An Exploration of Mechanisms for Dynamic Cryptographic Instruction Set Extension

  • Philipp Grabher
  • Johann Großschädl
  • Simon Hoerder
  • Kimmo Järvinen
  • Dan Page
  • Stefan Tillich
  • Marcin Wójcik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6917)


Instruction Set Extensions (ISEs) supplement a host processor with special-purpose, typically fixed-function hardware components and instructions to utilize them. For cryptographic use-cases, this can be very effective due to the demand for non-standard or niche operations that are not supported by general-purpose architectures. However, one disadvantage of fixed-function ISEs is inflexibility, contradicting a need for “algorithm agility.” This paper explores a new approach, namely the provision of re-configurable mechanisms to support dynamic (run-time changeable) ISEs. Our results, obtained using an FPGA-based LEON3 prototype, show that this approach provides a flexible general-purpose platform for cryptographic ISEs with all known advantages of previous work, but relies on careful analysis of the associated security issues.


FPGA embedded processor instruction set extension 


  1. 1.
    Amano, H.: A survey on dynamically reconfigurable processors. IEICE Tran. Comm. E89-B(12), 3179–3187 (2006)CrossRefGoogle Scholar
  2. 2.
    Banakar, R., Steinke, S., Lee, B.-S., Balakrishnan, M., Marwedel, P.: Scratchpad memory: design alternative for cache on-chip memory in embedded systems. In: CODES, pp. 73–78 (2002)Google Scholar
  3. 3.
    Canivet, G., Maistri, P., Leveugle, R., Clédière, J., Valette, F., Renaudin, M.: Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA. J. Cryptology 24(2), 247–268 (2011)CrossRefGoogle Scholar
  4. 4.
    Koç, Ç.K., Acar, T., Kaliski, B.S.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)CrossRefGoogle Scholar
  5. 5.
    Chan, H., Schaumont, P., Verbauwhede, I.: Process isolation for reconfigurable hardware. In: ERSA, pp. 164–170 (2006)Google Scholar
  6. 6.
    Dales, M.W.: Managing a reconfigurable processor in a general purpose workstation environment. PhD thesis, University of Glasgow (2003)Google Scholar
  7. 7.
    Desmedt, Y.G., Quisquater, J.-J.: Public-key systems based on the difficulty of tampering. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 111–117. Springer, Heidelberg (1987)Google Scholar
  8. 8.
    Flynn, M.J., McLaren, M.D.: Microprogramming revisited. In: Proc. of the 22nd ACM National Conference, pp. 457–464 (1967)Google Scholar
  9. 9.
    Gonzalez, I., Gómez-Arribas, F.: Ciphering algorithms in MicroBlaze-based embedded systems. Computers and Digital Techniques 153(2), 87–92 (2006)CrossRefGoogle Scholar
  10. 10.
    Grabher, P., Großschädl, J., Page, D.: Light-weight instruction set extensions for bit-sliced cryptography. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 331–345. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Großschädl, J., Tillich, S., Szekely, A.: Performance evaluation of instruction set extensions for long integer modular arithmetic on a SPARC V8 processor. In: DSD, pp. 680–689 (2007)Google Scholar
  12. 12.
    Hadžić, I., Udani, S., Smith, J.M.: FPGA viruses. In: Lysaght, P., Irvine, J., Hartenstein, R.W. (eds.) FPL 1999. LNCS, vol. 1673, pp. 291–300. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Hines, S.R., Green, J., Tyson, G., Whalley, D.: Improving program efficiency by packing instructions into registers. In: ISCA, pp. 260–271 (2005)Google Scholar
  14. 14.
    Hodjat, A., Verbauwhede, I.: Interfacing a high speed crypto accelerator to an embedded CPU. In: Asilomar Conference on Signals, Systems, and Computers, vol. 1, pp. 488–492 (2004)Google Scholar
  15. 15.
    Hoerder, S., Wójcik, M., Tillich, S., Page, D.: An evaluation of hash functions on a power analysis resistant processor architecture. In: Ardagna, C. (ed.) WISTP 2011. LNCS, vol. 6633, pp. 160–174. Springer, Heidelberg (2011)Google Scholar
  16. 16.
    Huffmire, T., Irvine, C., Nguyen, T.D., Levin, T., Kastner, R., Sherwood, T.: Handbook of FPGA Design Security. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Juliato, M., Gebotys, C.: Tailoring a reconfigurable platform to SHA-256 and HMAC through custom instructions and peripherals. In: ReConFig, pp. 195–200 (2009)Google Scholar
  18. 18.
    Kastner, R., Levin, T., Nguyen, T., Irvine, C., Brotherton, B., Wang, G., Sherwood, T., Huffmire, T.: Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In: IEEE Security and Privacy, pp. 281–295 (2007)Google Scholar
  19. 19.
    Kluter, T., Brisk, P., Ienne, P., Charbon, E.: Way stealing: cache-assisted automatic instruction set extensions. In: DAC, pp. 31–36 (2009)Google Scholar
  20. 20.
    Kocher, P.C., Lee, R.B., McGraw, G., Raghunathan, A.: Security as a new dimension in embedded system design. In: DAC, pp. 753–760 (2004)Google Scholar
  21. 21.
    Lysecky, R., Stitt, G., Vahid, F.: Warp processors. TODAES 11(3), 659–681 (2006)CrossRefGoogle Scholar
  22. 22.
    Malik, N., Eickemeyer, R.J., Vassiliadis, S.: Interlock collapsing ALU for increased instruction-level parallelism. SIGMICRO Newsletter 23(1-2), 149–157 (1992)CrossRefGoogle Scholar
  23. 23.
    Miller, J.E., Agarwal, A.: Software-based instruction caching for embedded processors. In: ASPLOS, pp. 293–302 (2006)Google Scholar
  24. 24.
    Moore, C.R., Balser, D.M., Muhich, J.S., East, R.E.: IBM single chip RISC processor (RSC). In: ICCD, pp. 200–204 (1991)Google Scholar
  25. 25.
    Pothineni, N., Brisk, P., Ienne, P., Kumar, A., Paul, K.: A high-level synthesis flow for custom instruction set extensions for application-specific processors. In: ASP-DAC, pp. 707–712 (2010)Google Scholar
  26. 26.
    Ravi, S., Raghunathan, A., Kocher, P.C., Hattangady, S.: Security in embedded systems: Design challenges. TECS 3(3), 461–491 (2004)CrossRefGoogle Scholar
  27. 27.
    Schaumont, P., Sakiyama, K., Hodjat, A., Verbauwhede, I.: Embedded software integration for coarse-grain reconfigurable systems. In: IPDPS, pp. 137–142 (2004)Google Scholar
  28. 28.
    Segars, S.: Low power design techniques for microprocessors (tutorial session). In: ISSCC (2001)Google Scholar
  29. 29.
    Taylor, R.R., Goldstein, S.C.: A high-performance flexible architecture for cryptography. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 231–245. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  30. 30.
    Tillich, S., Großschädl, J.: A simple architectural enhancement for fast and flexible elliptic curve cryptography over binary finite fields GF(2m). In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189, pp. 282–295. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  31. 31.
    Tillich, S., Großschädl, J.: Instruction set extensions for efficient AES implementation on 32-bit processors. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 270–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  32. 32.
    Tucker, A.B., Flynn, M.J.: Dynamic microprogramming: processor organization and programming. CACM 14(4), 240–250 (1971)MATHGoogle Scholar
  33. 33.
    Vejda, T., Page, D., Großschädl, J.: Instruction set extensions for pairing-based cryptography. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 208–224. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  34. 34.
    VeriSign.: An evaluation of new processor instructions for accelerating selected cryptographic algorithms (2010)Google Scholar
  35. 35.
    Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: ACSAC, pp. 473–482 (2006)Google Scholar
  36. 36.
    Wollinger, T., Paar, C.: How secure are FPGAs in cryptographic applications? In FPL. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 91–100. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  37. 37.
    Wu, L., Weaver, C., Austin, T.: CryptoManiac: a fast flexible architecture for secure communication. In: ISCA, pp. 110–119 (2001)Google Scholar
  38. 38.
    Xilinx. Partial reconfiguration user guide (UG702) v12.1 (2010),
  39. 39.
    Yang, B., Wu, K., Karri, R.: Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: ITC, pp. 339–344 (2004)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Philipp Grabher
    • 1
  • Johann Großschädl
    • 2
  • Simon Hoerder
    • 1
  • Kimmo Järvinen
    • 3
  • Dan Page
    • 1
  • Stefan Tillich
    • 1
  • Marcin Wójcik
    • 1
  1. 1.Department of Computer ScienceUniversity of BristolBristolUK
  2. 2.FSTC, CSC Research Unit, LACSUniversity of LuxembourgLuxembourgLuxembourg
  3. 3.Department of Information and Computer ScienceAalto UniversityAaltoFinland

Personalised recommendations