ISEC

Instruction Set Extensions for Cryptography

The ISEC project is targeted at strengthening the security of embedded systems by enabling them to handle the workload of cryptographic algorithms in a flexible manner. Our approach involves the design and evaluation of instructions set extensions, which enhance performance of cryptographic algorithms, while demanding little or no additional resources like silicon area, program memory, working memory, and energy. In a radical deviation from the traditional practice, the use of cryptographic coprocessors is dismissed in favor of small enhancements of the original general-purpose processor.

Elliptic Curve Cryptography (ECC) is a very promising type of public-key cryptography for constrained devices. Compared to "traditional" public-key cryptosystems (e.g. RSA, DSA, Diffie-Hellman), ECC requires only operands of about one tenth of the size for equivalent security. ECC algorithms are also well suited for complete or partial implementation in hardware. The focus of our work for asymmetric cryptography is therefore set on Elliptic Curve algorithms.

There are a number of different Elliptic Curve cryptosystems, which offer different advantages for different implementations. Our goal is a very general and flexible support of a sensible set of these cryptosystems. In this fashion, newly conceived systems have a bigger chance of profiting from our extensions.

For the symmetric setting, we have investigated the Advanced Encryption Standard (AES), which is expected to be one of the most important algorithms in this area for the decades to come.

We examine state-of-the-art cryptographic algorithms to identify potential targets for custom instruction support. The merits of new instructions are then verified by means of cycle-accurate software simulation. Very favorable extensions are then selected for implementation on our target processor.

Our main target processor is the SPARC V8-compliant Leon2 processor, which is available under the LGPL from Gaisler Research. It is defined in VHDL and can be implemented in diverse FPGA technologies as well as in several common process technologies. Our modified processor (Leon2-CIS) and the supporting toolchain for software development its source is available from our download page.

Our methodology encompasses evaluation of our proposed extensions in actual hardware in the programmable logic of FPGAs. For this purpose we employ a range of FPGA prototyping boards. Performance gains for different uses of our extensions are measured and compared to simulation results. The gained figures are used as basis for selecting the best suited algorithms for specific scenarios like maximal performance and minimal RAM usage.

We also develop cryptographic libraries for our target processor, which make use of our extensions. An integration of our code into a publicly available embedded SSL library (e.g. MatrixSSL) has also been done. The library is tested in conjunction with embedded variants of the Linux operating system (e.g., uClinux).