2024-02-28 - Eros Camacho-Ruiz (camacho@imse-cnm.csic.es)
This is the repository of the evaluation carried out in the NTRU cryptosystem presented in the PhD Dissertation entitled: "Design of a hardware Root-of-Trust on embedded systems"
The main idea of this repository is twofold:
- Study the countermeasures proposed in the PhD with different implementations.
- Define a demo in which it is possible to stablish a PQ secure communication between two devices
Note: All the content of this repository has been implemented using the Pynq Framework.
- Directory structure
- IP Integration
- Prerequisites for the Pynq-Z2 platform
- Installation and Use of the Test
- Installation and Use of the Demo
- Example of the Demo
- Note for version
- Contact
- Developers
- ntru_ms2xs_8.0: the IP module of the NTRU polynomial multiplier
- ntru_3round.tar.gz: the comprised file of the NTRU software implementation and the HW call drivers
- result_test: this folder is generated to store the performance test of the NTRU.
- bit: stores all the embedded system integrator as bitstream to check on the tests. (see the Table below)
- data_in: stores the input ciphertext in binary format when the demo is running.
- data_out: stores the output ciphertext in binary format when the demo is running.
- gen_keys: stores the generated keys.
- pub_keys: stores the public keys of the devices to connect.
- ntru: source files
- common: Low-level drivers and utilities
- src: NTRU 3Round SW libraries
- Makefile: to generate the executables for the library
- Test.c: main file to tests
- demo.c: main file to demo
- README.md: this file
The IP module is delivered in the ntru_ms2xs_8.0
folder. The design of the core part of the IP module is depicted in the next figure. The arithmetic unit (AU) is shown
in the green box. The three different operation modes are ruled by the coefficients of the blind polynomial: -1,1 and 0. The parameter M
is depicted as paralellization
coefficient that means the number of AUs are working in parallel.
The IP integration is finished adding an user interface in which it is possible to modify the next parameters of the polynomial multiplier:
M
: is the number of AUs that are working in parallel.N
: the number of the coefficients of the polynomial. See NTRU documentation.Q
: is the number that symbolizes the modQ reduction in the polynomial ring.max_cycles
: is the number of maximum cycles it is possible to accelerate the algorithm avoind timing attacks. See PhD Dissertation.
The next table shows all the implementations delivered in this repository. There are in total 8 different strategies: 4 parameters set in the NTRU where in each one the
max_cycles
value was set in N
and CL
(Confident Limit). From each configuration there are different values of M
: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,32,64,128,256
.
That is basically the content of the folder NTRU_3Round.rar\bit\
. As a final user, you can discard (and remove) other implementations and remake the embedded integration using the
configuration more suitable for your interest.
Parameter set | N |
CL |
---|---|---|
ntruhps2048509 |
509 | 400 |
ntruhps2048677 |
677 | 516 |
ntruhps2048821 |
821 | 625 |
ntruhrss2048701 |
701 | 533 |
For further information, see Chapter 4 of the PhD Dissertation
-
Download the PYNQ C-API from https://github.com/mesham/pynq_api
-
Then, issue
make
. Once it is built, issuesudo make install
.
- For compilation of a specific test:
make Test_N_VALUE
where N_VALUE
can be: 509, 677, 821, 701
. So, for example if the user wants to compile something related with the parameter set ntruhps2048509
,
they must issue: make Test_509
-
For the use, the program has different input variables:
-h
: Show the help.-hh
: Show the extended help.-n
: Number of test to perform.-M
: Paralelization coefficient. *Note: For that there must be a bitstream in the folderN/CL/M
.-y
: CL parameter.
Also it includes options to debug different parts:
-d
: debug level-c
: number of coefficients to show in the debug. In order to avoid a data massification on the screen.0
: Minimize the print in window.1
: Show the time in each part of the algorithm.2
: Show the extended evaluation of time.3
: Show the coefficients of SW and HW.4
: Show the multiplication operation in SW.5
: Show the multiplication operation in HW.6
: Show the public key.7
: Show the seed and he coefficients of r and h.8
: Show the multiplication operation in SW 3 ROUND.9
: Show the cuphertext of 3 ROUND, LIBNTRU, HW.10
: Show the hash of rm.11
: ONLY FOR PERFORMING THE SEED ANALYSIS. It generates the filer.txt
.
An example, if it is desired to performance 1000 tests on the ntruhps2048509
parameter set, using a confident limit of 400 with a parallelization coefficient of 10,
it has to be typed: Test_509 -n 1000 -M 10 -y 400
To run the tests, it is necessary to set the root privileges
The main idea of the Demo is to interconnect two devices and share information using PQC as the next figure shows. In this case, two Pynq platforms are interconnected in a local network. The two of them are going to generate the key pair (public and private keys). Then, one of them is going to recive the public key of the other one using this key to encapsulate a shared secret. Then the ciphertext generated (with the information of the shared secret) is sent to the other platform that will use the private key to decapsulate and extract the shared secret.
- For compilation of a specific demo:
make Demo_N_VALUE
where N_VALUE
can be: 509, 677, 821, 701
. So, for example if the user wants to compile something related with the parameter set ntruhps2048509
,
they must issue: make Demo_509
-
For the use, the program has different input variables:
-h
: Show the help.-k
: Key generation.-e
: Encapsulation.-d
: Decapsulation.
Also it includes verbose options:
-v
: verbose level level1
: Show only functions.2
: Show intermediate results.3
: Show keys.
A demo video example can be seen in the next link.
For the example, two platforms will be used: #PLATFORM_1 and #PLATFORM_2. It is recommended that the verbose level be 3 in order to see all the intermediate results.
- The first step is to perform the key generation in both platforms:
Demo_509 -k -v 3
- The next step is to send the public key of the #PLATFORM_1 to the #PLATFORM_2:
send_pk.sh
Note: the configuration set in send_pk.sh
can be modified to the final user. It has been set to my personal set-up.
- The next step is to encapsulate the shared secret using the public key in the #PLATFORM_2.
Demo_509 -e -v 3
- The next step is to send the ciphertext generated in the below step back to the #PLATFORM_1:
send_ct.sh
Note: the configuration set in send_ct.sh
can be modified to the final user. It has been set to my personal set-up.
- The next step is to recover the shared secret in the #PLATFORM_1 decapsulating:
Demo_509 -d -v 3
At the end, it will check that both platforms share the same secrets.
To run the demo, it is necessary to set the root privileges
- Reordered the repository structure.
- Added a Readme file.
Eros Camacho-Ruiz - (camacho@imse-cnm.csic.es)
Hardware Cryptography Researcher
Instituto de Microelectrónica de Sevilla (IMSE-CNM), CSIC, Universidad de Sevilla, Seville, Spain
Eros Camacho-Ruiz
Instituto de Microelectrónica de Sevilla (IMSE-CNM), CSIC, Universidad de Sevilla, Seville, Spain