Review of Elliptic Curve Cryptography processor designs

Elliptic Curve Cryptography (ECC) is a multilayer system with increased hardware implementation complexity. A wide range of parameters and design choices affect the overall implementation of ECC systems. A variety of hardware implementations of ECC system that vary in parameters are proposed in the literature. Implementation target, underlying finite fields, coordinate system and modular arithmetic algorithms are key design elements that impact the overall implementation outcome. In this paper, we survey the various implementation approaches with the aim of providing a useful reference for hardware designers for building efficient ECC processors. Our literature review consists of four components. First, we list the design options and discuss their impact on ECC implementation. Second, we summarize different approaches and algorithms used in the literature for implementing modular arithmetic operations. Third, we review best practices in the literature for data paths and overall architectures. Fourth, we review the existing parallelism and performance enhancement techniques. In addition, this paper provides comparison of the different binary extension, prime and dual 8 hardware implementations of ECC.

[1]  Tim Güneysu,et al.  Ultra High Performance ECC over NIST Primes on Commercial FPGAs , 2008, CHES.

[2]  Kaijie Wu,et al.  Error Detection and Recovery for ECC: A New Approach Against Side-Channel Attacks , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[3]  Kendall Ananyi,et al.  Flexible Hardware Processor for Elliptic Curve Cryptography Over NIST Prime Fields , 2009, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[4]  Jean-Jacques Quisquater,et al.  High-speed hardware implementations of Elliptic Curve Cryptography: A survey , 2007, J. Syst. Archit..

[5]  Akashi Satoh,et al.  A Scalable Dual-Field Elliptic Curve Cryptographic Processor , 2003, IEEE Trans. Computers.

[6]  Huapeng Wu,et al.  Efficient Finite Field Processor for GF(2^163) and its VLSI Implementation , 2007, Fourth International Conference on Information Technology (ITNG'07).

[7]  Zhongping Qin,et al.  Improved elliptic curve cryptographic processor for general curves over GF(p) , 2010, IEEE 10th INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING PROCEEDINGS.

[8]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[9]  Erkay Savas,et al.  A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2000, CHES.

[10]  Naofumi Takagi,et al.  A VLSI Algorithm for Modular Division Based on the Binary GCD Algorithm(Special Section on Discrete Mathematics and Its Applications) , 1998 .

[11]  Ming-Der Shieh,et al.  A High-Performance Unified-Field Reconfigurable Cryptographic Processor , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[12]  Mohammed Benaissa,et al.  Design of flexible GF(2/sup m/) elliptic curve cryptography processors , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[13]  Erich Wenger,et al.  An 8-bit AVR-Based Elliptic Curve Cryptographic RISC Processor for the Internet of Things , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[14]  Çetin Kaya Koç,et al.  A Scalable Architecture for Montgomery Multiplication , 1999, CHES.

[15]  Ingrid Verbauwhede,et al.  Multicore Curve-Based Cryptoprocessor with Reconfigurable Modular Arithmetic Logic Units over GF(2^n) , 2007, IEEE Transactions on Computers.

[16]  Hsie-Chia Chang,et al.  A 521-bit dual-field elliptic curve cryptographic processor with power analysis resistance , 2010, 2010 Proceedings of ESSCIRC.

[17]  Cheng-Wen Wu,et al.  Design of a scalable RSA and ECC crypto-processor , 2003, ASP-DAC '03.

[18]  Ricardo Chaves,et al.  Efficient FPGA elliptic curve cryptographic processor over GF(2m) , 2008, 2008 International Conference on Field-Programmable Technology.

[19]  Hsie-Chia Chang,et al.  Efficient Power-Analysis-Resistant Dual-Field Elliptic Curve Cryptographic Processor Using Heterogeneous Dual-Processing-Element Architecture , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[20]  Turki F. Al-Somani,et al.  An efficiently secure ECC scalar multiplication method against Power Analysis Attacks on resource constrained devices , 2013, 2013 Third International Conference on Communications and Information Technology (ICCIT).

[21]  Erkay Savas,et al.  Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2) , 2002, CHES.

[22]  Marc Joye,et al.  Efficient Arithmetic on Hessian Curves , 2010, Public Key Cryptography.

[23]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[24]  Ingrid Verbauwhede,et al.  A Parallel Processing Hardware Architecture for Elliptic Curve Cryptosystems , 2006, 2006 IEEE International Conference on Acoustics Speech and Signal Processing Proceedings.

[25]  Francisco Rodríguez-Henríquez,et al.  A parallel architecture for computing scalar multiplication on Hessian elliptic curves , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[26]  Marc Joye,et al.  Binary Huff Curves , 2011, CT-RSA.

[27]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[28]  Chang Hoon Kim,et al.  High Performance Elliptic Curve Cryptographic Processor Over GF(2^163) , 2008, 4th IEEE International Symposium on Electronic Design, Test and Applications (delta 2008).

[29]  Jean-Pierre Deschamps,et al.  Efficient Elliptic Curve Point Multiplication Using Digit-Serial Binary Field Operations , 2013, IEEE Transactions on Industrial Electronics.

[30]  Erich Wenger,et al.  A Hardware Processor Supporting Elliptic Curve Cryptography for Less than 9 kGEs , 2011, CARDIS.

[31]  Chih-Tsun Huang,et al.  Elixir: High-Throughput Cost-Effective Dual-Field Processors and the Design Framework for Elliptic Curve Cryptography , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[32]  Yu Zhang,et al.  A high performance pseudo-multi-core ECC processor over GF(2163) , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[33]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[34]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[35]  Burton S. Kaliski,et al.  The Montgomery Inverse and Its Applications , 1995, IEEE Trans. Computers.

[36]  Hamad Alrimeih,et al.  Security-Performance Trade-offs in Embedded Systems Using Flexible ECC Hardware , 2007, IEEE Design & Test of Computers.

[37]  Máire O'Neill,et al.  An Adaptable And Scalable Asymmetric Cryptographic Processor , 2006, IEEE 17th International Conference on Application-specific Systems, Architectures and Processors (ASAP'06).

[38]  Chester Rebeiro,et al.  Pushing the Limits of High-Speed GF(2 m ) Elliptic Curve Scalar Multiplication on FPGAs , 2012, CHES.

[39]  Fengqi Yu,et al.  Countermeasure of ECC against Side-Channel Attacks: Balanced Point Addition and Point Doubling Operation Procedure , 2009, 2009 Asia-Pacific Conference on Information Processing.

[40]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[41]  David Naccache,et al.  Dynamic countermeasure against the Zero Power Analysis , 2013, IEEE International Symposium on Signal Processing and Information Technology.

[42]  Hsie-Chia Chang,et al.  A high-performance elliptic curve cryptographic processor over GF(p) with SPA resistance , 2012, 2012 IEEE International Symposium on Circuits and Systems.

[43]  Reza Azarderakhsh,et al.  Efficient FPGA Implementations of Point Multiplication on Binary Edwards and Generalized Hessian Curves Using Gaussian Normal Basis , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[44]  Guido Bertoni,et al.  A parallelized design for an elliptic curve cryptosystem coprocessor , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[45]  Hsie-Chia Chang,et al.  An Efficient DPA Countermeasure With Randomized Montgomery Operations for DF-ECC Processor , 2012, IEEE Transactions on Circuits and Systems II: Express Briefs.

[46]  Mohammed Benaissa,et al.  Efficient Time-Area Scalable ECC Processor Using µ-Coding Technique , 2010, WAIFI.

[47]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[48]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[49]  Gang Chen,et al.  A High-Performance Elliptic Curve Cryptographic Processor for General Curves Over ${\rm GF}(p)$ Based on a Systolic Arithmetic Unit , 2007, IEEE Transactions on Circuits and Systems II: Express Briefs.

[50]  C.K. Koc,et al.  Architectures for unified field inversion with applications in elliptic curve cryptography , 2002, 9th International Conference on Electronics, Circuits and Systems.

[51]  Hamad Alrimeih,et al.  Fast and Flexible Hardware Support for ECC Over Multiple Standard Prime Fields , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[52]  Patrick Schaumont,et al.  An Integrated Prime-Field ECDLP Hardware Accelerator with High-Performance Modular Arithmetic Units , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[53]  Nicolas Guillermin A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over \mathbbFp\mathbb{F}_p , 2010, CHES.

[54]  Hsie-Chia Chang,et al.  A dual-field elliptic curve cryptographic processor with a radix-4 unified division unit , 2011, 2011 IEEE International Symposium of Circuits and Systems (ISCAS).

[55]  M. McLoone,et al.  An FPGA elliptic curve cryptographic accelerator over GF(p) , 2004 .

[56]  Gang Chen,et al.  A New Systolic Architecture for Modular Division , 2007, IEEE Transactions on Computers.

[57]  Máire O'Neill,et al.  Hardware Elliptic Curve Cryptographic Processor Over$rm GF(p)$ , 2006, IEEE Transactions on Circuits and Systems I: Regular Papers.

[58]  Ingrid Verbauwhede,et al.  Reconfigurable Modular Arithmetic Logic Unit for High-Performance Public-Key Cryptosystems , 2006, ARC.

[59]  Hossam M. A. Fahmy,et al.  Modular Multiplication for Public Key Cryptography on FPGAs , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[60]  Tanja Lange,et al.  Binary Edwards Curves , 2008, CHES.

[61]  Çetin Kaya Koç,et al.  About Cryptographic Engineering , 2008, Cryptographic Engineering.

[62]  Chih-Tsun Huang,et al.  Energy-Adaptive Dual-Field Processor for High-Performance Elliptic Curve Cryptographic Applications , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[63]  Vipul Gupta,et al.  An End-to-End Systems Approach to Elliptic Curve Cryptography , 2002, CHES.

[64]  R. Cumplido,et al.  A reconfigurable GF(2M) elliptic curve cryptographic coprocessor , 2011, 2011 VII Southern Conference on Programmable Logic (SPL).

[65]  Yi Wang,et al.  A Unified Architecture for Supporting Operations of AES and ECC , 2011, 2011 Fourth International Symposium on Parallel Architectures, Algorithms and Programming.

[66]  Naofumi Takagi,et al.  A hardware algorithm for modular multiplication/division , 2005, IEEE Transactions on Computers.

[67]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[68]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[69]  Indranil Sengupta,et al.  High-Speed Unified Elliptic Curve Cryptosystem on FPGAs Using Binary Huff Curves , 2012, VDAT.

[70]  William P. Marnane,et al.  A Hardware Analysis of Twisted Edwards Curves for an Elliptic Curve Cryptosystem , 2009, ARC.

[71]  Yu Zhang,et al.  A high performance ECC hardware implementation with instruction-level parallelism over GF(2163) , 2010, Microprocess. Microsystems.

[72]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[73]  William P. Marnane,et al.  Versatile Processor for GF(pm) Arithmetic for use in Cryptographic Applications , 2006, 2006 NORCHIP.

[74]  Yusuf Leblebici,et al.  Efficient and side-channel-aware implementations of elliptic curve cryptosystems over prime fields , 2010, IET Inf. Secur..

[75]  Guoqiang Bai,et al.  A DPA-Resistant Digit-Parallel Modular Multiplier over GF (2m) , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[76]  Francis M. Crowe,et al.  A scalable dual mode arithmetic unit for public key cryptosystems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[77]  S. C. Shantz From Euclid's GCD to Montgomery Multiplication to the Great Divide , 2001 .

[78]  Guillermo Morales-Luna,et al.  A Parallel Version of the Itoh-Tsujii Multiplicative Inversion Algorithm , 2007, ARC.

[79]  Indranil Sengupta,et al.  Design of a high performance Binary Edwards Curve based processor secured against side channel analysis , 2012, Integr..

[80]  M. Anwar Hasan,et al.  High-Performance Architecture of Elliptic Curve Scalar Multiplication , 2008, IEEE Transactions on Computers.

[81]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[82]  Patrick Schaumont,et al.  Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security , 2009, CHES.

[83]  M. McLoone,et al.  Hardware Elliptic Curve Cryptographic Processor Over , 2006 .

[84]  Thanos Stouraitis,et al.  Efficient RNS Implementation of Elliptic Curve Point Multiplication Over ${\rm GF}(p)$ , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[85]  Thanos Stouraitis,et al.  An RNS Implementation of an $F_{p}$ Elliptic Curve Point Multiplier , 2009, IEEE Transactions on Circuits and Systems I: Regular Papers.

[86]  Shreyas Sundaram,et al.  A public-key cryptographic processor for RSA and ECC , 2004 .

[87]  Debdeep Mukhopadhyay,et al.  Petrel: Power and Timing Attack Resistant Elliptic Curve Scalar Multiplier Based on Programmable ${\rm GF}(p)$ Arithmetic Unit , 2011, IEEE Transactions on Circuits and Systems I: Regular Papers.

[88]  Ricardo Chaves,et al.  Method for designing multi-channel RNS architectures to prevent power analysis SCA , 2014, 2014 IEEE International Symposium on Circuits and Systems (ISCAS).

[89]  Nele Mentens,et al.  Side-channel evaluation of FPGA implementations of binary Edwards curves , 2010, 2010 17th IEEE International Conference on Electronics, Circuits and Systems.

[90]  William P. Marnane,et al.  FPGA Implementation of an Elliptic Curve Processor Using the GLV Method , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[91]  Chih-Tsun Huang,et al.  High-performance architecture for Elliptic Curve Cryptography over binary field , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[92]  Xuecheng Zou,et al.  Design of highly efficient elliptic curve crypto-processor with two multiplications over GF(2163) , 2009 .

[93]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[94]  Mohammed Benaissa,et al.  Fast Elliptic Curve Cryptography on FPGA , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[95]  Hans Eberle,et al.  A cryptographic processor for arbitrary elliptic curves over GF(2/sup m/) , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[96]  Algirdas Avizienis,et al.  Signed-Digit Numbe Representations for Fast Parallel Arithmetic , 1961, IRE Trans. Electron. Comput..

[97]  Chester Rebeiro,et al.  High Speed Compact Elliptic Curve Cryptoprocessor for FPGA Platforms , 2008, INDOCRYPT.

[98]  Ricardo Chaves,et al.  Compact and Flexible Microcoded Elliptic Curve Processor for Reconfigurable Devices , 2009, 2009 17th IEEE Symposium on Field Programmable Custom Computing Machines.

[99]  Naofumi Takagi,et al.  Fast Hardware Algorithm for Division in $ \hbox{GF}(2^{m})$ Based on the Extended Euclid's Algorithm With Parallelization of Modular Reductions , 2009, IEEE Transactions on Circuits and Systems II: Express Briefs.

[100]  Erich Wenger,et al.  Exploring the Design Space of Prime Field vs. Binary Field ECC-Hardware Implementations , 2011, NordSec.

[101]  Erkay Savas,et al.  Efficient unified Montgomery inversion with multibit shifting , 2005 .

[102]  Ingrid Verbauwhede,et al.  Low-cost fault detection method for ECC using Montgomery powering ladder , 2011, 2011 Design, Automation & Test in Europe.