PAX
What is PAX?
About PAX
PAX is a datapath-scalable, minimalist cryptographic processor architecture for mobile and wireless information appliances. The chief design goal of PAX is to enable security processing at high enough throughputs to fully utilize the high bandwidth connections offered by the existing and emerging wireless technologies. The next-generation cellular and WLAN technologies are expected to have data rates as high as 100 Mbps.
PAX is based on a simple RISC instruction set that is extended with few low-cost instructions and other novel features such as on-chip tables that allow fast parallel table lookups. Prior to PAX, studies in this area belonged to one of three distinct classes (see the Bibliography page for a listing of the works cited). The first of these are the stand-alone crypto-processors with limited programmability, extending only to a select group of cryptographic algorithms. CryptoManiac [WWA01] and Cryptonite [OBH03] are two examples. The second group includes cryptographic accelerators; for example, a very large multiplier [STK00] to accelerate the integer exponentiation operations used in RSA. Studies in the third group extend the instruction set of a general-purpose processor with few new instructions [BMA00, GK03, FL01]. Ideally, the new instructions should have minimal datapath impact and low-cost implementations. PAX differs from these approaches because it is a general-purpose processor designed from scratch and extended with both low-cost ISA-extensions and more advanced features normally used in crypto-processors. In this respect, PAX is a combination of the approaches in the first and third groups above.
Another distinguishing feature of PAX is that it is designed for low-cost, high-performance security processing in constrained environments. In contrast with PAX, most of the previous hardware designs are not evaluated in the context of a complete embedded processor design for wireless appliances, or they have energy requirements that limit their usefulness in battery-powered devices. We address both of these concerns in the design and verification of PAX.
PAX is similar to PLX in that it is a minimalist RISC-like instruction set with few low-cost architectural features that provide huge speedups in the target application set. PAX also has the datapath scalability feature, which was first introduced in PLX. Datapath scalability allows PAX to exploit more parallelism than is possible with the more common microarchitectural methods such as superscalar, VLIW, or subword parallelism. This leads to additional speedups of 4x for symmetric-key ciphers and 10x for public-key ciphers.
We use the mCrypt cipher suite to test and verify the performance of PAX. mCrypt is made up of 25 commonly-used cryptography algorithms; in particular it includes algorithms that are desirable in mobile and wireless environments such as Elliptic Curve Cryptography. Algorithm descriptions and links to source codes are also given on the mCrypt page.
In addition to architecture definition and performance verification, we also aim is to provide the source code and the software tools to allow others to evaluate and improve the PAX architecture. These include an assembler, a simulator, benchmark applications (mCrypt), and the hardware definition files for the functional units of a PAX processor. When these tools are ready for distribution, we will make them available for download on this page.
We foresee two major application of our work. Due to its low cost and high-performance, PAX can be directly employed in mobile information appliances as a small stand-alone RISC processor. Alternatively, PAX extensions can be added to the base instruction sets of existing general-purpose processors for higher performance security processing.
PAX is a project of the Princeton Architecture Laboratory for Multimedia and Security (PALMS) at the Department of Electrical Engineering at Princeton University.
Evolution of the PAX Architecture
There are several versions of the PAX architecture and the toolset. The documentation for each of these is provided below.
PAX Documentation and Downloads
PAX 2.0
This is the current development version of PAX. Similar to PAX-PLX 1.0, it is encoded on top of the existing encodings of PLX. Neverthless, since this is a PAX-only processor, there are no PLX instructions in this version. This version is currently under development and therefore it is not yet publicly available. PAX developers can access these documents with their download password. Please fill out this form (explanation) and email to rblee@princeton.edu to obtain a password.
The architecture documentation is divided into two parts: (1) ISA reference describing the instructions and general features of PAX, and (2) ISA encoding describing how the PAX instructions map to 32-bit instruction words.
Architecture
Toolset
Not available yet.
PAX-PLX 1.0
PAX is similar to PLX, which is a small, general purpose, subword-parallel ISA designed at Princeton University, Department of Electrical Engineering, for high-performance and low-cost multimedia processing. There are many applications that require both multimedia and cryptographic processing. Hence, it is desirable to combine these two instruction sets into one. To provide backward compatibility with the existing PLX encodings, we encode the PAX instruction set on top of the existing PLX encoding.
This version is currently under development and therefore it is not yet publicly available. PAX developers can access these documents with their download password. Please fill out this form (explanation) and email to rblee@princeton.edu to obtain a password.
The architecture documentation is divided into three parts: (1) ISA reference describing the instructions and general features of PAX-PLX, (2) ISA encoding describing how the PAX-PLX instructions map to 32-bit instruction words, and (3) Document describing the encoding issues in combining the PAX and PLX instruction sets.
Architecture
- PAX-PLX 1.0 ISA Reference [Available Soon]
- PAX-PLX 1.0 ISA Encoding
- Resolving Encoding Issues in Combining PAX and PLX Instruction Sets [Available Soon]
Toolset
Not available yet.
PAX 1.1
Similar to PAX-PLX 1.0, it is encoded on top of the existing encodings of PLX. Neverthless, since this is a PAX-only processor, there are no PLX instructions in this version. This version is currently under development and therefore it is not yet publicly available. PAX developers can access these documents with their download password. Please fill out this form (explanation) and email to rblee@princeton.edu to obtain a password.
The architecture documentation is divided into two parts: (1) ISA reference describing the instructions and general features of PAX, and (2) ISA encoding describing how the PAX instructions map to 32-bit instruction words.
Architecture
Toolset
Not available yet.
PAX 1.0
Architecture
- "A.M. Fiskiran and R.B. Lee, "PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Environments", Princeton University Department of Electrical Engineering Technical Report CE-L2003-005, June 2003
- This version does not have encoding or reference documents
Toolset
PAX 1.0 was released as an ISA specification only and had no accompanying software tools.
PAX FPGA Project
PAX configuration and educational tool
PAX configuration and education tool set
The PAX configuration and education tool set is developed by Samuel J. Albert. The zip file includes the PAX ToolSet application, readme file and source code.
Readme for PAXToolset
The PAX Toolset is launched from the ConfigurationTool executable jar file.
Configuration Tool
1. Select root folder of source design files. By default, project source folders from .\DesignFiles will automatically be displayed. External projects may also be selected.
2. Select input-file. The input-file consists of a list of defined instructions implemented within the source PAX design files.
By default, input-files saved to .\InputFiles will automatically be displayed. New input files may be created, and previously saved indput-files may be selected.
Input-files are managed using the input-file modification tool, launched from the ToolSet console ("Modify Input-File").
3. PAX design configuration. To specify the desired specifications, launch the Configuration Tool via the Toolset console ("Configure PAX Design").
4. Select the desired word size.
5. Generate design files. To generate the configured PAX design files, specify a desired project location via the Toolset console ("Genererate configured PAX design files").
Educational Tool
1. Select root folder of PAX design files. By default, newly generated projects will automatically be displayed.
2. Launch Education Tool via Toolset console ("Launch Educational").
3. Add signals for viewing. Signals that can be added to the ModelSim signal window are displayed for every functional unit component.
4. Specify test program to run simulation. All test programs (mif) are located in .\mif.
5. Export ModelSim script. To export the ModelSim script, specify a desired file name and location via the Education Tool console ("Export Simulation Script"). Save the ModelSim DO file with the *.do extension.
Run Simulation
1. Open the PAX-WS_PIPELINE project, located in the newly configured PAX project folder, with ModelSim.
2. Load the .DO script generated with the Educational Tool.
| Attachment | Size |
|---|---|
| PAXToolSet.zip | 5.51 MB |
PAX Publications
PAX architecture and
tools have been used in some of the papers published by PALMS. These are listed
below:
- A.M. Fiskiran and R.B. Lee, PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Environments, Princeton University Department of Electrical Engineering Technical Report CE-L2003-005, Jun. 2003. [PDF]
- A.M. Fiskiran and R.B. Lee, PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Environments, in Embedded Cryptographic Hardware: Design and Security, Nova Science Publishers, NY, USA, 2005. [Link]
- R.B. Lee, A.M. Fiskiran, M. Wang, Y. Hilewitz and Y. Chen, PAX: A Cryptographic Processor with Parallel Table Lookup and Wordsize Scalability, submitted toTransactions on Computers, IEEE [PDF]