Software structure and interface

This section presents the coarse-grained structure of the software on the MicroBlaze processors. Its execution starts with the initialization of the shared memory. This is followed by a handshake with the PowerPC providing each MicroBlaze core with its processor ID. Finally, the AES core is initialized and the soft-cores start waiting for instructions. This waiting is realized in a busy waiting manner by the function Dispatch. Note that a detailed description of the handshake and the inter-processor communication between the MicroBlaze processors and the PowerPC is deferred to Section 7.7.

The function Dispatch is the central function of the scheme controllers and is re- sponsible for receiving the instructions from the central core and for supervising their execution. After a command is received, the associated operation is executed. When it is completed, the final results are written into the shared memory. This is indicated to the central core, which, in turn, acknowledges the reception. Finally, the soft-core starts again waiting for new instructions. The commands supported by the scheme controller are as follows.

NOP This command results in no operation. In a strict sense, it is not a command, but

a marker telling the MicroBlaze processor that no command was issued.

RSA_SET_PARAMETERS This command instructs the MicroBlaze processor to load

new RSA parameters from the shared memory area into the memory of the ModArith core. This command must precede every RSA scheme following an ECC or PBC operation and every RSA operation using a new parameter set.

RSA_RSASSA_SIGN This command computes the signature of an amount of data

using the previously set RSA parameters following the RSASSA standard. The data is expected in the corresponding location in the shared memory.

RSA_RSASSA_VERIFY This command verifies a signature for an amount of data

using the previously set RSA parameters following the RSASSA standard. The data and the associated signature are expected in the corresponding locations in the shared memory.

RSA_RSAES_ENCRYPT This command encrypts an amount of data using the pre-

viously set RSA parameters following the RSAES standard. The data is expected in the corresponding location in the shared memory.

Chapter 7. Prototype implementation

RSA_RSAES_DECRYPT This command decrypts an amount of data using the pre-

viously set RSA parameters following the RSAES standard. The data is expected in the corresponding location in the shared memory.

ECC_SET_PARAMETERS This command instructs the soft-core to load new ECC

domain parameters from the shared memory area into the memory of the ModArith core. It must precede every ECC scheme following an RSA or PBC operation and every ECC operation over a new set of domain parameters. Note that this instruction also calculates the value of the Weierstraß-coefficient a = q − 3.

ECC_KEY_GENERATE Using the current ECC domains parameters, this command

generates a new key pair as described in Section 4.1.2. For this, the scheme con- troller creates a random number x ∈ [0, n − 1] as private key and computes the point multiplication Q = xG as public key.

ECC_KEY_VALIDATE This command may be used to validate an ECC key. This

is done according to [39, Algorithm 4.25], however, without checking nQ = ∞, because this is very costly computation-wise and it is not possible to import keys from the outside in the prototype implementation.

ECC_ECDSA_SIGN This command computes the signature of an amount of data

using the previously set ECC domain parameters following the ECDSA standard. The data is expected in the corresponding location in the shared memory.

ECC_ECDSA_VERIFY This command verifies a signature for an amount of data using

the previously set ECC domain parameters following the ECDSA standard. The data and the associated signature are expected in the corresponding locations in the shared memory.

ECC_ECIES_ENCRYPT This command encrypts an amount of data using the pre-

viously set ECC domain parameters following the ECIES standard. The data is expected in the corresponding location in the shared memory.

ECC_ECIES_DECRYPT This command decrypts an amount of data using the pre-

viously set ECC domain parameters following the ECIES standard. The data is expected in the corresponding location in the shared memory.

PBC_KEY_GENERATE Using the current PBC domain parameters, this command

generates a new key pair as described in Section 4.1.3. For this, the scheme con- troller creates a random number x ∈ GF(q) as private key and computes the point multiplication Q = xG as public key.

PBC_BLS_SIGN This command computes the signature of an amount of data using

the previously set PBC domain parameters according to the BLS signature gener- ation. The data is expected in the corresponding location in the shared memory.

7.5. MicroBlaze soft-cores processors

PBC_BLS_VERIFY This command verifies a signature for an amount of data using the

previously set PBC domain parameters according to the BLS signature verification. The data and the associated signature are expected in the corresponding locations in the shared memory.

Note that there is no command PBC_SET_PARAMETERS, because the prototype realization reuses the command ECC_SET_PARAMETERS for this task. This is pos- sible, because PBC has nearly the same values in its parameter set: The Weierstraß- coefficients a and b are not used, because their values are coded directly into the algo- rithm of the pairing. Only the cofactor h is additionally needed for PBC, but just in the software of the scheme controller, which may read it directly from the shared memory. Thus, it was sufficient to introduce a new memory configuration layout for PBC.

The command RSA_KEY_GENERATE does not exists, because the key generation for RSA may not be computed using the Montgomery multiplication realized in the ModArith core. For the key generation d ≡ e−1 mod ((p−1)(q −1)) must be calculated. However, both (p − 1) and (q − 1) are even, resulting in the modulus (p − 1)(q − 1) also being even. For the Montgomery multiplication the modulus and R have to be relatively prime, which is then not the case anymore.