Add ECC Radix48 feature (#321)

* updated mont multiplier to radix 64 * updated mont mult for radix 48 * distinguished radix from data_width --------- Co-authored-by: Mojtaba Bisheh Niasar <[email protected]>
chipsalliance · Dec 2, 2023 · 9c5060e · 9c5060e
1 parent e181daf
commit 9c5060e
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 34 deletions.
diff --git a/src/ecc/rtl/ecc_dsa_ctrl.sv b/src/ecc/rtl/ecc_dsa_ctrl.sv
@@ -90,15 +90,15 @@ module ecc_dsa_ctrl
     //----------------------------------------------------------------
 
     localparam [RND_SIZE-1 : 0]  zero_pad               = '0;
-    localparam REG_NUM_DWORDS = REG_SIZE / RADIX;
+    localparam REG_NUM_DWORDS = REG_SIZE / DATA_WIDTH;
     //----------------------------------------------------------------
     // Registers including update variables and write enable.
     //----------------------------------------------------------------
-    logic [DSA_PROG_ADDR_W-1 : 0]           prog_cntr;
+    logic [DSA_PROG_ADDR_W-1 : 0]                prog_cntr;
 
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] read_reg;
-    logic [(REG_SIZE+RND_SIZE)-1 : 0]       write_reg;
-    logic [1 : 0]                           cycle_cnt;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] read_reg;
+    logic [(REG_SIZE+RND_SIZE)-1 : 0]            write_reg;
+    logic [1 : 0]                                cycle_cnt;
 
     logic zeroize_reg;
 
@@ -128,17 +128,17 @@ module ecc_dsa_ctrl
 
     logic [1  : 0]          cmd_reg;
     logic [2  : 0]          pm_cmd_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  msg_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  msg_reduced_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  privkey_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  kv_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  pubkeyx_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  pubkeyy_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  seed_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  nonce_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  r_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  s_reg;
-    logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0]  IV_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  msg_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  msg_reduced_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  privkey_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  kv_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  pubkeyx_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  pubkeyy_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  seed_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  nonce_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  r_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  s_reg;
+    logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0]  IV_reg;
     logic [REG_SIZE-1 : 0]  lambda;
     logic [REG_SIZE-1 : 0]  lambda_reg;
     logic [REG_SIZE-1 : 0]  masking_rnd;
@@ -228,7 +228,7 @@ module ecc_dsa_ctrl
     ecc_arith_unit #(
         .REG_SIZE(REG_SIZE),
         .RND_SIZE(RND_SIZE),
-        .RADIX(RADIX),
+        .RADIX(MULT_RADIX),
         .ADDR_WIDTH(DSA_OPR_ADDR_WIDTH),
         .p_prime(PRIME),
         .p_mu(PRIME_mu),
@@ -276,7 +276,7 @@ module ecc_dsa_ctrl
     ecc_scalar_blinding #(
         .REG_SIZE(REG_SIZE),
         .RND_SIZE(RND_SIZE),
-        .RADIX(RADIX),
+        .RADIX(SCALAR_BLIND_RADIX),
         .GROUP_ORDER(GROUP_ORDER)
         )
         ecc_scalar_blinding_i(

diff --git a/src/ecc/rtl/ecc_params_pkg.sv b/src/ecc/rtl/ecc_params_pkg.sv
@@ -39,9 +39,11 @@ package ecc_params_pkg;
   parameter [9 : 0] REG_SIZE     = 10'd384;
   parameter [9 : 0] RND_SIZE     = 10'd192;  // half of REG_SIZE based on Schindler W, Wiemers A (2015) Efficient side-channel attacks on
                                              // scalar blinding on elliptic curves with special structure. In: NIST Workshop on ECC standards
-  parameter REG_NUM_DWORDS       = REG_SIZE/32;
+  parameter DATA_WIDTH           = 32;
+  parameter REG_NUM_DWORDS       = REG_SIZE/DATA_WIDTH;
   parameter REG_OFFSET_W         = $clog2(REG_NUM_DWORDS);
-  parameter RADIX                = 32;
+  parameter MULT_RADIX           = 48;
+  parameter SCALAR_BLIND_RADIX   = 32;
   parameter ADD_NUM_ADDS         = 1;
   parameter ADD_BASE_SZ          = 384;
 
@@ -50,21 +52,21 @@ package ecc_params_pkg;
   parameter [REG_SIZE-1 : 0] GROUP_ORDER = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973;
 
   // prime parameters in Montgomery domain
-  parameter [REG_SIZE-1 : 0] ZERO_CONST  = 384'h0;
-  parameter [REG_SIZE-1 : 0] ONE_CONST   = 384'h1;
-  parameter [REG_SIZE-1 : 0] E_a_MONT    = 384'hfffffffffffffffffffffffffffffffffffffffffffffffffffffffcfffffffbffffffff00000002fffffffdffffffff;
-  parameter [REG_SIZE-1 : 0] E_b_MONT    = 384'h604fbff9b62b21f41f022094e3374bee94938ae277f2209b1920022fc431bf244754443708118870d0391c81cd08114b;
-  parameter [REG_SIZE-1 : 0] E_3b_MONT   = 384'h20ef3fed228165dc5d0661bea9a5e3cbbdbaa0a767d661d14b60068f4c953d6dd5fccca61834995270ab5584671833e2;
-  parameter [REG_SIZE-1 : 0] ONE_p_MONT  = 384'h100000000ffffffffffffffff0000000100000000;
-  parameter [REG_SIZE-1 : 0] R2_p_MONT   = 384'h10000000200000000fffffffe000000000000000200000000fffffffe000000010000000000000000;
-  parameter [REG_SIZE-1 : 0] G_X_MONT    = 384'h299e1513812ff723614ede2b6454868459a30eff879c3afc541b4d6e6e1e26a4ee117bfa3dd07565fc8607664d3aadc2;
-  parameter [REG_SIZE-1 : 0] G_Y_MONT    = 384'h5a15c5e9dd8002263969a840c6c3521968f4ffd98bade7562e83b050cd385481a72d556e23043dad1f8af93c2b78abc2;
-  parameter [RADIX-1 : 0]    PRIME_mu    = 32'h00000001;
+  parameter [REG_SIZE-1   : 0] ZERO_CONST  = 384'h0;
+  parameter [REG_SIZE-1   : 0] ONE_CONST   = 384'h1;
+  parameter [REG_SIZE-1   : 0] E_a_MONT    = 384'hfffffffffffffffffffffffffffffffffffffffffffffffffffcfffffffcfffeffffffff0002fffffffd0000ffffffff;
+  parameter [REG_SIZE-1   : 0] E_b_MONT    = 384'hbff9b62b21f41f022094e3374bee94938ae277f2209b1920022fc431bf24a7a3443768608870d0391c816cb9114b604f;
+  parameter [REG_SIZE-1   : 0] E_3b_MONT   = 384'h3fed228165dc5d0661bea9a5e3cbbdbaa0a767d661d14b60068f4c953d6df6ebcca63923995270ab5584462933e220ef;
+  parameter [REG_SIZE-1   : 0] ONE_p_MONT  = 384'h100000000ffffffffffffffff00000001000000000000;
+  parameter [REG_SIZE-1   : 0] R2_p_MONT   = 384'h10000000200000000fffffffe000000000000000200000000fffffffe00000001000000000000000000000000;
+  parameter [REG_SIZE-1   : 0] G_X_MONT    = 384'h1513812ff723614ede2b6454868459a30eff879c3afc541b4d6e6e1e26a517af7bfa676e7565fc860766239cadc2299e;
+  parameter [REG_SIZE-1   : 0] G_Y_MONT    = 384'hc5e9dd8002263969a840c6c3521968f4ffd98bade7562e83b050cd3854820142556e7d193dad1f8af93bd163abc25a15;
+  parameter [MULT_RADIX-1 : 0] PRIME_mu    = 64'h100000001;
 
   // group order parameters in Montgomery domain
-  parameter [REG_SIZE-1 : 0] R2_q_MONT   = 384'h3fb05b7a28266895d40d49174aab1cc5bf030606de609f43be80721782118942bfd3ccc974971bd0d8d34124f50ddb2d;
-  parameter [REG_SIZE-1 : 0] ONE_q_MONT  = 384'h389cb27e0bc8d220a7e5f24db74f58851313e695333ad68d00000000;
-  parameter [RADIX-1 : 0] GROUP_ORDER_mu = 32'he88fdc45;
+  parameter [REG_SIZE-1   : 0] R2_q_MONT      = 384'h28266895d40d49174aab1cc5bf030606de609f43cc9601f9ebbfed4b3ffe90bfead8c2590449c1c55daf7abd883e5e32;
+  parameter [REG_SIZE-1   : 0] ONE_q_MONT     = 384'h389cb27e0bc8d220a7e5f24db74f58851313e695333ad68d000000000000;
+  parameter [MULT_RADIX-1 : 0] GROUP_ORDER_mu = 64'h6089e88fdc45;
 
 endpackage
 

diff --git a/src/ecc/rtl/ecc_pm_ctrl.sv b/src/ecc/rtl/ecc_pm_ctrl.sv
@@ -65,7 +65,7 @@ module ecc_pm_ctrl
     //----------------------------------------------------------------
     // Internal constant and parameter definitions.
     //----------------------------------------------------------------
-    localparam [7 : 0] MULT_DELAY          = 8'd39; //40 -1;
+    localparam [7 : 0] MULT_DELAY          = 8'd27; //28 -1;
     localparam [7 : 0] ADD_DELAY           = 8'd1;  // 2 -1;
 
     localparam [9 : 0] Secp384_SCA_MONT_COUNT   = REG_SIZE[9 : 0] + RND_SIZE[9 : 0];