Given that premise, MIT researchers have built a dedicated chip hardwired to perform public-key encryption at only 1/400th the power that equivalent software execution would require, while using only a tenth of the memory and running 500 times faster.
The chip described in a paper presented at the International Solid-State Circuits Conference has been designed to be able to handle any type of elliptic-curve encryption.
“Cryptographers are coming up with curves with different properties, and they use different primes,” explains Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper.
“There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well.”
To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, it’s divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security.
One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chip’s modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits. The MIT chip’s modular multiplier can handle 256-bit numbers, eliminating the extra circuitry for integrating smaller computations and reducing the chip’s energy consumption while increasing its speed.
Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chip’s surface area by 10 percent, but it cuts the power consumption in half.
The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. Here, the entire protocol is hardwired into the MIT researchers’ chip, which dramatically reduces the amount of memory required for its execution.
The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesn’t compromise the chip’s energy efficiency.
MIT – www.mit.edu