VAM . 10 State of the Art in Hardware Implementations of Cryptographic Algorithms

Project co-funded by the European Commission within the 6th Framework Programme Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group specified by the consortium (including the Commission services) CO Confidential, only for members of the consortium (including the Commission services) The information in this document is provided as is, and no warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability. In this deliverable, we survey the state of the art of implementations of elliptic curve cryptography (short: ECC) based cryptographic algorithms. ECC offers equivalent security to RSA, however, for smaller key sizes. This often implies benefits such as high speed, low power consumption , or small certificates, which is especially useful in constrained environments (smart cards, mobile phones, PDAs, etc.). ECC is a mature technology nowadays and the algorithms to provide cryptographic services are standardized by various bodies, for instance [3, 46] etc. In the first chapter of this deliverable, we briefly introduce the most important concepts in the field of ECC. We list the most popular ECC algorithms and protocols and explain how the basic arithmetic operations work. In the remainder of this deliverable, we focus on high-speed and lightweight implementations of ECC in hardware. In the case of high-speed ECC implementations, practical applications may impose entirely different optimization goals. For instance, high performance could be more important than flexibility. An opposite scenario could be that a high flexibility with respect to key sizes and (or) curves could be required. However, for all scenarios and requirements it is important to take care of several important principles. Efficient coordinates for representing points together with a fast scalar multiplication algorithm must be chosen. Then, according to the capabilities of the selected multiplier architecture, an accurate scheduling of the scalar multiplication algorithm has to be determined. If possible, pipelining techniques should be applied. Today, ECC implementations on FPGAs require always a full reconfiguration of the FPGA if a, normally fixed parameter, is changed. Future implementations allowing on-the-fly reconfiguration could be an efficient solution and should help to recover the loss of flexibility. For versatile processors, more work could be done to take the best advantage of full size hardware while computing with smaller operands. We have identified that the open literature lacks multi-scalar multiplication …

[1]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[2]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[3]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[4]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[5]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[6]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[7]  Dieter Gollmann,et al.  Algorithm engineering for public key algorithms , 1989, IEEE J. Sel. Areas Commun..

[8]  Thomas Beth,et al.  Arithmetic Operations in GF(2 m ). , 1993 .

[9]  Holger Orup,et al.  Simplifying quotient determination in high-radix modular multiplication , 1995, Proceedings of the 12th Symposium on Computer Arithmetic.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[12]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[13]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[14]  Keshab K. Parhi,et al.  Low-Energy Digit-Serial/Parallel Finite Field Multipliers , 1998 .

[15]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[16]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[17]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[18]  Huapeng Wu,et al.  Low Complexity Bit-Parallel Finite Field Arithmetic Using Polynomial Basis , 1999, CHES.

[19]  Kouichi Itoh,et al.  Fast Implementation of Public-Key Cryptography ona DSP TMS320C6201 , 1999, CHES.

[20]  Erkay Savas,et al.  A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2000, CHES.

[21]  Kouichi Itoh,et al.  Implementation of Elliptic Curve Cryptographic Coprocessor over GF(2m) on an FPGA , 2000, CHES.

[22]  Kazuhiro Yokoyama,et al.  Elliptic curve cryptosystem , 2000 .

[23]  Christof Paar,et al.  A High Performance Reconfigurable Elliptic Curve Processor for GF(2m) , 2000, CHES.

[24]  Sorin A. Huss,et al.  VLSI system design using asynchronous wave pipelines: a 0.35 /spl mu/m CMOS 1.5 GHz elliptic curve public key cryptosystem chip , 2000, Proceedings Sixth International Symposium on Advanced Research in Asynchronous Circuits and Systems (ASYNC 2000) (Cat. No. PR00586).

[25]  Huapeng Wu On Complexity of Polynomial Basis Squaring in F2m , 2000, Selected Areas in Cryptography.

[26]  Anantha Chandrakasan,et al.  An Energy Efficient Reconfigurable Public-Key Cryptograhpy Processor Architecture , 2000, CHES.

[27]  James Ross Goodman,et al.  Energy scalable reconfigurable cryptographic hardware for portable applications , 2000 .

[28]  Alfred Menezes,et al.  The State of Elliptic Curve Cryptography , 2000, Des. Codes Cryptogr..

[29]  Fast implementation of elliptic curve defined over GF(p^m) on CalmRISC with MAC2424 coprocessor , 2000 .

[30]  M. Anwar Hasan,et al.  VLSI Algorithms, Architectures, and Implementation of a Versatile GF(2m) Processor , 2000, IEEE Trans. Computers.

[31]  Johann Großschädl,et al.  A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2001, CHES.

[32]  J. Solinas Low-Weight Binary Representations for Pairs of Integers , 2001 .

[33]  Brian King,et al.  An Improved Implementation of Elliptic Curves over GF(2) when Using Projective Point Arithmetic , 2001, Selected Areas in Cryptography.

[34]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[35]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[36]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[37]  Nigel P. Smart,et al.  The Hessian Form of an Elliptic Curve , 2001, CHES.

[38]  Christof Paar,et al.  A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware , 2001, CHES.

[39]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[40]  Sorin A. Huss,et al.  Rapid prototyping for hardware accelerated elliptic curve public-key cryptosystems , 2001, Proceedings 12th International Workshop on Rapid System Prototyping. RSP 2001.

[41]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[42]  Kouichi Sakurai,et al.  Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve , 2001, CHES.

[43]  A. P. Chandrakasan,et al.  An energy-efficient reconfigurable public-key cryptography processor , 2001, IEEE J. Solid State Circuits.

[44]  Toru Akishita,et al.  Fast Simultaneous Scalar Multiplication on Elliptic Curve with Montgomery Form , 2001, Selected Areas in Cryptography.

[45]  Kouichi Sakurai,et al.  Fast Multi-scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy Using Montgomery Trick , 2002, CHES.

[46]  Huapeng Wu Montgomery Multiplier and Squarer for a Class of Finite Fields , 2002, IEEE Trans. Computers.

[47]  Philip Heng Wai Leong,et al.  A microcoded elliptic curve processor using FPGA technology , 2002, IEEE Trans. Very Large Scale Integr. Syst..

[48]  Jürgen Teich,et al.  Reconfigurable implementation of elliptic curve crypto algorithms , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[49]  Vipul Gupta,et al.  An End-to-End Systems Approach to Elliptic Curve Cryptography , 2002, CHES.

[50]  Sorin A. Huss,et al.  A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2n) , 2002, CHES.

[51]  Russell Miller,et al.  A Low-Power Design for an Elliptic Curve Digital Signature Chip , 2002, CHES.

[52]  Johannes Wolkerstorfer,et al.  Dual-Field Arithmetic Unit for GF(p) and GF(2m) , 2002, CHES.

[53]  M. J. Potgieter,et al.  Two hardware implementations of the group operations necessary for implementing an elliptic curve cryptosystem over a characteristic two finite field , 2002, IEEE AFRICON. 6th Africon Conference in Africa,.

[54]  M. Anwarul Hasan,et al.  High-performance finite field multiplier for cryptographic applications , 2003, SPIE Optics + Photonics.

[55]  Jürgen Teich,et al.  A high performance VLIW processor for finite field arithmetic , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[56]  Hans Eberle,et al.  A Cryptograhpic Processor for Arbitrary Elliptic Curves over. , 2003 .

[57]  Tarek A. El-Ghazawi,et al.  Implementation of Elliptic Curve Cryptosystems on a reconfigurable computer , 2003, Proceedings. 2003 IEEE International Conference on Field-Programmable Technology (FPT) (IEEE Cat. No.03EX798).

[58]  Akashi Satoh,et al.  A Scalable Dual-Field Elliptic Curve Cryptographic Processor , 2003, IEEE Trans. Computers.

[59]  Çetin Kaya Koç,et al.  On fully parallel Karatsuba multipliers for GF(2 m) , 2003 .

[60]  Joos Vandewalle,et al.  Hardware implementation of an elliptic curve processor over GF(p) , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[61]  L. Imbert,et al.  Efficient Multiplication in GF(pk) for Elliptic Curve Cryptography , 2003 .

[62]  Joos Vandewalle,et al.  Hardware architectures for public key cryptography , 2003, Integr..

[63]  Alfred Menezes,et al.  Weak Fields for ECC , 2004, CT-RSA.

[64]  Sorin A. Huss,et al.  High Speed Elliptic Curve Crypto Processors: Design Space Exploration by Means of Reconfigurable Hardware , 2004 .

[65]  Tim Kerins,et al.  Design for reuse of elliptic curve cryptosystem processors for FPGAs , 2004 .

[66]  Berk Sunar,et al.  Public Key Cryptography in Sensor Networks - Revisited , 2004, ESAS.

[67]  Tarek A. El-Ghazawi,et al.  Implementation of elliptic curve cryptosystems over GF(2n) in optimal normal basis on a reconfigurable computer , 2004, FPGA '04.

[68]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[69]  Nele Mentens,et al.  An FPGA Implementation of an Elliptic Curve Processor over GF ( 2 m ) , 2004 .

[70]  M. Anwar Hasan,et al.  Area efficient high speed elliptic curve cryptoprocessor for random curves , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[71]  Kimmo Järvinen,et al.  A scalable architecture for elliptic curve point multiplication , 2004, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921).

[72]  Jacques Stern,et al.  Projective Coordinates Leak , 2004, EUROCRYPT.

[73]  Shreyas Sundaram,et al.  A public-key cryptographic processor for RSA and ECC , 2004 .

[74]  M. Anwar Hasan,et al.  High performance FPGA based elliptic curve cryptographic co-processor , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[75]  Jean-Jacques Quisquater,et al.  Efficient Modular Division Implementation: ECC over GF(p) Affine Coordinates Application , 2004, FPL.

[76]  Wayne Luk,et al.  Customising Hardware Designs for Elliptic Curve Cryptography , 2004, SAMOS.

[77]  M. McLoone,et al.  An FPGA elliptic curve cryptographic accelerator over GF(p) , 2004 .

[78]  Lejla Batina,et al.  Flexible Hardware Design for RSA and Elliptic Curve Cryptosystems , 2004, CT-RSA.

[79]  Francisco Rodríguez-Henríquez,et al.  A parallel architecture for computing scalar multiplication on Hessian elliptic curves , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[80]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[81]  Guido Bertoni,et al.  A parallelized design for an elliptic curve cryptosystem coprocessor , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[82]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[83]  Francis M. Crowe,et al.  A scalable dual mode arithmetic unit for public key cryptosystems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[84]  François-Xavier Standaert,et al.  State of the Art in Hardware Architectures , 2005 .

[85]  Wayne Luk,et al.  Reconfigurable elliptic curve cryptosystems on a chip , 2005, Design, Automation and Test in Europe.

[86]  Zoya Dyka,et al.  Area efficient hardware implementation of elliptic curve cryptography by iteratively applying Karatsuba's method , 2005, Design, Automation and Test in Europe.

[87]  Johannes Wolkerstorfer,et al.  Scaling ECC Hardware to a Minimum , 2005 .

[88]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[89]  Jean-Jacques Quisquater,et al.  Iterative Modular Division over GF(2m): Novel Algorithm and Implementations on FPGA , 2006, ARC.

[90]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[91]  M. Anwar Hasan,et al.  High-Performance Architecture of Elliptic Curve Scalar Multiplication , 2008, IEEE Transactions on Computers.