Document Type

Technical Report

Publication Date


Technical Report Number



Precomputation dramatically reduces the execution latency of many cryptographic algorithms. To sustain the reduced latency over time during which these algorithms are routinely invoked, however, a pool of precomputation results must be stored and be readily available. While precomputation is an old and well-known technique, how to securely and yet efficiently store these precomputation results has largely been ignored. For instance, requiring tamper-proof memory would be too expensive, if not unrealistic, for precomputation to be cost-effective. In this paper, we propose an architecture that provides secure storage for cryptographic precomputation using only insecure memory, which may be eavesdropped or even tampered with. Specifically, we design a small tamper-resistant hardware module that we call the {\em Queue Security Proxy (QSP)}, which situates on the data-path between the processor and the insecure memory. Our analysis shows that our design is secure, efficient, flexible and yet inexpensive. In particular, our design's timing overhead and hardware cost are independent of the storage size. We also discuss in this paper several interesting extensions to our proposed architecture. We plan to prototype our design assuming the scenario of precomputing DSA signatures, effectively building a cost-effective low-latency DSA signing secure coprocessor.