Overview
Modular Exponentiation based on long number arithmetic is the foundation for a number
of public key encryption and key exchange mechanisms.
The most well known of these is probably RSA. This algorithm was first described
in 1977 by Ron Rivest, Adi Shamir and Len Adleman at MIT, its name being taken from
the three inventor's initials. RSA is suitable for both signing as well as encryption,
and is still very widely used in electronic commerce protocols; it is considered to
be secure given sufficiently long keys.
Another well known application for Modular Exponentiation is Diffie-Hellman key
exchange. This scheme was first published by Whitfield Diffie and Martin Hellman
in 1976, and is a cryptographic protocol which allows two parties that have no
prior knowledge of each other to jointly establish a shared secret key over an
insecure communications channel. This shared key can then be used to encrypt higher
speed communications using a more conventional symmetric key cipher like AES.
Both of these schemes, plus others, use long number modular arithmetic as
their basis. Due to the extremely large operand lengths (typically 1024- or 2048-bits),
this kind of arithmetic processing is very slow when implemented in a standard
processor, so it is perfect for offloading into dedicated hardware.
Helion RSA, Diffie-Hellman and
Modular Exponentiation Solutions
Helion offer a range of RSA, Diffie-Hellman and Modular Exponentiation solutions,
covering a broad spread of speed and area requirements. They have been fully proven in
production ASIC and FPGA silicon by numerous customers, and are easy to use and highly
efficient.
Existing offerings from other vendors concentrate on being the biggest and fastest
solutions around, but we take a more considered approach, and offer not only big and
fast solutions, but also extremely compact solutions which are ideal when your target
throughput is lower. Our standard cores (STDnnn) offer a wide range of performance
levels at the highest clock rates, trading area for performance in power-of-two steps,
whilst our TINY32 core is optimised for lowest logic area with a lower clock rate.
The FPGA cores make optimal use of each FPGA familiy's RAM resources, whether it is
distributed or Block RAM. Each core version is available supporting a maximum
operand length ranging from 2K to 8K bits, with certain sweet spots for each family.
The minimum supported operand length depends on the core version - the larger cores
cannot process smaller operands. There is considerable flexibility to choose a core
which is just right for your needs.
The cores operate in a co-processor style, with operands and results exchanged over a
shared memory interface. The user simply writes the operands, instructs the core, and
some time later the status indication shows that the results can be read out.
Normally, for the quickest calculation, the execution time is slightly variable according
to the exponent value. For additional resistance against timing attacks, a constant
time option is available which uses slower, fully deterministic, processing.
Measured Area and Performance
STD256 version - for medium rate applications
| TARGET |
PERFORMANCE1 |
AREA2 |
RAM2 |
| ASIC (0.13um CMOS) |
>45 ops/sec |
<40K gates |
12Kbits RAM |
| Altera Cyclone V (C6) |
34.1 ops/sec |
2015 ALMs |
1 M10K |
| Altera Cyclone 10 GX (E5) |
53.3 ops/sec |
2119 ALMs |
1 M10K |
| Altera Arria II GX (C4) |
38.7 ops/sec |
2121 ALMs |
1 M9K |
| Altera Arria II GZ (C3) |
47.1 ops/sec |
2163 ALMs |
1 M9K |
| Altera Arria V GX (C4) |
37.8 ops/sec |
2018 ALMs |
1 M10K |
| Altera Arria V GZ (C3) |
56.4 ops/sec |
2102 ALMs |
1 M10K |
| Altera Arria 10 (E1S) |
55.4 ops/sec |
2147 ALMs |
1 M20K |
| Altera Stratix IV (C2) |
50.3 ops/sec |
2095 ALMs |
1 M9K |
| Altera Stratix V (C1) |
62.3 ops/sec |
2129 ALMs |
1 M20K |
| Lattice ECP3 (-8) |
25.1 ops/sec |
2066 slices |
1 EBR |
| Xilinx Spartan-3A (-5) |
20.6 ops/sec |
1814 slices |
1 RAMB16 |
| Xilinx Spartan-6 (-3) |
31.1 ops/sec |
480 slices |
1 RAMB8 |
| Xilinx Artix-7 (-3) |
43.4 ops/sec |
484 slices |
1 RAMB18 |
| Xilinx Virtex-6 (-3) |
55.2 ops/sec |
474 slices |
1 RAMB18 |
| Xilinx Kintex-7 (-3) |
61.1 ops/sec |
485 slices |
1 RAMB18 |
| Xilinx Virtex-7 (-3) |
61.1 ops/sec |
483 slices |
1 RAMB18 |
| Xilinx UltraSCALE (-2) |
66.7 ops/sec |
393 CLBs |
1 RAMB18 |
| Xilinx UltraSCALE+ (-2) |
86.1 ops/sec |
403 CLBs |
1 RAMB18 |
TINY32 version - for lower rate applications, eg. supporting a single secure endpoint
| TARGET |
PERFORMANCE1 |
AREA2 |
RAM2 |
| ASIC (0.13um CMOS) |
>5 ops/sec |
<8K gates |
10Kbits RAM |
| Altera Cyclone IV (C6) |
1.8 ops/sec |
721 LEs |
4 M9Ks |
| Altera Cyclone V (C6) |
2.2 ops/sec |
318 ALMs |
4 M10Ks |
| Altera Cyclone 10 GX (E5) |
3.3 ops/sec |
278 ALMs |
4 M10Ks |
| Altera Arria II GX (C4) |
3.3 ops/sec |
352 ALMs |
4 M9Ks |
| Altera Arria II GZ (C3) |
3.3 ops/sec |
355 ALMs |
4 M9Ks |
| Altera Arria V GX (C4) |
2.5 ops/sec |
309 ALMs |
4 M10Ks |
| Altera Arria V GZ (C3) |
3.5 ops/sec |
299 ALMs |
4 M20Ks |
| Altera Arria 10 (E1S) |
3.7 ops/sec |
299 ALMs |
4 M20Ks |
| Altera Stratix IV (C2) |
3.7 ops/sec |
344 ALMs |
4 M9Ks |
| Altera Stratix V (C1) |
4.5 ops/sec |
322 ALMs |
4 M20Ks |
| Lattice ECP3 (-8) |
2.3 ops/sec |
316 slices |
4 EBRs |
| Xilinx Spartan-3A (-5) |
2.0 ops/sec |
309 slices |
3 RAMB16s |
| Xilinx Spartan-6 (-3) |
3.2 ops/sec |
142 slices |
1 RAMB16 |
| Xilinx Artix-7 (-3) |
3.2 ops/sec |
122 slices |
2 RAMB36s |
| Xilinx Virtex-6 (-3) |
4.2 ops/sec |
117 slices |
2 RAMB36s |
| Xilinx Kintex-7 (-3) |
4.3 ops/sec |
119 slices |
2 RAMB36s |
| Xilinx Virtex-7 (-3) |
4.3 ops/sec |
113 slices |
2 RAMB36s |
| Xilinx UltraSCALE (-2) |
4.9 ops/sec |
96 CLBs |
2 RAMB36s |
| Xilinx UltraSCALE+ (-2) |
7.1 ops/sec |
85 CLBs |
2 RAMB36s |
1. Based on 1024-bit RSA signatures (|E|=1024, |M|=1024). Note that this rate will be much higher for
shorter exponent values eg. for RSA verifications or Diffie-Hellman applications.
2. These figures are for 2048 bits maximum operand length. For longer operands
(up to 8192 bits are supported), logic area and RAM increases in technology-specific increments.
Product Briefs
For full details of all the Helion ModExp cores, please download the appropriate Product Brief in PDF format below.
 ModExp Cores - ASIC
ModExp Cores - FPGA
Contact
For more detailed information on this or any of our other products and services,
please feel free to email us at
helioncores@heliontech.com and we will be pleased to discuss how we can assist
with your individual requirements.
|
