Journal of Cryptographic Engineering

, Volume 2, Issue 1, pp 1–18 | Cite as

An exploration of mechanisms for dynamic cryptographic instruction set extension

  • P. Grabher
  • J. Großschädl
  • S. Hoerder
  • K. Järvinen
  • D. Page
  • S. Tillich
  • M. Wójcik
Regular Paper


Instruction set extensions (ISEs) supplement a host processor with special-purpose, typically fixed-function hardware components and instructions to utilise them. For cryptographic use-cases, this can be very effective due to the demand for non-standard or niche operations that are not supported by general-purpose architectures. However, one disadvantage of fixed-function ISEs is inflexibility, contradicting a need for “algorithm agility”. This paper explores a new approach, namely the provision of reconfigurable mechanisms to support dynamic (run-time changeable) ISEs. Our results, obtained using an FPGA-based LEON3 prototype, show that this approach provides a flexible general-purpose platform for cryptographic ISEs with all known advantages of previous work, but relies on careful analysis of the associated security issues.


FPGA Embedded processor Instruction set extension 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amano H.: A survey on dynamically reconfigurable processors. IEICE Trans. Commun. E89-B(12), 3179–3187 (2006)CrossRefGoogle Scholar
  2. 2.
    Banakar, R., Steinke, S., Lee, B.S., Balakrishnan, M., Marwedel, P.: Scratchpad memory: design alternative for cache on-chip memory in embedded systems. In: Hardware/Software Codesign (CODES), pp. 73–78 (2002)Google Scholar
  3. 3.
    Beckhoff, C., Koch, D., Torresen, J.: Short-circuits on FPGAs caused by partial runtime reconfiguration. In: Field Programmable Logic and Application (FPL), pp. 596–601. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  4. 4.
    Bracy, A., Prahlad, P., Roth, A.: Dataflow mini-graphs: amplifying superscalar capacity and bandwidth. In: International Symposium on Microarchitecture (MICRO), pp. 18–29 (2004)Google Scholar
  5. 5.
    Calhoun B.H., Ryan J.F., Khanna S., Putic M., Lach J.: Flexible circuits and architectures for ultralow power. Proc. IEEE 98(2), 267–282 (2010)CrossRefGoogle Scholar
  6. 6.
    Canivet G., Maistri P., Leveugle R., Clédière J., Valette F., Renaudin M.: Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA. J. Cryptol. 24(2), 247–268 (2011)MATHCrossRefGoogle Scholar
  7. 7.
    Canright, D.: A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 3659, pp. 441–455. Springer, Berlin (2005)Google Scholar
  8. 8.
    Chan, H., Schaumont, P., Verbauwhede, I.: Process isolation for reconfigurable hardware. In: Engineering of Reconfigurable Systems and Algorithms (ERSA), pp. 164–170 (2006)Google Scholar
  9. 9.
    Clark, N., Kudlur, M., Park, H., Mahlke, S., Flautner, K.: Application-specific processing on a general-purpose core via transparent instruction set customization. In: International Symposium on Microarchitecture (MICRO), pp. 30–40 (2004)Google Scholar
  10. 10.
    Dales, M.: Managing a reconfigurable processor in a general purpose workstation environment. Ph.D. thesis, University of Glasgow (2003)Google Scholar
  11. 11.
    Desmedt, Y., Quisquater, J.J.: Public-key systems based on the difficulty of tampering (is there a difference between DES and RSA?). In: Advances in Cryptology (CRYPTO). LNCS, vol. 263, pp. 111–117 (1986)Google Scholar
  12. 12.
    Drimer, S.: Security for volatile FPGAs. Ph.D. thesis, University of Cambridge, Computer Laboratory (2009)Google Scholar
  13. 13.
    Flynn, M., McLaren, M.: Microprogramming revisited. In: ACM Proceedings of the 1967, 22nd National Conference, pp. 457–464 (1967)Google Scholar
  14. 14.
    Gonzalez I., Gómez-Arribas F.: Ciphering algorithms in Micro Blaze-based embedded systems. IEE Proc. Comput. Digit. Tech. 153(2), 87–92 (2006)CrossRefGoogle Scholar
  15. 15.
    Grabher, P., Großschädl, J., Page, D.: Light-weight instruction set extensions for bit-sliced cryptography. In: Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 5154, pp. 331–345. Springer, Berlin (2008)Google Scholar
  16. 16.
    Großschädl, J., Page, D., Vejda, T.: Instruction set extensions for pairing-based cryptography. In: Pairing-Based Cryptography (PAIRING). LNCS, vol. 4575, pp. 208–224. Springer, Berlin (2007)Google Scholar
  17. 17.
    Großschädl, J., Tillich, S., Szekely, A.: Performance evaluation of instruction set extensions for long integer modular arithmetic on a SPARC V8 processor. In: Digital System Design Architectures (DSD), pp. 680–689 (2007)Google Scholar
  18. 18.
    Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 6917, pp. 33–48. Springer, Berlin (2011)Google Scholar
  19. 19.
    Wu, H.: The Hash Function JH. Submission to NIST (updated, 3rd round version) (2009).
  20. 20.
    Hadžic, I., Udani, S., Smith, J.: FPGA viruses. In: Field Programmable Logic and Applications (FPL). LNCS, vol. 1673, pp. 291–300. Springer, Berlin (1999)Google Scholar
  21. 21.
    Hines, S., Green, J., Tyson, G., Whalley, D.: Improving program efficiency by packing instructions into registers. In: International Symposium on Computer Architecture (ISCA), pp. 260–271 (2005)Google Scholar
  22. 22.
    Hodjat, A., Verbauwhede, I.: Interfacing a high speed crypto accelerator to an embedded CPU. In: Asilomar Conference on Signals, Systems, and Computers, vol. 1, pp. 488–492 (2004)Google Scholar
  23. 23.
    Hoerder, S., Wójcik, M., Tillich, S., Page, D.: An evaluation of hash functions on a power analysis resistant processor architecture. In: Information Security Theory and Practices—Security and Privacy of Mobile Devices in Wireless Communication (WISTP). LNCS, vol. 6633, pp. 160–174. Springer, Berlin (2011)Google Scholar
  24. 24.
    Huffmire T., Irvine C., Nguyen T., Levin T., Kastner R., Sherwood T.: Handbook of FPGA Design Security. Springer, Berlin (2010)CrossRefGoogle Scholar
  25. 25.
    Juliato, M., Gebotys, C.: Tailoring a reconfigurable platform to SHA-256 and HMAC through custom instructions and peripherals. In: Reconfigurable Computing and FPGAs (ReConFig), pp. 195–200 (2009)Google Scholar
  26. 26.
    Kastner, R., Levin, T., Nguyen, T., Irvine, C., Brotherton, B., Wang, G., Sherwood, T., Huffmire, T.: Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In: IEEE Security and Privacy, pp. 281–295 (2007)Google Scholar
  27. 27.
    Kawahara, Y., Aoki, K., Takagi, T.: Faster implementation of eta-T pairing over GF(3m) using minimum number of logical instructions for GF(3)-addition. In: Pairing-Based Cryptography (PAIRING). LNCS, vol. 5209, pp. 282–296. Springer, Berlin (2008)Google Scholar
  28. 28.
    Kluter, T., Brisk, P., Ienne, P., Charbon, E.: Way stealing: cache-assisted automatic instruction set extensions. In: Design Automation Conference (DAC), pp. 31–36 (2009)Google Scholar
  29. 29.
    Koç Ç.K., Acar T., Kaliski B.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)CrossRefGoogle Scholar
  30. 30.
    Kocher, P., Lee, R., McGraw, G., Raghunathan, A.: Security as a new dimension in embedded system design. In: Design Automation Conference (DAC), pp. 753–760 (2004)Google Scholar
  31. 31.
    Kuon I., Rose J.: Measuring the gap between FPGAs and ASICs. IEEE Trans. Comput. Aided Design Integr. Circuits Syst. 26(2), 203–215 (2007)CrossRefGoogle Scholar
  32. 32.
    Lysecky R., Stitt G., Vahid F.: Warp processors. ACM Trans. Design Autom. Electron. Syst. (TODAES) 11(3), 659–681 (2006)CrossRefGoogle Scholar
  33. 33.
    Malik N., Eickemeyer R., Vassiliadis S.: Interlock collapsing ALU for increased instruction-level parallelism. ACM SIGMICRO Newsl. 23(1-2), 149–157 (1992)CrossRefGoogle Scholar
  34. 34.
    Miller, J., Agarwal, A.: Software-based instruction caching for embedded processors. In: Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 293–302 (2006)Google Scholar
  35. 35.
    Moore, C., Balser, D., Muhich, J., East, R.: IBM single chip RISC processor (RSC). In: IEEE International Conference on Computer Design (ICCD), pp. 200–204 (1991)Google Scholar
  36. 36.
    Patel S., Lumetta S.: rePLay: A hardware framework for dynamic optimization. IEEE Trans. Comput. 50(6), 590–608 (2001)CrossRefGoogle Scholar
  37. 37.
    Pothineni, N., Brisk, P., Ienne, P., Kumar, A., Paul, K.: A high-level synthesis flow for custom instruction set extensions for application-specific processors. In: Design Automation Conference (ASP-DAC), pp. 707–712 (2010)Google Scholar
  38. 38.
    Ravi S., Raghunathan A., Kocher P., Hattangady S.: Security in embedded systems: design challenges. ACM Trans. Embed. Comput. Syst. (TECS) 3(3), 461–491 (2004)CrossRefGoogle Scholar
  39. 39.
    Schaumont, P., Sakiyama, K., Hodjat, A., Verbauwhede, I.: Embedded software integration for coarse-grain reconfigurable systems. In: International Parallel and Distributed Processing Symposium (IPDPS), pp. 137–142 (2004)Google Scholar
  40. 40.
    Segars, S.: Low power design techniques for microprocessors (tutorial session). In: International Solid State Circuit Conference (ISSCC) (2001).
  41. 41.
    Sodani, A., Sohi, G.: Dynamic instruction reuse. In: International Symposium on Computer Architecture (ISCA), pp. 194–205 (1997)Google Scholar
  42. 42.
    Taylor, R., Goldstein, S.: A high-performance flexible architecture for cryptography. In: Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 1717, pp. 231–245. Springer, Berlin (1999)Google Scholar
  43. 43.
    Tillich, S., Großschädl, J.: A simple architectural enhancement for fast and flexible elliptic curve cryptography over binary finite fields GF(2m). In: Advances in Computer Systems Architecture (ACSAC). LNCS, vol. 3189, pp. 282–295. Springer, Berlin (2003)Google Scholar
  44. 44.
    Tillich, S., Großschädl, J.: Instruction set extensions for efficient AES implementation on 32-bit processors. In: Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 4249, pp. 270–284. Springer, Berlin (2006)Google Scholar
  45. 45.
    Tucker A., Flynn M.: Dynamic microprogramming: processor organization and programming. Commun. ACM (CACM) 14(4), 240–250 (1971)MATHCrossRefGoogle Scholar
  46. 46.
    VeriSign: an evaluation of new processor instructions for accelerating selected cryptographic algorithms (2010).
  47. 47.
    Wang, Z., Lee, R.: Covert and side channels due to processor architecture. In: Annual Computer Security Applications Conference (ACSAC), pp. 473–482 (2006)Google Scholar
  48. 48.
    Wollinger T., Guajardo J., Paar C.: Security on FPGAs: State-of-the-art implementations and attacks. ACM Trans. Embed. Comput. Syst. 3(3), 534–574 (2004)CrossRefGoogle Scholar
  49. 49.
    Wollinger, T., Paar, C.: How secure are FPGAs in cryptographic applications? In: Field Programmable Logic and Applications (FPL). LNCS, vol. 2778, pp. 91–100. Springer, Berlin (2003)Google Scholar
  50. 50.
    Wu, L., Weaver, C., Austin, T.: CryptoManiac: a fast flexible architecture for secure communication. In: International Symposium on Computer Architecture (ISCA), pp. 110–119 (2001)Google Scholar
  51. 51.
    Xilinx: Partial reconfiguration user guide (UG702) v12.1 (2010).
  52. 52.
    Yang, B., Wu, K., Karri, R.: Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: International Test Conference (ITC), pp. 339–344 (2004)Google Scholar

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  • P. Grabher
    • 1
  • J. Großschädl
    • 2
  • S. Hoerder
    • 1
  • K. Järvinen
    • 3
  • D. Page
    • 1
  • S. Tillich
    • 1
  • M. Wójcik
    • 1
  1. 1.Department of Computer ScienceUniversity of BristolBristolUK
  2. 2.Laboratory of Algorithmics, Cryptology and Security (LACS)University of LuxembourgLuxembourgLuxembourg
  3. 3.Department of Information and Computer ScienceAalto UniversityAaltoFinland

Personalised recommendations