Energy-Efficient ARM64 Cluster with Cryptanalytic Applications
- 1 Citations
- 184 Downloads
Abstract
Getting a lot of CPU power used to be an expensive undertaking. Servers with many cores cost a lot of money and consume large amounts of energy. The developments in hardware for mobile devices has resulted in a surge in relatively cheap, powerful, and low-energy CPUs. In this paper we show how to build a low-energy, eighty-core cluster built around twenty ODROID-C2 development boards for under 1500 USD. The ODROID-C2 is a 46 USD microcomputer that provides a 1.536 GHz quad-core Cortex-A53-based CPU and 2 GB of RAM. We investigate the cluster’s application to cryptanalysis by implementing Pollard’s Rho method to tackle the Certicom ECC2K-130 elliptic curve challenge. We optimise software from the Breaking ECC2K-130 technical report for the Cortex-A53. To do so, we show how to use microbenchmarking to derive the needed instruction characteristics which ARM neglected to document for the public. The implementation of the ECC2K-130 attack finally allows us to compare the proposed platform to various other platforms, including “classical” desktop CPUs, GPUs and FPGAs. Although it may still be slower than for example FPGAs, our cluster still provides a lot of value for money.
Keywords
ARM Compute cluster Cryptanalysis Elliptic curve cryptography ECC2K-130References
- 1.Ansible. https://docs.ansible.com/ansible/. Accessed 22 June 2017
- 2.ARM Cortex-A Series Programmer’s Guide for ARMv8-A. Version 1.0. https://developer.arm.com/products/processors/cortex-a/cortex-a53/docs/den0024/latest/1-introduction. Accessed 22 June 2017
- 3.BCM2837 - Raspberry Pi documentation. https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2837/README.md. Accessed 08 May 2017
- 4.ODROID-C2. http://www.hardkernel.com/main/products/prdt_info.php?g_code=G145457216438. Accessed 03 Apr 2017
- 5.Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C., Cheng, C.-M., Damme, G.V., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu, T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Herrewege, A.V., Yang, B.-Y.: Breaking ECC2K-130. Cryptology ePrint Archive, Report 2009/514 (2009). https://eprint.iacr.org/2009/541/
- 6.Bernstein, D.J.: Minimum number of bit operations for multiplication. https://binary.cr.yp.to/m.html. Accessed 05 Apr 2017
- 7.Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_19CrossRefGoogle Scholar
- 8.Bernstein, D.J., Chen, H.-C., Cheng, C.-M., Lange, T., Niederhagen, R., Schwabe, P., Yang, B.-Y.: ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 328–346. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_23CrossRefGoogle Scholar
- 9.Bernstein, J.D., Engels, S., Lange, T., Niederhagen, R., Paar, C., Schwabe, P., Zimmermann, R.: Faster discrete logarithms on fpgas (2016). http://cryptojedi.org/papers/#sect113r2
- 10.Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_14 CrossRefGoogle Scholar
- 11.Certicom Corp: The Certicom ECC Challenge. https://www.certicom.com/content/certicom/en/the-certicom-ecc-challenge.html. Accessed 03 Apr 2017
- 12.Certicom Research. Certicom ECC Challenge. https://www.certicom.com/content/dam/certicom/images/pdfs/challenge-2009.pdf. Accessed 10 Nov 2009
- 13.Cox, S.J., Cox, J.T., Boardman, R.P., Johnston, S.J., Scott, M., O’Brien, N.S.: Iridis-pi: a low-cost, compact demonstration cluster. Cluster Comput. 17(2), 349–358 (2014). https://doi.org/10.1007/s10586-013-0282-7CrossRefGoogle Scholar
- 14.Fan, J., Bailey, D.V., Batina, L., Guneysu, T., Paar, C., Verbauwhede, I.: Breaking elliptic curve cryptosystems using reconfigurable hardware. In: 2010 International Conference on Field Programmable Logic and Applications, pp. 133–138, 8 2010. https://doi.org/10.1109/FPL.2010.34
- 15.Hutter, M., Schwabe, P.: Multiprecision multiplication on AVR revisited. J. Cryptogr. Eng. 5(3), 201–214 (2015). http://cryptojedi.org/papers/#avrmulCrossRefGoogle Scholar
- 16.Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. In: Soviet Physics Doklady, vol. 7, p. 595 (1963)Google Scholar
- 17.Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefGoogle Scholar
- 18.Patel, N.: Sony says the 40GB PS3 is still using 90nm chips. https://www.engadget.com/2007/11/03/sony-says-the-40gb-ps3-is-still-using-90nm-chips/. Accessed 24 Aug 2017
- 19.Pollard, J.M.: Monte Carlo methods for index computation \((\operatorname{mod} p)\). Math. Comput. 32(143), 918–924 (1978)MathSciNetzbMATHGoogle Scholar
- 20.TechInsights. Nintendo Switch teardown. http://techinsights.com/about-techinsights/overview/blog/nintendo-switch-teardown/. Accessed 08 May 2017
- 21.van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999). https://doi.org/10.1007/PL00003816MathSciNetCrossRefzbMATHGoogle Scholar