Balancing elliptic curve coprocessors from bottom to top

Abstract In 2016, Renes et al. were the first to propose complete addition formulas for Elliptic Curve Cryptography (ECC) on Weierstrass curves. With these formulas, the same set of equations can be used for point addition and point doubling, which makes software and hardware implementations less vulnerable to side-channel (SCA) attacks. Further, all inputs are valid, so there is no need for conditional statements handling special cases such as the point at infinity. This paper presents the first ASIC design of the complete addition formulas of Renes et al. Each computation layer in the design is balanced, from the field arithmetic to the point multiplication. The design explores two datapaths: a full-width Montgomery Multiplier ALU (MMALU) with a built-in adder and a serialized version of the MMALU. The interface sizes of the MMALU are optimized through an exploration of the design parameters. The register file size is minimized through an optimal scheduling of the modular operations. The top-level point multiplication is implemented using the Montgomery ladder algorithm, with the additional option of randomizing the execution order of the point operations as a countermeasure against SCA attacks. The implementation results after synthesis are generated using the open source NANGATE45 library.

[1]  Éliane Jaulmes,et al.  Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations , 2013, CT-RSA.

[2]  Ingrid Verbauwhede,et al.  Small footprint ALU for public-key processors for pervasive security , 2006 .

[3]  Ingrid Verbauwhede,et al.  Balanced point operations for side-channel protection of elliptic curve cryptography , 2005 .

[4]  Ingrid Verbauwhede,et al.  Efficient pipelining for modular multiplication architectures in prime fields , 2007, GLSVLSI '07.

[5]  Çetin Kaya Koç,et al.  A Scalable Architecture for Montgomery Multiplication , 1999, CHES.

[6]  Tanja Lange,et al.  Twisted Hessian Curves , 2015, LATINCRYPT.

[7]  Nele Mentens,et al.  Side-channel evaluation of FPGA implementations of binary Edwards curves , 2010, 2010 17th IEEE International Conference on Electronics, Circuits and Systems.

[8]  Joos Vandewalle,et al.  Hardware implementation of a Montgomery modular multiplier in a systolic array , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[9]  Nele Mentens,et al.  Design of a Fully Balanced ASIC Coprocessor Implementing Complete Addition Formulas on Weierstrass Elliptic Curves , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[10]  Florent Bernard Scalable hardware implementing high-radix Montgomery multiplication algorithm , 2007, J. Syst. Archit..

[11]  Ingrid Verbauwhede,et al.  Reconfigurable modular arithmetic logic unit supporting high-performance RSA and ECC over GF( p ) , 2007 .

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Craig Costello,et al.  Complete Addition Formulas for Prime Order Elliptic Curves , 2016, EUROCRYPT.

[14]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[15]  Apostolos P. Fournaris,et al.  Design and leakage assessment of side channel attack resistant binary edwards Elliptic Curve digital signature algorithm architectures , 2019, Microprocess. Microsystems.

[16]  Khaled Salah,et al.  Review of Elliptic Curve Cryptography processor designs , 2015, Microprocess. Microsystems.

[17]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[18]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[19]  Joost Renes,et al.  Implementing Complete Formulas on Weierstrass Curves in Hardware , 2016, SPACE.

[20]  Nele Mentens,et al.  Completing the Complete ECC Formulae with Countermeasures , 2017 .

[21]  B. Preneel,et al.  Serial multiplier architectures over GF(2/sup n/) for elliptic curve cryptosystems , 2004, Proceedings of the 12th IEEE Mediterranean Electrotechnical Conference (IEEE Cat. No.04CH37521).

[22]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[23]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[24]  Kazuhiro Yokoyama,et al.  Elliptic curve cryptosystem , 2000 .

[25]  Peter Schwabe,et al.  Online template attacks , 2014, Journal of Cryptographic Engineering.

[26]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[27]  Bart Preneel,et al.  Power-Analysis Attacks on an FPGA - First Experimental Results , 2003, CHES.

[28]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[29]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[30]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .