| 1 |
11 |
homer.hsin |
/*
|
| 2 |
|
|
Copyright 2012 Homer Hsing
|
| 3 |
|
|
|
| 4 |
|
|
This file is part of Tiny Tate Bilinear Pairing Core.
|
| 5 |
|
|
|
| 6 |
|
|
Tiny Tate Bilinear Pairing Core is free software: you can redistribute it and/or modify
|
| 7 |
|
|
it under the terms of the GNU Lesser General Public License as published by
|
| 8 |
|
|
the Free Software Foundation, either version 3 of the License, or
|
| 9 |
|
|
(at your option) any later version.
|
| 10 |
|
|
|
| 11 |
|
|
Tiny Tate Bilinear Pairing Core is distributed in the hope that it will be useful,
|
| 12 |
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 13 |
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 14 |
|
|
GNU Lesser General Public License for more details.
|
| 15 |
|
|
|
| 16 |
|
|
You should have received a copy of the GNU Lesser General Public License
|
| 17 |
|
|
along with Tiny Tate Bilinear Pairing Core. If not, see http://www.gnu.org/licenses/lgpl.txt
|
| 18 |
|
|
*/
|
| 19 |
|
|
|
| 20 |
|
|
`define M 593 // M is the degree of the irreducible polynomial
|
| 21 |
|
|
`define WIDTH (2*`M-1) // width for a GF(3^M) element
|
| 22 |
|
|
`define WIDTH_D0 1187
|
| 23 |
|
|
|
| 24 |
|
|
/* PE: processing element */
|
| 25 |
|
|
module PE(clk, reset, ctrl, d0, d1, d2, out);
|
| 26 |
|
|
input clk;
|
| 27 |
|
|
input reset;
|
| 28 |
|
|
input [10:0] ctrl;
|
| 29 |
|
|
input [`WIDTH_D0:0] d0;
|
| 30 |
|
|
input [`WIDTH:0] d1, d2;
|
| 31 |
|
|
output [`WIDTH:0] out;
|
| 32 |
|
|
|
| 33 |
|
|
reg [`WIDTH_D0:0] R0;
|
| 34 |
|
|
reg [`WIDTH:0] R1, R2, R3;
|
| 35 |
|
|
wire [1:0] e0, e1, e2; /* part of R0 */
|
| 36 |
|
|
wire [`WIDTH:0] ppg0, ppg1, ppg2, /* output of PPG */
|
| 37 |
|
|
mx0, mx1, mx2, mx3, mx4, mx5, mx6, /* output of MUX */
|
| 38 |
|
|
ad0, ad1, ad2, /* output of GF(3^m) adder */
|
| 39 |
|
|
cu0, cu1, cu2, /* output of cubic */
|
| 40 |
|
|
mo0, mo1, mo2, /* output of mod_p */
|
| 41 |
|
|
t0, t1, t2;
|
| 42 |
|
|
wire c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10;
|
| 43 |
|
|
|
| 44 |
|
|
assign {c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10} = ctrl;
|
| 45 |
|
|
assign mx0 = c0 ? d1 : ad2;
|
| 46 |
|
|
assign mx1 = c2 ? d2 : ad2;
|
| 47 |
|
|
always @ (posedge clk)
|
| 48 |
|
|
if(reset) R1 <= 0;
|
| 49 |
|
|
else if (c1) R1 <= mx0;
|
| 50 |
|
|
always @ (posedge clk)
|
| 51 |
|
|
if(reset) R2 <= 0;
|
| 52 |
|
|
else if (c3) R2 <= mx1;
|
| 53 |
|
|
always @ (posedge clk)
|
| 54 |
|
|
if(reset) R0 <= 0;
|
| 55 |
|
|
else if (c4) R0 <= d0;
|
| 56 |
|
|
else if (c5) R0 <= R0 << 6;
|
| 57 |
|
|
assign {e2,e1,e0} = R0[`WIDTH_D0:(`WIDTH_D0-5)];
|
| 58 |
|
|
PPG
|
| 59 |
|
|
ppg_0 (e0, R1, ppg0),
|
| 60 |
|
|
ppg_1 (e1, R2, ppg1),
|
| 61 |
|
|
ppg_2 (e2, R1, ppg2);
|
| 62 |
|
|
v0 v0_ (ppg0, cu0);
|
| 63 |
|
|
v1 v1_ (ppg1, cu1);
|
| 64 |
|
|
v2 v2_ (ppg2, cu2);
|
| 65 |
|
|
assign mx2 = c6 ? ppg0 : cu0;
|
| 66 |
|
|
assign mx3 = c6 ? ppg1 : cu1;
|
| 67 |
|
|
assign mx4 = c6 ? mo1 : cu2;
|
| 68 |
|
|
assign mx5 = c7 ? mo2 : R3;
|
| 69 |
|
|
mod_p
|
| 70 |
|
|
mod_p_0 (mx3, mo0),
|
| 71 |
|
|
mod_p_1 (ppg2, t0),
|
| 72 |
|
|
mod_p_2 (t0, mo1),
|
| 73 |
|
|
mod_p_3 (R3, t1),
|
| 74 |
|
|
mod_p_4 (t1, t2),
|
| 75 |
|
|
mod_p_5 (t2, mo2);
|
| 76 |
|
|
assign mx6 = c9 ? mo0 : mx3;
|
| 77 |
|
|
f3m_add
|
| 78 |
|
|
f3m_add_0 (mx2, mx6, ad0),
|
| 79 |
|
|
f3m_add_1 (mx4, c8 ? mx5 : 0, ad1),
|
| 80 |
|
|
f3m_add_2 (ad0, ad1, ad2);
|
| 81 |
|
|
always @ (posedge clk)
|
| 82 |
|
|
if (reset) R3 <= 0;
|
| 83 |
|
|
else if (c10) R3 <= ad2;
|
| 84 |
|
|
else R3 <= 0; /* change */
|
| 85 |
|
|
assign out = R3;
|
| 86 |
|
|
endmodule
|
| 87 |
|
|
|
| 88 |
|
|
// C = (x*B mod p(x))
|
| 89 |
|
|
module mod_p(B, C);
|
| 90 |
|
|
input [`WIDTH:0] B;
|
| 91 |
|
|
output [`WIDTH:0] C;
|
| 92 |
|
|
wire [`WIDTH+2:0] A;
|
| 93 |
|
|
assign A = {B[`WIDTH:0], 2'd0}; // A == B*x
|
| 94 |
|
|
wire [1:0] w0;
|
| 95 |
|
|
f3_mult m0 (A[1187:1186], 2'd2, w0);
|
| 96 |
|
|
f3_sub s0 (A[1:0], w0, C[1:0]);
|
| 97 |
|
|
assign C[223:2] = A[223:2];
|
| 98 |
|
|
wire [1:0] w112;
|
| 99 |
|
|
f3_mult m112 (A[1187:1186], 2'd1, w112);
|
| 100 |
|
|
f3_sub s112 (A[225:224], w112, C[225:224]);
|
| 101 |
|
|
assign C[1185:226] = A[1185:226];
|
| 102 |
|
|
endmodule
|
| 103 |
|
|
|
| 104 |
|
|
// PPG: partial product generator, C == A*d in GF(3^m)
|
| 105 |
|
|
module PPG(d, A, C);
|
| 106 |
|
|
input [1:0] d;
|
| 107 |
|
|
input [`WIDTH:0] A;
|
| 108 |
|
|
output [`WIDTH:0] C;
|
| 109 |
|
|
genvar i;
|
| 110 |
|
|
generate
|
| 111 |
|
|
for (i=0; i < `M; i=i+1)
|
| 112 |
|
|
begin: ppg0
|
| 113 |
|
|
f3_mult f3_mult_0 (d, A[2*i+1:2*i], C[2*i+1:2*i]);
|
| 114 |
|
|
end
|
| 115 |
|
|
endgenerate
|
| 116 |
|
|
endmodule
|
| 117 |
|
|
|
| 118 |
|
|
// f3m_add: C = A + B, in field F_{3^M}
|
| 119 |
|
|
module f3m_add(A, B, C);
|
| 120 |
|
|
input [`WIDTH : 0] A, B;
|
| 121 |
|
|
output [`WIDTH : 0] C;
|
| 122 |
|
|
genvar i;
|
| 123 |
|
|
generate
|
| 124 |
|
|
for(i=0; i<`M; i=i+1) begin: aa
|
| 125 |
|
|
f3_add aa(A[(2*i+1) : 2*i], B[(2*i+1) : 2*i], C[(2*i+1) : 2*i]);
|
| 126 |
|
|
end
|
| 127 |
|
|
endgenerate
|
| 128 |
|
|
endmodule
|
| 129 |
|
|
|
| 130 |
|
|
// f3_add: C == A+B (mod 3)
|
| 131 |
|
|
module f3_add(A, B, C);
|
| 132 |
|
|
input [1:0] A, B;
|
| 133 |
|
|
output [1:0] C;
|
| 134 |
|
|
wire a0, a1, b0, b1, c0, c1;
|
| 135 |
|
|
assign {a1, a0} = A;
|
| 136 |
|
|
assign {b1, b0} = B;
|
| 137 |
|
|
assign C = {c1, c0};
|
| 138 |
|
|
assign c0 = ( a0 & ~a1 & ~b0 & ~b1) |
|
| 139 |
|
|
(~a0 & ~a1 & b0 & ~b1) |
|
| 140 |
|
|
(~a0 & a1 & ~b0 & b1) ;
|
| 141 |
|
|
assign c1 = (~a0 & a1 & ~b0 & ~b1) |
|
| 142 |
|
|
( a0 & ~a1 & b0 & ~b1) |
|
| 143 |
|
|
(~a0 & ~a1 & ~b0 & b1) ;
|
| 144 |
|
|
endmodule
|
| 145 |
|
|
|
| 146 |
|
|
// f3_sub: C == A-B (mod 3)
|
| 147 |
|
|
module f3_sub(A, B, C);
|
| 148 |
|
|
input [1:0] A, B;
|
| 149 |
|
|
output [1:0] C;
|
| 150 |
|
|
f3_add a0(A, {B[0],B[1]}, C);
|
| 151 |
|
|
endmodule
|
| 152 |
|
|
|
| 153 |
|
|
// f3_mult: C = A*B (mod 3)
|
| 154 |
|
|
module f3_mult(A, B, C);
|
| 155 |
|
|
input [1:0] A;
|
| 156 |
|
|
input [1:0] B;
|
| 157 |
|
|
output [1:0] C;
|
| 158 |
|
|
wire a0, a1, b0, b1;
|
| 159 |
|
|
assign {a1, a0} = A;
|
| 160 |
|
|
assign {b1, b0} = B;
|
| 161 |
|
|
assign C[0] = (~a1 & a0 & ~b1 & b0) | (a1 & ~a0 & b1 & ~b0);
|
| 162 |
|
|
assign C[1] = (~a1 & a0 & b1 & ~b0) | (a1 & ~a0 & ~b1 & b0);
|
| 163 |
|
|
endmodule
|
