- Conference and Journals
- Project Archive
PAX is a datapath-scalable, minimalist cryptographic processor architecture for mobile and wireless information appliances. The chief design goal of PAX is to enable security processing at high enough throughputs to fully utilize the high bandwidth connections offered by the existing and emerging wireless technologies. The next-generation cellular and WLAN technologies are expected to have data rates as high as 100 Mbps.
PAX is based on a simple RISC instruction set that is extended with few low-cost instructions and other novel features such as on-chip tables that allow fast parallel table lookups. Prior to PAX, studies in this area belonged to one of three distinct classes (see the Bibliography page for a listing of the works cited). The first of these are the stand-alone crypto-processors with limited programmability, extending only to a select group of cryptographic algorithms. CryptoManiac [WWA01] and Cryptonite [OBH03] are two examples. The second group includes cryptographic accelerators; for example, a very large multiplier [STK00] to accelerate the integer exponentiation operations used in RSA. Studies in the third group extend the instruction set of a general-purpose processor with few new instructions [BMA00, GK03, FL01]. Ideally, the new instructions should have minimal datapath impact and low-cost implementations. PAX differs from these approaches because it is a general-purpose processor designed from scratch and extended with both low-cost ISA-extensions and more advanced features normally used in crypto-processors. In this respect, PAX is a combination of the approaches in the first and third groups above.
Another distinguishing feature of PAX is that it is designed for low-cost, high-performance security processing in constrained environments. In contrast with PAX, most of the previous hardware designs are not evaluated in the context of a complete embedded processor design for wireless appliances, or they have energy requirements that limit their usefulness in battery-powered devices. We address both of these concerns in the design and verification of PAX.
PAX is similar to PLX in that it is a minimalist RISC-like instruction set with few low-cost architectural features that provide huge speedups in the target application set. PAX also has the datapath scalability feature, which was first introduced in PLX. Datapath scalability allows PAX to exploit more parallelism than is possible with the more common microarchitectural methods such as superscalar, VLIW, or subword parallelism. This leads to additional speedups of 4x for symmetric-key ciphers and 10x for public-key ciphers.
We use the mCrypt cipher suite to test and verify the performance of PAX. mCrypt is made up of 25 commonly-used cryptography algorithms; in particular it includes algorithms that are desirable in mobile and wireless environments such as Elliptic Curve Cryptography. Algorithm descriptions and links to source codes are also given on the mCrypt page.
In addition to architecture definition and performance verification, we also aim is to provide the source code and the software tools to allow others to evaluate and improve the PAX architecture. These include an assembler, a simulator, benchmark applications (mCrypt), and the hardware definition files for the functional units of a PAX processor. When these tools are ready for distribution, we will make them available for download on this page.
We foresee two major application of our work. Due to its low cost and high-performance, PAX can be directly employed in mobile information appliances as a small stand-alone RISC processor. Alternatively, PAX extensions can be added to the base instruction sets of existing general-purpose processors for higher performance security processing.
PAX is a project of the Princeton Architecture Laboratory for Multimedia and Security (PALMS) at the Department of Electrical Engineering at Princeton University.