Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-10-21 | Entire CRT signature algorithm works by now. | Pavel V. Shatov (Meister) | |
Moved micro-operations handler into a separate module file, this way we don't have any synthesized stuff in the top-level module, just instantiations. This is more consistent from the design partitioning point of view. Btw, Xilinx claims their tools work better that way too, but who knows... Added optional simulation-only code to assist debugging. Un-comment the ENABLE_DEBUG `define in 'rtl/modexpng_parameters.vh' to use, but don't ever try to synthesize the core with debugging enabled. | |||
2019-10-21 | Added the regular (not modular) addition operation required during the final | Pavel V. Shatov (Meister) | |
step of the Garner's formula algorithm. Note, that the addition is "uneven" in the sense, that the first operand is full-size (as wide as the modulus), while the second one is only half the size. The adder internally banks the second input port during the second half of the addition. | |||
2019-10-21 | Added "MERGE_LH" micro-operation. To be able to do Garner's formula we need | Pavel V. Shatov (Meister) | |
regular (not modular) multiplication. We're doing this by telling the modular multiplier to stop after the "square" step, which computes A*B. The problem is that the multiplier stores the lower part of the product in the internal bank L and the upper part in the internal bank H, but we need to be able to do operations on the product as a whole. MERGE_LH that combines the two halves of the product into one bank. | |||
2019-10-21 | Refactored general worker module | Pavel V. Shatov (Meister) | |
Added modular subtraction micro-operation | |||
2019-10-03 | Added more micro-operations, entire Montgomery exponentiation ladder works now. | Pavel V. Shatov (Meister) | |
2019-10-03 | Added more micro-operations, also added "general worker" module. The worker ↵ | Pavel V. Shatov (Meister) | |
is basically a block memory data mover, but it can also do some supporting operations required for the Garner's formula part of the exponentiation. | |||
2019-10-03 | Expanded micro-operation parameters (added dedicated control bit to force ↵ | Pavel V. Shatov (Meister) | |
the B input of the modular multiplier to 1, this is necessary to bring numbers out of Montgomery domain). | |||
2019-10-03 | Reworked storage architecture (moved I/O memory to a separate module, since ↵ | Pavel V. Shatov (Meister) | |
there's only one instance of input/output values, while storage manager has dual storage space for P and Q multipliers). Started working on microcoded layer, added input operation and modular multiplication. | |||
2019-10-03 | Redesigned storage modules, added top-level module, added I/O storage space. | Pavel V. Shatov (Meister) | |
2019-10-01 | Redesigned core architecture, unified bank structure. All storage blocks now | Pavel V. Shatov (Meister) | |
have eight 4kbit entries and occupy one 36K BRAM tile. | |||
2019-10-01 | Major rewrite (different core hierarchy, buses, wrappers, etc). | Pavel V. Shatov (Meister) | |
2019-10-01 | Implemented the final stage of the Montgomery modular multiplication, i.e. | Pavel V. Shatov (Meister) | |
addition of AB and M then reduction by right-shift. | |||
2019-10-01 | Further work on the Montgomery modular multiplier. Added the third | Pavel V. Shatov (Meister) | |
"rectangular" stage of the multiplication process, i.e. computation of how many copies of the modulus N to add to the intermediate product AB to zeroize the lower half: M = Q * N. | |||
2019-10-01 | Further work on the Montgomery modular multiplier. Can now to the "triangular" | Pavel V. Shatov (Meister) | |
part of multiplication, i.e. compute the "magic" reduction coefficient Q = LSB(AB) * N_COEFF. | |||
2019-10-01 | Started working on the pipelined Montgomery modular multiplier. Currently can | Pavel V. Shatov (Meister) | |
do the "square" part of the multiplication, i.e. compute the twice larger intermediate product AB = A * B. | |||
2019-10-01 | Moved to "modexpng_fpga_model" repo, this one was meant for Verilog. | Pavel V. Shatov (Meister) | |
2019-08-19 | * More cleanup (got rid of .wide. and .narrow.) | Pavel V. Shatov (Meister) | |
* Working microcode for non-CRT exponentiation (i.e. when only d is known) | |||
2019-08-19 | * MASSIVE CLEANUP | Pavel V. Shatov (Meister) | |
* All the data buses are now either 16 or 18 bits wide for consistency * More consistent naming of micro-operations * More debugging options (can specify which ladder iteration to dump) | |||
2019-08-19 | * Added more micro-operations | Pavel V. Shatov (Meister) | |
* Working microcode for CRT exponentiation * Further refactoring | |||
2019-08-19 | * Started conversion of the model to use micro-operations | Pavel V. Shatov (Meister) | |
* Added initial operand bank structure (working "wide"/"narrow" pairs plus input & output banks). The core has four pairs of working banks (X.X and X.Y for Montgomery ladder with modulus P, Y.X and Y.Y for modulus Q) | |||
2019-08-19 | * Added more debugging options: | Pavel V. Shatov (Meister) | |
- intentionally trigger internal overflow handler - dump MAC inputs - dump intermediate numbers during the reduction phase * Bus widths changes * Some cosmetic changes | |||
2019-04-04 | Intermediate version to fix recombinaton overflow bug. | Pavel V. Shatov (Meister) | |
2019-04-04 | Fixed 4096-bit test vector generation. | Pavel V. Shatov (Meister) | |
2019-04-02 | Removed some boilerplate code, all the three multiplication flavours are now | Pavel V. Shatov (Meister) | |
working consistently. Still need to rework recombination routines. | |||
2019-04-02 | Cosmetic fixes. | Pavel V. Shatov (Meister) | |
2019-04-02 | Same changes for "triangle" multiplication phase as for the "square" one | Pavel V. Shatov (Meister) | |
(debugging output, simpler MAC clearing and index rotation logic). | |||
2019-04-02 | Rewrote "square" recombination to match how it works in hardware. | Pavel V. Shatov (Meister) | |
2019-03-30 | * more debugging output | Pavel V. Shatov (Meister) | |
* more precise modelling of DSP slice | |||
2019-03-24 | Simplified index calculation and accumulator clearing logic. | Pavel V. Shatov (Meister) | |
Better debug printout of accumulators. | |||
2019-03-23 | Added optional output of intermediate quantities for debugging. | Pavel V. Shatov (Meister) | |
Reworked index rotation code for better readability. | |||
2019-03-23 | Mutate blinding tuple. | Pavel V. Shatov (Meister) | |
2019-03-23 | Added blinding into math model. | Pavel V. Shatov (Meister) | |
2019-03-23 | ModExpNG ("Next Generation") math model. | Pavel V. Shatov (Meister) | |
2019-03-23 | Updated readme file. | Pavel V. Shatov (Meister) | |
2019-03-23 | Added blinding support to test vector generation scripts. | Pavel V. Shatov (Meister) | |
2019-03-23 | Instructions on how to use the vector generation scripts. | Pavel V. Shatov (Meister) | |
2019-03-23 | Don't track the test vector itself. | Pavel V. Shatov (Meister) | |
2019-03-23 | Randomized test vector generation scripts for ModExpNG. | Pavel V. Shatov (Meister) | |