Design and Evaluation of Bit-sliced Neural Network and Post-Quantum Implementations

Singh, Richa

Etd

Design and Evaluation of Bit-sliced Neural Network and Post-Quantum Implementations

Public

Bit-slicing is a software implementation technique that treats an N-bit processor datapath as N parallel single-bit datapaths. Bit-slice computation ensures that every bit of an N-bit processor word contributes useful work even while computing a limited-precision n-bit (with n < N) operation. This way it will produce high throughput software implementations. Further, bit-sliced software have natural spatial redundancy that can be used to build countermeasures against implementation attacks. This thesis investigates both these applications of bit-slicing technique in two different domains: Neural Networks, by improving the performance of its most common operation that is Matrix Multiplication, and Post-Quantum Lattice-based algorithms, by protecting its key operation that is Number-Theoretic Transform (NTT) using bit-sliced spatial redundancy against fault injection attacks. As the number of applications of neural networks continues to grow, so does the need to efficiently perform inference computations on highly constrained devices. In first part of this thesis, we propose a methodology to accelerate neural networks in software. We exploit the limited-precision requirements of typical neural networks by formulating recurring operations in a bit-slice computation format. We developed bit-sliced designs of matrix multiplication and evaluated their performance. Our target is a small microcontroller, and we rely solely on software optimization. Our driving application is a neural network classifier for the MNIST database. Range-Based Linear Quantization in symmetric mode quantizes pre-trained 32-bit floating point weights and activation to low-precision data-widths. Experiments on RISC-V with varying levels of hardware-support show that for data-widths common to neural network applications, the bit-sliced code produces a speedup over traditional methods, which leads to faster and efficient inference without incurring significant loss in accuracy. For example, 8-bit matrix multiplications are sped up by a factor of 2.62x when compared with non-bitsliced rv32i ISA implementation with no hardware multiplier. We are not aware of application of bit-slicing to matrix multiplication and neural network (NN) computation. While the merits of bit-slicing for side-channel countermeasures have been studied before, their application for protection of post-quantum algorithms against fault injection is still unexplored. In second part of this thesis, we present an end-to-end analysis of the efficacy of bit-slicing to detect and thwart electromagnetic fault injection (EMFI) attacks on post-quantum cryptography (PQC). We study Dilithium, a digital signature finalist of the NIST PQC competition. We present a bit-slice-redundant design for the NTT, the most complex and compute-intensive component in Dilithium. We show a data-redundant countermeasure for NTT which offers two concurrent bits for every single bit in the original implementation. We then implement a full Dilithium signature sequence on a 667 MHz ARM Cortex-A9 processor integrated in a Xilinx Zynq SoC. We perform a detailed EM fault-injection parameter search to optimize the location, intensity, and timing of injected EM pulses. We demonstrate that, under optimized fault injection parameters, about 10% of the injected faults become potentially exploitable. However, the bit-sliced NTT design is able to catch the majority of these potentially exploitable faults, even when the remainder of the Dilithium algorithm as well as the control flow is left unprotected. We also demonstrate the effectiveness of our countermeasure against a well-known software-induced fault attack, Plundervolt performed on an Intel PC. Even though it is patched through software, the root cause still exists. To our knowledge, this is the first demonstration of a bitslice-redundant design of Dilithium that offers distributed fault detection throughout the execution of the algorithm.

Creator