SlideShare a Scribd company logo

Crypto Performance on ARM Cortex-M Processors

Download as PPTX, PDF
Hannes Tschofenig
Hannes Tschofenig

Slide deck for talk at IETF#92 (Dallas, March 2015) at the IETF Light-Weight Implementation Guidance (lwig) working group about the performance of cryptographic algorithms on ARM processors.

Internet
1 of 48
1 Performance Investigations Hannes Tschofenig, Manuel Pégourié-Gonnard 25th March 2015
2 Motivation  In <draft-ietf-lwig-tls-minimal> we tried to provide guidance for the use of DTLS (TLS) when used in IoT deployments and included performance data to help understand the design tradeoffs.  Later, work in the IETF DICE was started with the profile draft, which offers detailed guidance concerning credential types, communication patterns. It also indicates which extensions to use or not to use.  Goal of <draft-ietf-lwig-tls-minimal> is to offer performance data based on the recommendations in the profile draft.  This presentation is about the current status of gathering performance data for later inclusion into the <draft-ietf-lwig-tls- minimal> document.
3 Performance Data  This is the data we want:  Flash code size  Message size / Communication Overhead  CPU performance  Energy consumption  RAM usage  Also allows us to judge the improvements of various extensions and gives engineers a rough idea what to expect when planning to use DTLS/TLS in an IoT product.  <draft-ietf-lwig-tls-minimal-01> offers preliminary data about  Code size of various basic building blocks (data from one stack only)  Memory (RAM/flash) (pre-shared secret credential only)  Communication overhead (high level only)
4  Goal of the authors: Determine performance of asymmetric cryptography on ARM-based processors.  Next slides explains  Assumptions for the measurements,  ARM processors used for the measurements,  Development boards used,  Actual performance data, and  Comparison with other algorithms. Overview
5  Main focus of the measurements so far was on  raw crypto (and not on protocol exchanges)  ECC rather than RSA  Different ECC curves  Run-time performance (not energy consumption, RAM usage, code size)  No hardware acceleration was used.  Used open source software; code based on PolarSSL/mbed TLS stack.  No hardware-based random number generator in the development platform was used  Not fit for real deployment. Assumptions
6 ARM Cortex-M Processors Lowest cost Low power Lowest power Outstanding energy efficiency Performance efficiency Feature rich connectivity Digital Signal Control (DSC) Processor with DSP Accelerated SIMD Floating point (FP) Processors use the 32-bit RISC architecture http://www.arm.com/products/processors/cortex-m/index.php Recently released; Best performance Processors used in the performance tests
7 Prototyping Boards used in Performance Tests  ST Nucleo F401RE (STM32F401RET6)  ARM Cortex-M4 CPU with FPU at 84MHz  512KB Flash, 96KB SRAM  ST Nucleo F103 (STM32F103RBT6)  ARM Cortex-M4 CPU with FPU at 72MHz  128KB Flash, 20KB SRAM  ST Nucleo L152RE (STM32L152RET6)  ARM Cortex-M3 CPU at 32MHz  512 KBytes Flash, 80KB RAM  ST Nucleo F091 (STM32F091RCT6)  ARM Cortex-M0 CPU at 48MHz  256 KBytes Flash, 32KB RAM  NXP LPC1768  ARM Cortex-M3 CPU at 96MHz  512KB Flash, 32KB RAM  Freescale FRDM-KL25Z  ARM Cortex-M0+ CPU at 48MHz  128KB Flash, 16KB RAM ST Nucleo LPC1768 FRDM-KL25Z
8 ECC Curves  NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1  “Koblitz curves”: secp256k1, secp224k1, secp192k1  Brainpool curves: brainpoolP512r1, brainpoolP384r1, brainpoolP256r1  Curve25519 (only preliminary results).  Note that FIPS186-4 refers to secp192r1 as P-192, secp224r1 as P- 224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as P- 521.
9 Optimizations  NIST Optimization  Utilizes special structure of NIST chosen curves.  Appendix 1 of http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf  Longer version in FIPS PUB 186-4:  http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf  Relevant configuration parameter: POLARSSL_ECP_NIST_OPTIM  Fixed Point Optimization:  Pre-computes points  Described in https://eprint.iacr.org/2004/342.pdf  Relevant configuration parameter: POLARSSL_ECP_FIXED_POINT_OPTIM  Window:  Technique for more efficient exponentation  Sliding window technique described in https://en.wikipedia.org/wiki/Exponentiation_by_squaring  Relevant configuration parameter: POLARSSL_ECP_WINDOW_SIZE (min=2, max=7).
10 ECDSA, ECDHE, and ECDH  Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve variant of the Digital Signature Algorithm (DSA) or, as it is sometimes called, the Digital Signature Standard (DSS).  It is used in TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ciphersuite recommended in CoAP (and consequently also in the DTLS profile draft).  ECDSA, like DSA, has the property that poor randomness used during signature generation can compromise the long-term signing key.  For this reason the deterministic variant of (EC)DSA (RFC 6979) is implemented, which uses the private key as a source or “entropy” to seed a PRNG.  Note: None of the prototyping boards listed in the slide deck provide true random number generation.  CoAP recommends this ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 that makes use of the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE).  The Elliptic Curve Diffie-Hellman (ECDH) is only used for comparison purposes in this slide deck but not used in the recommended ciphersuites.
11 Key Length Symmetric ECC DH/DSA/RSA 80 163 1024 112 233 2048 128 283 3072 192 409 7680 256 571 15360  Tradeoff between security and performance.  Values based on recommendations from RFC 4492.  [I-D.ietf-uta-tls-bcp] recommends at least 112 bits symmetric keys.  A 2013 ENISA report states that an 80bit symmetric key is sufficient for legacy applications but recommends 128 bits for new systems.
12 Observations: Performance Figures  ECDSA signature operation is faster than ECDSA verify operation.  Brainpool curves are slower than NIST curves because Brainpool curves use random primes.  ECC key sizes above 256 bits are substantially slower than ECC curves with key size 192, 224, and 256.  ECDH is only slightly faster than ECDHE (when fixed point optimization is enabled).  CPU speed has a significant impact on the performance.  The performance of symmetric key cryptography (keyed hash functions, encryption functions) is neglectable.
13 Observations: Optimizations  NIST curve optimization provides substantial benefit for NIST secp*r1 curves.  Fixed point optimization has a significant influence on the performance.  There is a performance – RAM usage tradeoff: increased performance comes at the expense of additional RAM usage.  ECC library increases code size but also requires a fair amount of RAM for optimizations (for most curves).
14 ECC Performance of the Cortex M3/M4
15 NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1 Koblitz curves: secp256k1, secp224k1, secp192k1 Performance of various NIST/Koblitz ECC Curves
16 Performance difference between signature vs. verify For comparison: secp192r1 (signature) needs 66msec. For comparison: secp256r1 (signature) needs 122msec.
17 For comparison: Secp256r1 (signature) needs 122msec. Performance of Brainpool Curves
18 For comparison: Secp256r1 (verify) needs 458msec. Performance of Brainpool Curves
19 For comparison: secp192r1 (signature, W=7) needs 66msec. For comparison: secp521r1 (signature, W=7) needs 351msec. Performance impact of the “window” parameter
20 The Performance Impact of the NIST Optimization secp192r1 (ECDHE): 5986 msec (F401RE, optimization disabled) vs. 638 msec (optimization enabled)
21 ECC Performance of the Cortex M0/M0+
22 ECDHE Performance of the KL25Z
23 ECDSA Performance of the KL25Z
24 + FP optimization enabled
25 + FP optimization enabled
26 + FP optimization enabled
27 CPU Speed Impact
28 Performance of ECDHE: L152RE vs. LPC1768 secp192r1 (ECDHE): 1155 msec (L152RE) vs. 229 msec (LPC1768) L152RE: Cortex-M3 with 32MHz LPC1768: Cortex-M3 with 96MHz NIST optimization enabled. Fixed-point speed-up enabled.
29 Performance Comparison: Prototyping Boards 0.00 200.00 400.00 600.00 800.00 1000.00 1200.00 1400.00 1600.00 1800.00 2000.00 LPC1768, 96 MHz, Cortex M3 L152RE, 32 MHz, Cortex M3 F103RB, 72 MHz, Cortex M4 F401RE, 84 MHz, Cortex M4 Time(msec) Prototyping Boards ECDSA Performance (Signature Operation, w=7, NIST Optimization Enabled) secp192r1 secp224r1 secp256r1 secp384r1 secp521r1
30 Curve25519 (Warning: Preliminary Results)
31 Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 1458 552 1145 0 200 400 600 800 1000 1200 1400 1600 msec FRDM-KL46Z (Cortex-M0+, 48 MHz) Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 506 58 391 0 100 200 300 400 500 600 msec FRDM-K64F (Cortex-M4, 120 MHz) Notes: • The Curve25519-mbedtls implementation uses a generic libary. Hence, the special properties of Curve25519 are not utilized. • Curve25519 has very low RAM requirements (~1 Kbyte only). • Curve25519-donna is based on the Google implementation. Improvements for M0/M0+ are likely since the code has not been tailored to the architecture. Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 598 94 432 0 100 200 300 400 500 600 700 msec LPC1768 (Cortex-M3, 96 MHz)
32 The Power of Assembly Optimizations  Example: micro-ecc library  https://github.com/kmackay/micro-ecc/tree/old  Written in C, with optional inline assembly for ARM and Thumb platforms.  LPC1114 at 48MHz (ARM Cortex-M0) ECDH time (ms) secp192r1 secp256r1 LPC1114 175.7 465.1 STM32F091 604,55 1260.9 ECDSA verify time (ms) secp192r1 Secp256r1 LPC1114 217.1 555.2 STM32F091 845.5 1758.8  Performance improvement between 200 and 300 %
33 RAM Usage
34 What was measured?  Heap using a custom memory allocation handler (instead of malloc).  Memory allocated on the stack was not measured (but it is negligible).  Measurement was done on a Linux PC (rather than on the embedded device itself for convenience reasons).  Two aspects investigated:  Memory impact caused by different window parameter changes.  Memory impact caused by FP performance optimization.
35 0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDHE ECDHE ECDHE ECDHE ECDHE Bytes Cryptographic Computations Heap Usage with Disabled FP Optimization w6 w=2
36 0 2000 4000 6000 8000 10000 12000 14000 16000 18000 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDHE ECDHE ECDHE ECDHE ECDHE Bytes Cryptographic Operation Heap Usage with FP Optimization Enabled w=6 w=2
37 0 2000 4000 6000 8000 10000 12000 14000 16000 18000 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 secp521r1 secp384r1 secp256r1 secp224r1 secp192r1 ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Sign ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDSA- Verify ECDHE ECDHE ECDHE ECDHE ECDHE Bytes Cryptographic Computations Heap Usage (Window Size 6) Enabled Optimization Disabled Optimization Note: NIST optimization enabled in both cases since it does not have an impact on the heap usage.
38 Summary  To enable certain optimizations sufficient RAM is needed. A tradeoff decision between RAM and speed.  Optimizations pays off.  This slide shows heap usage (NIST optimization enabled). ECDSA-Sign ECDSA-Verify ECDHE W=6, FP 4568 5380 5012 W=2, No FP 2972 3072 2692 0 1000 2000 3000 4000 5000 6000 Bytes Heap Usage (secp256r1)
39 Using ~50 % more RAM increases the performance by a factor 8 or more. ECDSA-Sign ECDSA-Verify ECDHE w=6, FP, NIST 122 458 431 w=6, no FP, NIST 340 677 644 w=2, no FP, NIST 378 759 734 w=2, no FP, no NIST 1893 3788 3781 0 500 1000 1500 2000 2500 3000 3500 4000 msec LPC1768 (secp256r1)
40 Applying Results to TLS/DTLS
41 Raw Public Keys with TLS_ECDHE_ECDSA_*  TLS / DTLS client needs to perform the following computations: 1. Client verifies the signature covering the Server Key Exchange message that contains the server's ephemeral ECDH public key (and the corresponding elliptic curve domain parameters). 2. Client computes ECDHE. 3. Client creates signature over the Client Key Exchange message containing the client's ephemeral ECDH public key (and the corresponding elliptic curve domain parameters).  Summary:  1 x ECDSA verification for step (1)  1 x ECDHE computation for step (2)  1 x ECDSA signature for step (3)  Example (LPC1768, secp224r1, W=7, FP and NIST optimization enabled)  329msec (ECDSA verification)  303 msec (ECDHE computation)  85 msec (ECDSA signature) Total: 717 msec
42 Applying Results to TLS/DTLS Certificates with TLS_ECDHE_ECDSA_* 1 x ECDSA verification for server certificate CA Certificate Server Certificate CA Certificate Intermediate CA Certificate Server Certificate CA Certificate 1st Intermediate CA Certificate Server Certificate 2nd Intermediate CA Certificate Same as with raw public key plus (assuming no OCSP and certs are signed with ECC certificates) 1 x ECDSA verification for Intermediate CA certificate 1 x ECDSA verification for server certificate 1 x ECDSA verification for 1st Intermediate CA certificate 1 x ECDSA verification for 2nd Intermediate CA certificate 1 x ECDSA verification for server certificate
43 Symmetric Key Cryptography
44 Symmetric Key Cryptography  Secure Hash Algorithm (SHA) creates a fixed length fingerprint based on an arbitrarily long input. The output length of the fingerprint is determined by the hash function itself. For example, SHA256 produces an output of 256 bits.  Advanced Encryption Standard (AES) is an encryption algorithm, which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.  A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.  Examples of modes of operation: CCM, GCM, CBC.  Test relevant information:  SHA computes a hash over a buffer with a length of 1024 bytes.  AES-CBC: 1024 input bytes are encrypted. No integrity protection is used. IV size is 16 bytes.  AES-CCM and AES-GCM: 1024 input bytes are encrypted and integrity protected. No additional data is used. In this version of the test a 12 bytes nonce value is used together with the input data. In addition to the encrypted data a 16 byte tag value is produced.
45 Symmetric Key Crypto: Performance of the KL25Z 2.2 4.2 2.8 3.2 3.6 6 6.5 6.9 5.8 6.7 7.6 0 1 2 3 4 5 6 7 8 SHA-256 SHA-512 AES-CBC- 128 AES-CBC- 192 AES-CBC- 256 AES-GCM- 128 AES-GCM- 192 AES-GCM- 256 AES-CCM- 128 AES-CCM- 192 AES-CCM- 256 Time(msec) Cryptographic Operation
46 Symmetric Key Crypto: Performance of the LPC1768 0.6 1.4 0.7 0.8 0.9 1.8 1.9 2 1.7 1.9 2.1 0 0.5 1 1.5 2 2.5 SHA-256 SHA-512 AES-CBC- 128 AES-CBC- 192 AES-CBC- 256 AES-GCM- 128 AES-GCM- 192 AES-GCM- 256 AES-CCM- 128 AES-CCM- 192 AES-CCM- 256 Time(msec) Cryptographic Operation
47 Conclusion  ECC requires performance-demanding computations. Those take time.  What an acceptable delay is depends on the application.  Many applications only need to run public key cryptographic operations during the initial (session) setup phase and infrequently afterwards.  With session resumption DTLS/TLS uses symmetric key cryptography most of the time (which is lightning fast).  Detailed performance figures depend on the enabled performance optimizations (and indirectly the available RAM size), the key size, the type of curve, and CPU speed.  Choosing the microprocessor based on the expected usage environment is important.
48 Next Steps  Collecting performance data on IoT devices is time-consuming. We would appreciate help.  In particular, we need  Verification of the gathered data  Data from other crypto libraries  Further tests (energy efficiency, complete DTLS/TLS handshake data, data about various extensions, more data for Curve25519, etc.).  We plan to update <draft-ietf-lwig-tls-minimal> accordingly.

Recommended

Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
SWEET - A Tool for WCET Flow Analysis - Björn Lisper
SWEET - A Tool for WCET Flow Analysis - Björn LisperSWEET - A Tool for WCET Flow Analysis - Björn Lisper
SWEET - A Tool for WCET Flow Analysis - Björn LisperInfinIT - Innovationsnetværket for it
 
Design an I/O system
Design an I/O systemDesign an I/O system
Design an I/O systemAARTHI SEETHA
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating SystemsRohit Joshi
 
DDR SDRAM : Notes
DDR SDRAM : NotesDDR SDRAM : Notes
DDR SDRAM : NotesSubhajit Sahu
 
Overview of Nios II Embedded Processor
Overview of Nios II Embedded ProcessorOverview of Nios II Embedded Processor
Overview of Nios II Embedded ProcessorAltera Corporation
 
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...Arti Parab Academics
 
Introduction to Embedded Architecture
Introduction to Embedded Architecture Introduction to Embedded Architecture
Introduction to Embedded Architecture amrutachintawar239
 

Recommended

Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
SWEET - A Tool for WCET Flow Analysis - Björn Lisper
SWEET - A Tool for WCET Flow Analysis - Björn LisperSWEET - A Tool for WCET Flow Analysis - Björn Lisper
SWEET - A Tool for WCET Flow Analysis - Björn LisperInfinIT - Innovationsnetværket for it
 
Design an I/O system
Design an I/O systemDesign an I/O system
Design an I/O systemAARTHI SEETHA
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating SystemsRohit Joshi
 
DDR SDRAM : Notes
DDR SDRAM : NotesDDR SDRAM : Notes
DDR SDRAM : NotesSubhajit Sahu
 
Overview of Nios II Embedded Processor
Overview of Nios II Embedded ProcessorOverview of Nios II Embedded Processor
Overview of Nios II Embedded ProcessorAltera Corporation
 
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...
EMBEDDED SYSTEMS SYBSC IT SEM IV UNIT V Embedded Systems Integrated Developme...Arti Parab Academics
 
Introduction to Embedded Architecture
Introduction to Embedded Architecture Introduction to Embedded Architecture
Introduction to Embedded Architecture amrutachintawar239
 
System on Chip (SoC)
System on Chip (SoC)System on Chip (SoC)
System on Chip (SoC)Dimas Ruliandi
 
introduction to Embedded System
introduction to Embedded Systemintroduction to Embedded System
introduction to Embedded SystemAnkur Soni
 
301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilog301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilogSrinivas Naidu
 
Asic vs fpga
Asic vs fpgaAsic vs fpga
Asic vs fpgaShalini Kamade
 
Multicore Processors
Multicore ProcessorsMulticore Processors
Multicore ProcessorsSmruti Sarangi
 
Embedded system
Embedded systemEmbedded system
Embedded systemCHANCHAL SONI
 
Hard ip based SoC design
Hard ip based SoC designHard ip based SoC design
Hard ip based SoC designVinchipsytm Vlsitraining
 
Clock Tree Timing 101
Clock Tree Timing 101Clock Tree Timing 101
Clock Tree Timing 101Silicon Labs
 
Types Of Buses
Types Of BusesTypes Of Buses
Types Of BusesAkhil Ahuja
 
SoC Design
SoC DesignSoC Design
SoC DesignVinChip Systems - VinTrain VLSI Academy
 
SoC: System On Chip
SoC: System On ChipSoC: System On Chip
SoC: System On ChipSantosh Verma
 
Processor powerpoint
Processor powerpointProcessor powerpoint
Processor powerpointbrennan_jame
 
Pci express technology 3.0
Pci express technology 3.0Pci express technology 3.0
Pci express technology 3.0Biddika Manjusree
 
Build your career in physical ASIC design
Build your career in physical ASIC designBuild your career in physical ASIC design
Build your career in physical ASIC designMohammed Essam Abd El Samee
 
CS4109 Computer System Architecture
CS4109 Computer System ArchitectureCS4109 Computer System Architecture
CS4109 Computer System Architecturektosri
 
Embedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development toolEmbedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development toolPantech ProLabs India Pvt Ltd
 
ASIC vs SOC vs FPGA
ASIC vs SOC vs FPGAASIC vs SOC vs FPGA
ASIC vs SOC vs FPGAVerification Excellence
 
ASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptxASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptxRameshK531901
 
SOC design
SOC design SOC design
SOC design Vinchipsytm Vlsitraining
 
Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7Mohammad Danish
 
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...IJMTST Journal
 
Trends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient PerformanceTrends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient Performanceinside-BigData.com
 

More Related Content

What's hot

introduction to Embedded System
introduction to Embedded Systemintroduction to Embedded System
introduction to Embedded SystemAnkur Soni
 
301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilog301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilogSrinivas Naidu
 
Clock Tree Timing 101
Clock Tree Timing 101Clock Tree Timing 101
Clock Tree Timing 101Silicon Labs
 
Processor powerpoint
Processor powerpointProcessor powerpoint
Processor powerpointbrennan_jame
 
CS4109 Computer System Architecture
CS4109 Computer System ArchitectureCS4109 Computer System Architecture
CS4109 Computer System Architecturektosri
 
Embedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development toolEmbedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development toolPantech ProLabs India Pvt Ltd
 
ASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptxASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptxRameshK531901
 
Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7Mohammad Danish
 

What's hot (20)

System on Chip (SoC)
System on Chip (SoC)System on Chip (SoC)
System on Chip (SoC)
 
introduction to Embedded System
introduction to Embedded Systemintroduction to Embedded System
introduction to Embedded System
 
301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilog301378156 design-of-sram-in-verilog
301378156 design-of-sram-in-verilog
 
Asic vs fpga
Asic vs fpgaAsic vs fpga
Asic vs fpga
 
Multicore Processors
Multicore ProcessorsMulticore Processors
Multicore Processors
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Hard ip based SoC design
Hard ip based SoC designHard ip based SoC design
Hard ip based SoC design
 
Clock Tree Timing 101
Clock Tree Timing 101Clock Tree Timing 101
Clock Tree Timing 101
 
Types Of Buses
Types Of BusesTypes Of Buses
Types Of Buses
 
SoC Design
SoC DesignSoC Design
SoC Design
 
SoC: System On Chip
SoC: System On ChipSoC: System On Chip
SoC: System On Chip
 
Processor powerpoint
Processor powerpointProcessor powerpoint
Processor powerpoint
 
Pci express technology 3.0
Pci express technology 3.0Pci express technology 3.0
Pci express technology 3.0
 
Build your career in physical ASIC design
Build your career in physical ASIC designBuild your career in physical ASIC design
Build your career in physical ASIC design
 
CS4109 Computer System Architecture
CS4109 Computer System ArchitectureCS4109 Computer System Architecture
CS4109 Computer System Architecture
 
Embedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development toolEmbedded system-Introduction to development cycle and development tool
Embedded system-Introduction to development cycle and development tool
 
ASIC vs SOC vs FPGA
ASIC vs SOC vs FPGAASIC vs SOC vs FPGA
ASIC vs SOC vs FPGA
 
ASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptxASIC Design Fundamentals.pptx
ASIC Design Fundamentals.pptx
 
SOC design
SOC design SOC design
SOC design
 
Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7Difference between Intel i3 i5 i7
Difference between Intel i3 i5 i7
 

Similar to Crypto Performance on ARM Cortex-M Processors

Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...IJMTST Journal
 
Trends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient PerformanceTrends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient Performanceinside-BigData.com
 
Brochure (2016-01-30)
Brochure (2016-01-30)Brochure (2016-01-30)
Brochure (2016-01-30)Jonah McLeod
 
Applications - embedded systems
Applications - embedded systemsApplications - embedded systems
Applications - embedded systemsDr.YNM
 
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptx
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptxQ1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptx
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptxMemory Fabric Forum
 
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)Ontico
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Intel new processors
Intel new processorsIntel new processors
Intel new processorszaid_b
 
Performance of State-of-the-Art Cryptography on ARM-based Microprocessors
Performance of State-of-the-Art Cryptography on ARM-based MicroprocessorsPerformance of State-of-the-Art Cryptography on ARM-based Microprocessors
Performance of State-of-the-Art Cryptography on ARM-based MicroprocessorsHannes Tschofenig
 
AlgorithmStatus2005FEB
AlgorithmStatus2005FEBAlgorithmStatus2005FEB
AlgorithmStatus2005FEBBo Lin
 
PowerDRC/LVS 2.0.1 released by POLYTEDA
PowerDRC/LVS 2.0.1 released by POLYTEDAPowerDRC/LVS 2.0.1 released by POLYTEDA
PowerDRC/LVS 2.0.1 released by POLYTEDAAlexander Grudanov
 
Analysis of symmetric key cryptographic algorithms
Analysis of symmetric key cryptographic algorithmsAnalysis of symmetric key cryptographic algorithms
Analysis of symmetric key cryptographic algorithmsIRJET Journal
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBMIBM Danmark
 
VJITSk 6713 user manual
VJITSk 6713 user manualVJITSk 6713 user manual
VJITSk 6713 user manualkot seelam
 
PCIe Gen 3.0 Presentation @ 4th FPGA Camp
PCIe Gen 3.0 Presentation @ 4th FPGA CampPCIe Gen 3.0 Presentation @ 4th FPGA Camp
PCIe Gen 3.0 Presentation @ 4th FPGA CampFPGA Central
 

Similar to Crypto Performance on ARM Cortex-M Processors (20)

Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
Novel Adaptive Hold Logic Circuit for the Multiplier using Add Round Key and ...
 
Trends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient PerformanceTrends in Systems and How to Get Efficient Performance
Trends in Systems and How to Get Efficient Performance
 
Assignmentdsp
AssignmentdspAssignmentdsp
Assignmentdsp
 
Brochure (2016-01-30)
Brochure (2016-01-30)Brochure (2016-01-30)
Brochure (2016-01-30)
 
Lec09-DSP.pdf
Lec09-DSP.pdfLec09-DSP.pdf
Lec09-DSP.pdf
 
Applications - embedded systems
Applications - embedded systemsApplications - embedded systems
Applications - embedded systems
 
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptx
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptxQ1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptx
Q1 Memory Fabric Forum: Using CXL with AI Applications - Steve Scargall.pptx
 
No[1][1]
No[1][1]No[1][1]
No[1][1]
 
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)
Dataplane networking acceleration with OpenDataplane / Максим Уваров (Linaro)
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Intel new processors
Intel new processorsIntel new processors
Intel new processors
 
Performance of State-of-the-Art Cryptography on ARM-based Microprocessors
Performance of State-of-the-Art Cryptography on ARM-based MicroprocessorsPerformance of State-of-the-Art Cryptography on ARM-based Microprocessors
Performance of State-of-the-Art Cryptography on ARM-based Microprocessors
 
AlgorithmStatus2005FEB
AlgorithmStatus2005FEBAlgorithmStatus2005FEB
AlgorithmStatus2005FEB
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
PowerDRC/LVS 2.0.1 released by POLYTEDA
PowerDRC/LVS 2.0.1 released by POLYTEDAPowerDRC/LVS 2.0.1 released by POLYTEDA
PowerDRC/LVS 2.0.1 released by POLYTEDA
 
Analysis of symmetric key cryptographic algorithms
Analysis of symmetric key cryptographic algorithmsAnalysis of symmetric key cryptographic algorithms
Analysis of symmetric key cryptographic algorithms
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBM
 
VJITSk 6713 user manual
VJITSk 6713 user manualVJITSk 6713 user manual
VJITSk 6713 user manual
 
A04660105
A04660105A04660105
A04660105
 
PCIe Gen 3.0 Presentation @ 4th FPGA Camp
PCIe Gen 3.0 Presentation @ 4th FPGA CampPCIe Gen 3.0 Presentation @ 4th FPGA Camp
PCIe Gen 3.0 Presentation @ 4th FPGA Camp
 

More from Hannes Tschofenig

Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesMeasuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesHannes Tschofenig
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT SecurityHannes Tschofenig
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MHannes Tschofenig
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Hannes Tschofenig
 
How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?Hannes Tschofenig
 
A guide to make your research less successful
A guide to make your research less successfulA guide to make your research less successful
A guide to make your research less successfulHannes Tschofenig
 

More from Hannes Tschofenig (9)

Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesMeasuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT Devices
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2M
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
 
Smart Object Architecture
Smart Object ArchitectureSmart Object Architecture
Smart Object Architecture
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
 
How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?
 
A guide to make your research less successful
A guide to make your research less successfulA guide to make your research less successful
A guide to make your research less successful
 

Recently uploaded

Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 

Crypto Performance on ARM Cortex-M Processors

  • 1. 1 Performance Investigations Hannes Tschofenig, Manuel Pégourié-Gonnard 25th March 2015
  • 2. 2 Motivation  In <draft-ietf-lwig-tls-minimal> we tried to provide guidance for the use of DTLS (TLS) when used in IoT deployments and included performance data to help understand the design tradeoffs.  Later, work in the IETF DICE was started with the profile draft, which offers detailed guidance concerning credential types, communication patterns. It also indicates which extensions to use or not to use.  Goal of <draft-ietf-lwig-tls-minimal> is to offer performance data based on the recommendations in the profile draft.  This presentation is about the current status of gathering performance data for later inclusion into the <draft-ietf-lwig-tls- minimal> document.
  • 3. 3 Performance Data  This is the data we want:  Flash code size  Message size / Communication Overhead  CPU performance  Energy consumption  RAM usage  Also allows us to judge the improvements of various extensions and gives engineers a rough idea what to expect when planning to use DTLS/TLS in an IoT product.  <draft-ietf-lwig-tls-minimal-01> offers preliminary data about  Code size of various basic building blocks (data from one stack only)  Memory (RAM/flash) (pre-shared secret credential only)  Communication overhead (high level only)
  • 4. 4  Goal of the authors: Determine performance of asymmetric cryptography on ARM-based processors.  Next slides explains  Assumptions for the measurements,  ARM processors used for the measurements,  Development boards used,  Actual performance data, and  Comparison with other algorithms. Overview
  • 5. 5  Main focus of the measurements so far was on  raw crypto (and not on protocol exchanges)  ECC rather than RSA  Different ECC curves  Run-time performance (not energy consumption, RAM usage, code size)  No hardware acceleration was used.  Used open source software; code based on PolarSSL/mbed TLS stack.  No hardware-based random number generator in the development platform was used  Not fit for real deployment. Assumptions
  • 6. 6 ARM Cortex-M Processors Lowest cost Low power Lowest power Outstanding energy efficiency Performance efficiency Feature rich connectivity Digital Signal Control (DSC) Processor with DSP Accelerated SIMD Floating point (FP) Processors use the 32-bit RISC architecture http://www.arm.com/products/processors/cortex-m/index.php Recently released; Best performance Processors used in the performance tests
  • 7. 7 Prototyping Boards used in Performance Tests  ST Nucleo F401RE (STM32F401RET6)  ARM Cortex-M4 CPU with FPU at 84MHz  512KB Flash, 96KB SRAM  ST Nucleo F103 (STM32F103RBT6)  ARM Cortex-M4 CPU with FPU at 72MHz  128KB Flash, 20KB SRAM  ST Nucleo L152RE (STM32L152RET6)  ARM Cortex-M3 CPU at 32MHz  512 KBytes Flash, 80KB RAM  ST Nucleo F091 (STM32F091RCT6)  ARM Cortex-M0 CPU at 48MHz  256 KBytes Flash, 32KB RAM  NXP LPC1768  ARM Cortex-M3 CPU at 96MHz  512KB Flash, 32KB RAM  Freescale FRDM-KL25Z  ARM Cortex-M0+ CPU at 48MHz  128KB Flash, 16KB RAM ST Nucleo LPC1768 FRDM-KL25Z
  • 8. 8 ECC Curves  NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1  “Koblitz curves”: secp256k1, secp224k1, secp192k1  Brainpool curves: brainpoolP512r1, brainpoolP384r1, brainpoolP256r1  Curve25519 (only preliminary results).  Note that FIPS186-4 refers to secp192r1 as P-192, secp224r1 as P- 224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as P- 521.
  • 9. 9 Optimizations  NIST Optimization  Utilizes special structure of NIST chosen curves.  Appendix 1 of http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf  Longer version in FIPS PUB 186-4:  http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf  Relevant configuration parameter: POLARSSL_ECP_NIST_OPTIM  Fixed Point Optimization:  Pre-computes points  Described in https://eprint.iacr.org/2004/342.pdf  Relevant configuration parameter: POLARSSL_ECP_FIXED_POINT_OPTIM  Window:  Technique for more efficient exponentation  Sliding window technique described in https://en.wikipedia.org/wiki/Exponentiation_by_squaring  Relevant configuration parameter: POLARSSL_ECP_WINDOW_SIZE (min=2, max=7).
  • 10. 10 ECDSA, ECDHE, and ECDH  Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve variant of the Digital Signature Algorithm (DSA) or, as it is sometimes called, the Digital Signature Standard (DSS).  It is used in TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ciphersuite recommended in CoAP (and consequently also in the DTLS profile draft).  ECDSA, like DSA, has the property that poor randomness used during signature generation can compromise the long-term signing key.  For this reason the deterministic variant of (EC)DSA (RFC 6979) is implemented, which uses the private key as a source or “entropy” to seed a PRNG.  Note: None of the prototyping boards listed in the slide deck provide true random number generation.  CoAP recommends this ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 that makes use of the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE).  The Elliptic Curve Diffie-Hellman (ECDH) is only used for comparison purposes in this slide deck but not used in the recommended ciphersuites.
  • 11. 11 Key Length Symmetric ECC DH/DSA/RSA 80 163 1024 112 233 2048 128 283 3072 192 409 7680 256 571 15360  Tradeoff between security and performance.  Values based on recommendations from RFC 4492.  [I-D.ietf-uta-tls-bcp] recommends at least 112 bits symmetric keys.  A 2013 ENISA report states that an 80bit symmetric key is sufficient for legacy applications but recommends 128 bits for new systems.
  • 12. 12 Observations: Performance Figures  ECDSA signature operation is faster than ECDSA verify operation.  Brainpool curves are slower than NIST curves because Brainpool curves use random primes.  ECC key sizes above 256 bits are substantially slower than ECC curves with key size 192, 224, and 256.  ECDH is only slightly faster than ECDHE (when fixed point optimization is enabled).  CPU speed has a significant impact on the performance.  The performance of symmetric key cryptography (keyed hash functions, encryption functions) is neglectable.
  • 13. 13 Observations: Optimizations  NIST curve optimization provides substantial benefit for NIST secp*r1 curves.  Fixed point optimization has a significant influence on the performance.  There is a performance – RAM usage tradeoff: increased performance comes at the expense of additional RAM usage.  ECC library increases code size but also requires a fair amount of RAM for optimizations (for most curves).
  • 14. 14 ECC Performance of the Cortex M3/M4
  • 15. 15 NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1 Koblitz curves: secp256k1, secp224k1, secp192k1 Performance of various NIST/Koblitz ECC Curves
  • 16. 16 Performance difference between signature vs. verify For comparison: secp192r1 (signature) needs 66msec. For comparison: secp256r1 (signature) needs 122msec.
  • 17. 17 For comparison: Secp256r1 (signature) needs 122msec. Performance of Brainpool Curves
  • 18. 18 For comparison: Secp256r1 (verify) needs 458msec. Performance of Brainpool Curves
  • 19. 19 For comparison: secp192r1 (signature, W=7) needs 66msec. For comparison: secp521r1 (signature, W=7) needs 351msec. Performance impact of the “window” parameter
  • 20. 20 The Performance Impact of the NIST Optimization secp192r1 (ECDHE): 5986 msec (F401RE, optimization disabled) vs. 638 msec (optimization enabled)
  • 21. 21 ECC Performance of the Cortex M0/M0+
  • 28. 28 Performance of ECDHE: L152RE vs. LPC1768 secp192r1 (ECDHE): 1155 msec (L152RE) vs. 229 msec (LPC1768) L152RE: Cortex-M3 with 32MHz LPC1768: Cortex-M3 with 96MHz NIST optimization enabled. Fixed-point speed-up enabled.
  • 29. 29 Performance Comparison: Prototyping Boards 0.00 200.00 400.00 600.00 800.00 1000.00 1200.00 1400.00 1600.00 1800.00 2000.00 LPC1768, 96 MHz, Cortex M3 L152RE, 32 MHz, Cortex M3 F103RB, 72 MHz, Cortex M4 F401RE, 84 MHz, Cortex M4 Time(msec) Prototyping Boards ECDSA Performance (Signature Operation, w=7, NIST Optimization Enabled) secp192r1 secp224r1 secp256r1 secp384r1 secp521r1
  • 31. 31 Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 1458 552 1145 0 200 400 600 800 1000 1200 1400 1600 msec FRDM-KL46Z (Cortex-M0+, 48 MHz) Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 506 58 391 0 100 200 300 400 500 600 msec FRDM-K64F (Cortex-M4, 120 MHz) Notes: • The Curve25519-mbedtls implementation uses a generic libary. Hence, the special properties of Curve25519 are not utilized. • Curve25519 has very low RAM requirements (~1 Kbyte only). • Curve25519-donna is based on the Google implementation. Improvements for M0/M0+ are likely since the code has not been tailored to the architecture. Curve25519-mbedtls Curve25519-donna P256-mbed ECDHE 598 94 432 0 100 200 300 400 500 600 700 msec LPC1768 (Cortex-M3, 96 MHz)
  • 32. 32 The Power of Assembly Optimizations  Example: micro-ecc library  https://github.com/kmackay/micro-ecc/tree/old  Written in C, with optional inline assembly for ARM and Thumb platforms.  LPC1114 at 48MHz (ARM Cortex-M0) ECDH time (ms) secp192r1 secp256r1 LPC1114 175.7 465.1 STM32F091 604,55 1260.9 ECDSA verify time (ms) secp192r1 Secp256r1 LPC1114 217.1 555.2 STM32F091 845.5 1758.8  Performance improvement between 200 and 300 %
  • 34. 34 What was measured?  Heap using a custom memory allocation handler (instead of malloc).  Memory allocated on the stack was not measured (but it is negligible).  Measurement was done on a Linux PC (rather than on the embedded device itself for convenience reasons).  Two aspects investigated:  Memory impact caused by different window parameter changes.  Memory impact caused by FP performance optimization.
  • 38. 38 Summary  To enable certain optimizations sufficient RAM is needed. A tradeoff decision between RAM and speed.  Optimizations pays off.  This slide shows heap usage (NIST optimization enabled). ECDSA-Sign ECDSA-Verify ECDHE W=6, FP 4568 5380 5012 W=2, No FP 2972 3072 2692 0 1000 2000 3000 4000 5000 6000 Bytes Heap Usage (secp256r1)
  • 39. 39 Using ~50 % more RAM increases the performance by a factor 8 or more. ECDSA-Sign ECDSA-Verify ECDHE w=6, FP, NIST 122 458 431 w=6, no FP, NIST 340 677 644 w=2, no FP, NIST 378 759 734 w=2, no FP, no NIST 1893 3788 3781 0 500 1000 1500 2000 2500 3000 3500 4000 msec LPC1768 (secp256r1)
  • 41. 41 Raw Public Keys with TLS_ECDHE_ECDSA_*  TLS / DTLS client needs to perform the following computations: 1. Client verifies the signature covering the Server Key Exchange message that contains the server's ephemeral ECDH public key (and the corresponding elliptic curve domain parameters). 2. Client computes ECDHE. 3. Client creates signature over the Client Key Exchange message containing the client's ephemeral ECDH public key (and the corresponding elliptic curve domain parameters).  Summary:  1 x ECDSA verification for step (1)  1 x ECDHE computation for step (2)  1 x ECDSA signature for step (3)  Example (LPC1768, secp224r1, W=7, FP and NIST optimization enabled)  329msec (ECDSA verification)  303 msec (ECDHE computation)  85 msec (ECDSA signature) Total: 717 msec
  • 42. 42 Applying Results to TLS/DTLS Certificates with TLS_ECDHE_ECDSA_* 1 x ECDSA verification for server certificate CA Certificate Server Certificate CA Certificate Intermediate CA Certificate Server Certificate CA Certificate 1st Intermediate CA Certificate Server Certificate 2nd Intermediate CA Certificate Same as with raw public key plus (assuming no OCSP and certs are signed with ECC certificates) 1 x ECDSA verification for Intermediate CA certificate 1 x ECDSA verification for server certificate 1 x ECDSA verification for 1st Intermediate CA certificate 1 x ECDSA verification for 2nd Intermediate CA certificate 1 x ECDSA verification for server certificate
  • 44. 44 Symmetric Key Cryptography  Secure Hash Algorithm (SHA) creates a fixed length fingerprint based on an arbitrarily long input. The output length of the fingerprint is determined by the hash function itself. For example, SHA256 produces an output of 256 bits.  Advanced Encryption Standard (AES) is an encryption algorithm, which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.  A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.  Examples of modes of operation: CCM, GCM, CBC.  Test relevant information:  SHA computes a hash over a buffer with a length of 1024 bytes.  AES-CBC: 1024 input bytes are encrypted. No integrity protection is used. IV size is 16 bytes.  AES-CCM and AES-GCM: 1024 input bytes are encrypted and integrity protected. No additional data is used. In this version of the test a 12 bytes nonce value is used together with the input data. In addition to the encrypted data a 16 byte tag value is produced.
  • 45. 45 Symmetric Key Crypto: Performance of the KL25Z 2.2 4.2 2.8 3.2 3.6 6 6.5 6.9 5.8 6.7 7.6 0 1 2 3 4 5 6 7 8 SHA-256 SHA-512 AES-CBC- 128 AES-CBC- 192 AES-CBC- 256 AES-GCM- 128 AES-GCM- 192 AES-GCM- 256 AES-CCM- 128 AES-CCM- 192 AES-CCM- 256 Time(msec) Cryptographic Operation
  • 46. 46 Symmetric Key Crypto: Performance of the LPC1768 0.6 1.4 0.7 0.8 0.9 1.8 1.9 2 1.7 1.9 2.1 0 0.5 1 1.5 2 2.5 SHA-256 SHA-512 AES-CBC- 128 AES-CBC- 192 AES-CBC- 256 AES-GCM- 128 AES-GCM- 192 AES-GCM- 256 AES-CCM- 128 AES-CCM- 192 AES-CCM- 256 Time(msec) Cryptographic Operation
  • 47. 47 Conclusion  ECC requires performance-demanding computations. Those take time.  What an acceptable delay is depends on the application.  Many applications only need to run public key cryptographic operations during the initial (session) setup phase and infrequently afterwards.  With session resumption DTLS/TLS uses symmetric key cryptography most of the time (which is lightning fast).  Detailed performance figures depend on the enabled performance optimizations (and indirectly the available RAM size), the key size, the type of curve, and CPU speed.  Choosing the microprocessor based on the expected usage environment is important.
  • 48. 48 Next Steps  Collecting performance data on IoT devices is time-consuming. We would appreciate help.  In particular, we need  Verification of the gathered data  Data from other crypto libraries  Further tests (energy efficiency, complete DTLS/TLS handshake data, data about various extensions, more data for Curve25519, etc.).  We plan to update <draft-ietf-lwig-tls-minimal> accordingly.

Editor's Notes

  1. FP and NIST optimizations enabled.
  2. FP and NIST optimizations enabled.
  3. FP and NIST optimizations enabled.
  4. FP and NIST optimizations enabled.
  5. FP and NIST optimizations enabled.
  6. FP enabled