. The cryptic species were observed in sympatry at several localities, and analyses based on AFLP markers showed no hybridization among L1 and L3. The possibility of reproductive isolation among species of the complex because of different ploidy degrees was investigated by cytogenetic experimentations. Due to different obstacles encountered at different steps of the experimentations, results were just obtained for L4 (2n=70). One of the species belonging to the complex, L1, was particularly widespread per comparison with the others. This species corresponded to topotype specimens (samples from Fritz Müller’s garden where P. corethrurus was first described in 1856). Thus, we focused on this invasive species in a population genetics and phylogeography study. Using COI gene and AFLP markers, we revealed low genetic diversity through the tropical zone, probably due to recent colonization events and asexual reproduction type. Meanwhile, due to weak linkage disequilibrium and relatively high genetic diversity in some populations, sexual reproduction was suggested for L1.To date, this is the first study investigating at a world-wide scale, cryptic species diversity, population genetics and phylogeography of a peregrine earthworm species throughout tropical zone. I produced the first comprehensive review of all ecological and biological aspects of P. corethrurus. Moreover, the taxonomic status of P. corethrurus was clarified as well as its reproduction strategy which is mixed (parthenogenetic and sexual). All these findings represent potentially useful information for future experimentations and researches on species of P. corethrurus complex

碩士
國立清華大學
電機工程學系
91
Security plays an important role in wireless communication system or network system today. Without security, people won’t safely take many applications on wired or wireless internet. Cryptography is a well solution that provides the security for our requirement and RSA cryptographic algorithm is a well known algorithm whose security is no problem. In this thesis, a high speed word-based modular multiplier is proposed based on our modified word-based Montgomery multiplication algorithm. The major advantage of word-based architecture is providing the scalable key length. In addition to the scalability of key length, it also has better flexibility between area and performance. Since the encryption and decryption of RSA cryptographic algorithm are long interger modular exponentiation, a software implementation is not efficient. It needs a dedicated hardware to help CPU handle the data encryption and decryption. Based on the word-based modular multiplier, we design a RSA crypto-processor. The RSA crypto-processor supports four basic modular operations: modular addition, modular subtraction, modular multiplication and modular exponentiation. A synthesis result reports that the RSA crypto-processor can run at 300MHz and the area of the RSA crypto-processor is about 150k gates. A 512 bit modular exponentiation only spends 1.38 ms.

碩士
國立清華大學
電機工程學系
90
With the rapid advance in communication technology, more and more applications such as e-commerce and wireless networking are becoming possible. Protecting the sensitive information when transmitted on the insecure communication channel is an essential issue in such applications. Public-key cryptography such as the RSA algorithm or elliptic curve cryptography plays a vital role in modern security system, because it can solve the problem of key distribution and possess the signature property. In this thesis we propose an asymmetric crypto-processor (ACP) core. The ACP core can support scalable keys of length up to 2048 bits for both RSA and ECC in GF(p) or GF(2 m ). In order to reduce silicon area, the word-based architecture is adopted in our ACP core. This feature provides a trade-o between security and computation time. Since the original Montgomery's multiplication algorithm needs nal reduction which will decrease the speed, a modied Montgomery multiplication is used to eliminate the nal reduction in our datapath. With moderate area overhead, the circuit can achieves an encryption rate of 276 Kbps for 512-bit RSA, 73.3 Kbps for 160-bit ECC in GF(p) and 65.9 Kbps for 160-bit ECC in GF(2 m ), with a 220 MHz clock.

Leung Pak Keung.
Thesis (M.Phil.)--Chinese University of Hong Kong, 2003.
Includes bibliographical references (leaves 69-70).
Abstracts in English and Chinese.
Chapter Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Introduction to Elliptic Curve Crypto-processor --- p.1
Chapter 1.2 --- Aims --- p.2
Chapter 1.3 --- Contributions --- p.2
Chapter 1.4 --- Thesis Outline --- p.3
Chapter Chapter 2 --- Cryptography --- p.5
Chapter 2.1 --- Introduction to Cryptography --- p.5
Chapter 2.2 --- Public-key Cryptosystems --- p.6
Chapter 2.3 --- Secret-key Cryptosystems --- p.9
Chapter 2.4 --- Discrete Logarithm Problem --- p.9
Chapter 2.5 --- Comparison between ECC and RSA --- p.10
Chapter 2.6 --- Summary --- p.13
Chapter Chapter 3 --- Mathematical Background in Number Systems --- p.14
Chapter 3.1 --- Introduction to Number Systems --- p.14
Chapter 3.2 --- "Groups, Rings and Fields" --- p.14
Chapter 3.3 --- Finite Fields --- p.15
Chapter 3.4 --- Modular Arithmetic --- p.16
Chapter 3.5 --- Optimal Normal Basis --- p.16
Chapter 3.5.1 --- What is a Normal Basis? --- p.17
Chapter 3.5.2 --- Addition --- p.17
Chapter 3.5.3 --- Squaring --- p.18
Chapter 3.5.4 --- Multiplication --- p.19
Chapter 3.5.5 --- Optimal Normal Basis --- p.19
Chapter 3.5.6 --- Generation of the Lambda Matrix --- p.20
Chapter 3.5.7 --- Inversion --- p.22
Chapter 3.6 --- Summary --- p.24
Chapter Chapter 4 --- Introduction to Elliptic Curve Mathematics --- p.26
Chapter 4.1 --- Introduction --- p.26
Chapter 4.2 --- Mathematical Background of Elliptic Curves --- p.26
Chapter 4.3 --- Elliptic Curve over Real Number System --- p.27
Chapter 4.3.1 --- Order of the Elliptic Curves --- p.28
Chapter 4.3.2 --- Negation of Point P --- p.28
Chapter 4.3.3 --- Point at Infinity --- p.28
Chapter 4.3.4 --- Elliptic Curve Addition --- p.29
Chapter 4.3.5 --- Elliptic Curve Doubling --- p.30
Chapter 4.3.6 --- Equations of Curve Addition and Curve Doubling --- p.31
Chapter 4.4 --- Elliptic Curve over Finite Fields Number System --- p.32
Chapter 4.4.1 --- Elliptic Curve Operations in Optimal Normal Basis Number System --- p.32
Chapter 4.4.2 --- Elliptic Curve Operations in Projective Coordinates --- p.33
Chapter 4.4.3 --- Elliptic Curve Equations in Projective Coordinates --- p.34
Chapter 4.5 --- Curve Multiplication --- p.36
Chapter 4.6 --- Elliptic Curve Discrete Logarithm Problem --- p.37
Chapter 4.7 --- Public-key Cryptography in Elliptic Curve Cryptosystem --- p.38
Chapter 4.8 --- Diffie-Hellman Key Exchange in Elliptic Curve Cryptosystem --- p.38
Chapter 4.9 --- Summary --- p.39
Chapter Chapter 5 --- Design Architecture --- p.40
Chapter 5.1 --- Introduction --- p.40
Chapter 5.2 --- Criteria for the Low Power System Design --- p.40
Chapter 5.3 --- Simplification in ONB Curve Addition Equations over Projective Coordinates --- p.41
Chapter 5.4 --- Finite Field Adder Architecture --- p.43
Chapter 5.5 --- Finite Field Squaring Architecture --- p.43
Chapter 5.6 --- Finite Field Multiplier Architecture --- p.44
Chapter 5.7 --- 3-way Parallel Finite Field Multiplier --- p.46
Chapter 5.8 --- Finite Field Arithmetic Logic Unit --- p.47
Chapter 5.9 --- Elliptic Curve Crypto-processor Control Unit --- p.50
Chapter 5.10 --- Register Unit --- p.52
Chapter 5.11 --- Summary --- p.53
Chapter Chapter 6 --- Specifications and Communication Protocol of the IC --- p.54
Chapter 6.1 --- Introduction --- p.54
Chapter 6.2 --- Specifications --- p.54
Chapter 6.3 --- Communication Protocol --- p.57
Chapter Chapter 7 --- Results --- p.59
Chapter 7.1 --- Introduction --- p.59
Chapter 7.2 --- Results of the Public-key Cryptography --- p.59
Chapter 7.3 --- Results of the Session-key Cryptography --- p.62
Chapter 7.4 --- Comparison with the Existing Crypto-processor --- p.65
Chapter 7.5 --- Power Consumption --- p.66
Chapter Chapter 8 --- Conclusion --- p.68
Bibliography --- p.69
Appendix --- p.71
173-bit Type II ONB Multiplication Table --- p.71
Layout View of the Elliptic Curve Crypto-processor --- p.76
Schematics of the Elliptic Curve Crypto-processor --- p.77
Schematics of the System Level Design --- p.78
Schematics of the I/O Control Interface --- p.79
Schematics of the Curve Multiplication Module --- p.80
Schematics of the Curve Addition Module --- p.81
Schematics of the Curve Doubling Module --- p.82
Schematics of the Field Inversion Module --- p.83
Schematics of the Register Unit --- p.84
Schematics of the Datapath --- p.85
Schematics of the Finite Field ALU --- p.86
Schematics of the 3-way Parallel Multiplier --- p.87
Schematics of the Multiplier Elements --- p.88
Schematics of the Field Adder --- p.89
Schematics of Demultiplexer --- p.90
Schematics of the Control of the Demultiplexer --- p.91

碩士
國立成功大學
電機工程學系碩博士班
91
Sun-Wei Chang* Jhing-Fa Wang** Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. This thesis presents an Intellectual Property (IP) core of the entire Advanced Encryption Standard (AES) algorithm[1]. Our design utilizes the T-Box algorithm to implement the Rijndael round function[2]. By analyzing the pipelining data flow, a new architecture, which combines the multiplexing and the iteration architecture, is also proposed. The designs are implemented using the Integrated Systems Engineering (ISE) 5.1i software [3] on a single Virtex-E XCV812E [4] Field Programmable Gate Array (FPGA) device. As a result, the AES IP core operates at 61MHz with the key scheduler resulting in a throughput of 1.9Gbps for the AES encryption and decryption with the block size of 128 bits and the flexible key size. Finally, comparison is provided between our design and similar existing implementations. * The author ** The advisor

Radio Frequency Identification (RFID) has received a great deal of attention in past decades. It is an automatic identification system by replying and retrieving data remotely using RFID transponders. Basically, RFID systems can be divided into three main categories: short transmission range, medium transmission range, and long transmission range.
Short and medium range RFIDs generally are passive transponders while long range RFID is of either passive or active type. In this thesis, a short transmission range RFID transponder is presented. This is a passive transponder which generates power for internal circuitry by inductive coupling. For automatic identification applications such as electronic money tickets, the requirements of endurance, weight, size as well as cost appeal to use passive transponder rather than active transponder. Researches on the passive transponders have created a great challenge for engineers in terms of the tradeoff between power constraints, processing power and data transmission range.
The presented RFID transponder system adheres to the ISO 14443 standard Type B specification communication interface, which operates at 13.56MHz carrier frequency with a maximum read range around 50 mm. This research implemented a low power, high security, and long read range RFID transponder. For the analog RF interface, a series of novel architectures are adopted to improve the data transmission range. The digital core in the presented crypto-processor for data security. The asynchronous architecture has the advantages of fast computation time, low power consumption and small area. These are the attractive reasons to implement the core processing units using an asynchronous architecture.
This RFID system was fabricated with a 0.35um two-poly four-metal standard CMOS process with the silicon area of 1516 um x 1625 um. The measurement results show that the analog RF interface can generate a maximum 5.45mW power while the digital core circuit consumes only 2.77mW. In the wireless communication tests, the transponder read range can reach as far as 50 mm.
Leung, Pak Keung.
"June 2008."
Adviser: Choy Chin Sing.
Source: Dissertation Abstracts International, Volume: 70-03, Section: B, page: 1847.
Thesis (Ph.D.)--Chinese University of Hong Kong, 2008.
Includes bibliographical references.
Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web.
Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web.
Abstracts in English and Chinese.
School code: 1307.

碩士
國立清華大學
電機工程學系
89
With a fast development of network communication, the application of IC smart card becomes more and more frequent. Since many personalized data are stored in the chip of IC smart card, the capability of high data security is an important issue of IC smart card. Therefore, a word-based RSA crypto-processor for IC smart card is proposed. Due to the lower cost issue on smart card, an RSA crypto-processor core with small area is essential. In order to reduce silicon area, the word-based architecture is attached to RSA crypto-processor core. Using word-based architecture, the different key length can be implemented by appropriately controlling the iteration of loop. This feacture provides the flexibility between security and computation time for user. Since our RSA crypto-processor core is based on Montgomery's algorithm, the final reduction will decrease the speed. Therefore, we modify word-based Mongomery's algorithm to eliminate this problem. Moreover, instead of using software, we design hardware to generate modular multiplicative inverse N0' . The resulting 16-bit word-based RSA crypto-processor core, which is synthesized by 0.35um cell library, can output 1024 bits encrypted/decrypted data in 51ms at the operating frequency is 125 MHZ. Finally, we applied 16-bit word-based RSA crypto-processor core to asymmetric crypto processor (ACP). Based on TSMC 0.35um 1P4M technology, an ACP chip is implemented.

博士
國立清華大學
電機工程學系
88
In this dissertation, bit-level systolic arrays for RSA public key cryptosystem are designed based on improved Montgomery''s algorithm. The improved Montgomery''s algorithm guarantees that the partial products in all modular multiplications fall in the range [0,2^{n+1}), and hence the post adjustment needed in the Montgomery''s algorithm is removed. Since the post adjustment in the original algorithm is removed, the improved algorithm leads to both simpler architecture and better performance. An RSA cryptosystem chip was designed and simulated, which implements a 512-bit RSA cryptosystem. The time to calculate a modular exponentiation is about 2n^2 clock cycles,where n is the word length, and the clock cycle is roughly equal to the delay time of a full adder. The utilization of the multiplier is 100% by interleaving the square and multiplication in modular exponentiation. Moreover, local interconnection, regularity, and modularity make the proposed architecture suitable for VLSI implementation. Furthermore, we propose a radix-4 modular multiplication algorithm based on Montgomery''s algorithm, and a radix-4 cellular-array modular multiplier based on Booth''s multiplication algorithm. The radix-4 modular multiplier can be used to implement fast RSA cryptosystem. Due to reduced number of iterations and pipelining, our modular multiplier is four times faster than the cellular-array modular multiplier based on the original Montgomery''s algorithm. The time to calculate a modular exponentiation is about n^2 clock cycles. For the purpose of hierarchical system test, an IEEE 1149.5 Module Test and Maintenance (MTM) Bus Slave module interface core is presented, which is used for direct access from the system bus to the IEEE 1149.1 chip-level or on-chip buses to facilitate hierarchical system test and diagnosis. The hierarchical test methodology also is presented, which is applicable to the system-on-chip environment. All the standard 1149.1 instructions, such as SAMPLE/PRELOAD, EXTEST, BYPASS, and even RUNBIST, can be performed within three 1149.5 Read/Write-Data message cycles. The messages are transmitted between the MTM-Bus Master module (M-module) and the Slave module (S-module). We adopt the Full TAP Control method to activate the 1149.1 Boundary-Scan paths via the 1149.5 MTM-Bus. Our S-module interface circuit implements 16 CORE commands and one Read/Write Data command. It has been prototyped using an FPGA chip and implemented by a full-custom chip. Hierarchical test of multiple 1149.1 compatible boards has been experimented and verified.

Πολλά πρότυπα ασφαλούς επικοινωνίας, όπως το secure shell (SSH), IP security (IPsec), καθώς και διάφορες μορφές κρυπτογράφησης e-mail δημιουργήθηκαν για να προστατεύουν τις πληροφορίες κατά τη μεταφορά, διασφαλίζοντας το κανάλι επικοινωνίας. Ωστόσο, γίνεται αντιληπτό ότι τα δεδομένα σε αποθήκευση (data at rest) είναι επίσης ευάλωτα σε επιθέσεις και πρέπει να προστατευτούν. Το πρότυπο IEEE P1619, το οποίο έχει προταθεί από το IEEE, προσδιορίζει τα βασικά στοιχεία μιας αρχιτεκτονικής, η οποία παρέχει ασφάλεια σε sector-level-random-access διαμοιραζόμενα μέσα αποθήκευσης, επιλέγοντας ως το καταλληλότερο mode λειτουργίας το Electronic codebook (ECB). Βασικό μειονέκτημα αυτού του τρόπου κρυπτογράφησης είναι ότι κατά το ECB mode το ίδιο plaintext παράγει πάντα (κρυπτογραφείται) το ίδιο ciphertext, δημιουργώντας την ανάγκη για συχνή αλλαγή στο συμμετρικό κλειδί. Μια τέτοια πρακτική όμως δεν θα αποδίδει λόγω του απαιτούμενου χρόνου για την επέκταση των νέων κλειδιών. Το πρόβλημα αυτό αντιμετωπίζει το IEEE P1619, κάνοντας χρήση της θέσης (location) των δεδομένων ως την επιθυμητή μεταβαλλόμενη τιμή κλειδιού, εφαρμόζοντας block-cipher αλγόριθμους κρυπτογράφησης. Το νέο αυτό πρότυπο έχει προσελκύσει την προσοχή εταιριών, ως μια καλή λύση για τις απαιτήσεις των καταναλωτών για υψηλό επίπεδο ασφάλειας των δεδομένων σε συσκευές αποθήκευσης. Πρόσφατες ερευνητικές εργασίες ερευνούν ή/και παρουσιάζουν διάφορες αρχιτεκτονικές για την υλοποίηση του προτύπου σε υλικό (hardware), με στόχο την υιοθέτησή τους σε μελλοντικά προϊόντα. Οι προτεινόμενες προσεγγίσεις στοχεύουν στην αξιοποίηση είτε πόρων του υπολογιστή (προσεγγίσεις λογισμικού) είτε ειδικού σκοπού υλικού, στοχεύοντας σε διαφορετικές απαιτήσεις, ανάλογων της εφαρμογής. Η εργασία αυτή επικεντρώνεται σε ένα Narrow-block Tweak-able σχήμα κρυπτογράφησης (XTS-AES) και διερευνά διάφορες αρχιτεκτονικές που προσφέρουν μια ποικιλία χαρακτηριστικών. Αυτή είναι η πρώτη προσπάθεια διερεύνησης αρχιτεκτονικών προσεγγίσεων (υφιστάμενων και προτεινόμενων), με σκοπό να αναδειχθεί η καταλληλότερη αρχιτεκτονική για μια ποικιλία εφαρμογών. Το βασικό χαρακτηριστικό των προτεινόμενων αρχιτεκτονικών είναι η μεγιστοποίηση της αξιοποίησης των πόρων που υλοποιούν το IEEE P1619, ώστε να επιτευχθεί η υψηλότερη απόδοση, λαμβάνοντας υπόψη διάφορα κριτήρια σχεδιασμού, όπως είναι η υψηλή ταχύτητα, η μικρή επιφάνεια, το χαμηλό κόστος και η σχεδιαστική πολυπλοκότητα.
A standard for the protection of data in shared storage media has been proposed by IEEE, the IEEE P1619. It specifies the fundamental elements of an architecture that provides security in block-based shared storage media applying block-cipher encryption algorithms to blocks of data. The newly presented standard has attracted the attention of the market vendors, as a good solution to the demands of the consumers for higher security levels in storage devices. The manufacturers have already developed future platforms based on IEEE P1619. Recent research works introduced various approaches targeting their adoption in future products. The proposed approaches are aiming to exploit either computer resources (software approaches) or special purpose hardware. This work focuses on the Narrow-block Tweakable encryption scheme (XTS-AES transform) and explores various architectures offering a variety of characteristics to the final implementation. This is the first, to the authors knowledge, attempt to explore the various architecture approaches that have been proposed until now and additionally introduce new ones, with an aim to highlight the appropriate architecture for a variety of applications. The key feature of the proposed architectures is parallelism, with respect to data block processing. The target is to exploit in full the resources of the core(s) implementing the IEEE P1619 and achieve the highest performance, respecting various design criteria as low cost, and/or design complexity. Basic details regarding IEEE P1619 and its dominant unit (the XTS-AES transform) are offered, a summary of previous works is presented and several issues are considered for potential optimization of the system architecture. Novel architectures are introduced, exploring time-scheduling of the processes to be performed and the characteristics of the various architectures are analyzed and compared.

碩士
逢甲大學
材料科學所
97
Abstract Ultrafine-grained (UFG) and nanocrystalline (NC) metals usually have higher strength than the coarse-grained counterpart but also exhibit low tensile ductility at room temperature. Recently, much attention has been drawn to improve the tensile ductility in the UFG/NC metals. In this study, pure copper (99.99%) was processed by equal channel angular extrusion (ECAE) and cryo-rolling to a rolling reduction of 95%. The as-deformed sample was then annealed at various temperatures ranging from 100oC to 320oC for 1 hour. The mechanical properties and microstructure of the as-deformed and isochronally annealed samples were investigated. to study the mechanical and annealing behavior of the NC copper. Low stacking fault energy (SFE) copper facilitates twin formation. Twins and/or stacking faults can hinder dislocation slip and increase dislocation accumulation and consequently increase work hardening rate and enhance tensile ductility. The yield stress (YS) is increased to 510MPa and the total tensile elongation is 6.1% in the as-deformed copper. The as-deformed microstructure appears to be lamellar structure and dislocation density within the grain interior is high. The annealed samples show that the average boundary spacing increases with increasing annealing temperature. When the NC copper was annealed at temperature below 200oC, the boundary spacing followd a stable growth rate and exhibits continuous recrystallization phenomenon, When the annealing temperature is above 200oC, the average boundary spacing increased dramatically and shows discontinuous recrystallization phenomenon. Samples annealed at 200oC for 30 minutes and 160oC for 5 hours appear to have better mechanical properties (higher strength and ductility combination) than other samples. However, the ductility of the NC copper is still fairly limited in the present work.