Elliptic Curve Cryptography Engineering

In recent years, elliptic curve cryptography (ECC) has gained widespread exposure and acceptance, and has already been included in many security standards. Engineering of ECC is a complex, interdisciplinary research field encompassing such fields as mathematics, computer science, and electrical engineering. In this paper, we survey ECC implementation issues as a prominent case study for the relatively new discipline of cryptographic engineering. In particular,we show that the requirements of efficiency and security considered at the implementation stage affect not only mere low-level, technological aspects but also, significantly, higher level choices, ranging from finite field arithmetic up to curve mathematics and protocols.

[1]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[2]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[3]  S. Vanstone,et al.  OPTIMAL NORMAL BASES IN GF(p”)* , 2002 .

[4]  Nigel P. Smart,et al.  The Hessian Form of an Elliptic Curve , 2001, CHES.

[5]  M. Anwar Hasan Double-Basis Multiplicative Inversion Over GF(2m) , 1998, IEEE Trans. Computers.

[6]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[7]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[8]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[9]  ÇETIN K. KOÇ,et al.  Montgomery Multiplication in GF(2k) , 1998, Des. Codes Cryptogr..

[10]  George W. Reitwiesner,et al.  Binary Arithmetic , 1960, Adv. Comput..

[11]  Çetin Kaya Koç,et al.  Mastrovito Multiplier for General Irreducible Polynomials , 2000, IEEE Trans. Computers.

[12]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[13]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[14]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[15]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[16]  J. Olivos,et al.  Speeding up the computations on an elliptic curve using addition-subtraction chains , 1990, RAIRO Theor. Informatics Appl..

[17]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[18]  Marc Joye,et al.  Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[19]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[20]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  Ian F. Blake,et al.  Low complexity normal bases , 1989, Discret. Appl. Math..

[23]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[24]  N. Mazzocca,et al.  A representation of elements in F 2 m enabling unified field arithmetic for elliptic curve cryptography , 2005 .

[25]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[26]  Alfred Menezes,et al.  Elliptic curve cryptosystems and their implementation , 1993, Journal of Cryptology.

[27]  Erik Woodward Knudsen,et al.  Elliptic Scalar Multiplication Using Point Halving , 1999, ASIACRYPT.

[28]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[29]  Marc Joye,et al.  Elliptic Curves and Side-Channel Analysis , 2003 .

[30]  Christof Paar,et al.  Fast Arithmetic Architectures for Public-Key Algorithms over Galois Fields GF((2n)m) , 1997, EUROCRYPT.

[31]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[32]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[33]  Ian F. Blake,et al.  Advances in Elliptic Curve Cryptography: Frontmatter , 2005 .

[34]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[35]  R. McEliece Finite Fields for Computer Scientists and Engineers , 1986 .

[36]  Johann Großschädl,et al.  Low-Power Design of a Functional Unit for Arithmetic in Finite Fields GF(p) and GF(2m) , 2003, WISA.

[37]  Simon Blake-Wilson,et al.  SEC 1: Elliptic Curve Cryptography , 1999 .

[38]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[39]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[40]  J. Solinas CORR 99-39 Generalized Mersenne Numbers , 1999 .

[41]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[42]  Kouichi Itoh,et al.  Fast Implementation of Public-Key Cryptography ona DSP TMS320C6201 , 1999, CHES.

[43]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[44]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[45]  Ronald C. Mullin,et al.  Optimal normal bases in GF(pn) , 1989, Discret. Appl. Math..

[46]  Ömer Egecioglu,et al.  Exponentiation Using Canonical Recoding , 1994, Theor. Comput. Sci..

[47]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[48]  Akashi Satoh,et al.  A Scalable Dual-Field Elliptic Curve Cryptographic Processor , 2003, IEEE Trans. Computers.

[49]  Marc Joye,et al.  The Jacobi Model of an Elliptic Curve and Side-Channel Analysis , 2003, AAECC.

[50]  ÇETIN K. KOÇ,et al.  A Design Framework for Scalable and Unified Multipliers in Gf(p) and Gf(2 M ) X.1. Introduction , 2004 .

[51]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[52]  Johann Großschädl,et al.  A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2001, CHES.

[53]  Kouichi Sakurai,et al.  Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.

[54]  Tsuyoshi Takagi,et al.  A Parallelized Elliptic Curve Multiplication and its Resistance against Side-Channel Attacks (Algorithms in Algebraic Systems and Computation Theory) , 2002 .

[55]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[56]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[57]  Erkay Savas,et al.  Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2) , 2002, CHES.

[58]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[59]  K. Lauter,et al.  The advantages of elliptic curve cryptography for wireless security , 2004, IEEE Wireless Communications.

[60]  Keshab K. Parhi,et al.  Efficient finite field serial/parallel multiplication , 1996, Proceedings of International Conference on Application Specific Systems, Architectures and Processors: ASAP '96.

[61]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[62]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[63]  W. Neville Holmes,et al.  Binary Arithmetic , 2007, Computer.

[64]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[65]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[66]  M. Anwar Hasan,et al.  Efficient computation of multiplicative inverses for cryptographic applications , 2001, Proceedings 15th IEEE Symposium on Computer Arithmetic. ARITH-15 2001.

[67]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[68]  Alessandro Cilardo,et al.  Representation of elements in F2m enabling unified field arithmetic for elliptic curve cryptography , 2005 .

[69]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.