Showing papers by "Christof Paar published in 2001"

An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists

Abstract: The technical analysis used in determining which of the potential Advanced Encryption Standard candidates was selected as the Advanced Encryption Algorithm includes efficiency testing of both hardware and software implementations of candidate algorithms. Reprogrammable devices such as field-programmable gate arrays (FPGAs) are highly attractive options for hardware implementations of encryption algorithms, as they provide cryptographic algorithm agility, physical security, and potentially much higher performance than software solutions. This contribution investigates the significance of FPGA implementations of the Advanced Encryption Standard candidate algorithms. Multiple architectural implementation options are explored for each algorithm. A strong focus is placed on high-throughput implementations, which are required to support security for current and future high bandwidth applications. Finally, the implementations of each algorithm will be compared in an effort to determine the most suitable candidate for hardware implementation within commercially available FPGAs.

High-radix Montgomery modular exponentiation on reconfigurable hardware

Abstract: It is widely recognized that security issues will play a crucial role in the majority of future computer and communication systems. Central tools for achieving system security are cryptographic algorithms. This contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs). The proposed architectures perform modular exponentiation with very long integers. This operation is at the heart of many practical public-key algorithms such as RSA and discrete logarithm schemes. We combine a high-radix Montgomery modular multiplication algorithm with a new systolic array design. The designs are flexible, allowing any choice of operand and modulus. The new architecture also allows the use of high radices. Unlike previous approaches, we systematically implement and compare several variants of our new architecture for different bit lengths. We provide absolute area and timing measures for each architecture. The results allow conclusions about the feasibility and time-space trade-offs of our architecture for implementation on commercially available FPGAs. We found that 1,024-bit RSA decryption can be done in 3.1 ms with our fastest architecture.

A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware

Abstract: This work proposes a new elliptic curve processor architecture for the computation of point multiplication for curves defined over fields GF(p). This is a scalable architecture in terms of area and speed specially suited for memory-rich hardware platforms such a field programmable gate arrays (FPGAs). This processor uses a new type of high-radix Montgomery multiplier that relies on the precomputation of frequently used values and on the use of multiple processing engines.

Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography

Abstract: This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (pm) can be computed with only m-1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudo-Mersenne primes and OEFs. We apply this new work to provide implementation results using these methods to construct elliptic curve cryptosystems on both DEC Alpha workstations and Pentium-class PCs. These results show that OEFs when used with our new inversion and multiplication algorithms provide a substantial performance increase over other reported methods.

Elliptic curve cryptography on smart cards without coprocessors

Abstract: This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other cost-sensitive devices. The implementation is based on the use of the finite field GF((28 – 17)17) which is particularly suited for low end 8-bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii’s inversion algorithm is used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2134 in less than 2 seconds Unlike other implementations, we do not make use of curves defined over a subfield such as Koblitz curves.

Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP 430x33x Family of Microcontrollers

Abstract: This contribution describes a methodology used to efficiently implement elliptic curves (EC) over GF(p) on the 16-bit TI MSP430x33x family of low-cost microcontrollers. We show that it is possible to implement EC cryptosystems in highly constrained embedded systems and still obtain acceptable performance at low cost. We modified the EC point addition and doubling formulae to reduce the number of intermediate variables while at the same time allowingfor flexibility. We used a Generalized-Mersenne prime to implement the arithmetic in the underlying field. We take advantage of the special form of the moduli to minimize the number of precomputations needed to implement inversion via Fermat's Little theorem and the k-ary method of exponentiation. We apply these ideas to an implementation of an elliptic curve system over GF(p), where p = 2128 - 297 - 1. We show that a scalar point multiplication can be achieved in 3.4 seconds without any stored/precomputed values and the processor clocked at 1 MHz.

Elliptic Curve Cryptography on a Palm OS Device

Abstract: The market for Personal Digital Assistants (PDA) is growing rapidly and PDAs are becoming increasingly interesting for commercial transactions. One requirement for further growing of eCommerce with mobile devices is the provision of security.We implemented elliptic curves over binary fields on a Palm OS device. We chose the NIST recommended random and Koblitz curves over GF(2163) that are providing a sufficient level of security for most commercial applications. Using Koblitz curves a typical security protocol like Diffie-Hellman key exchange or ECDSA signature verification requires less than 2.4 seconds, while ECDSA signature generation can be done in less than 0.9 seconds. This should be tolerated by most users.

Method for efficient computation of odd characteristic extension fields

Abstract: A method for implementing an elliptic curve or discrete logarithm cryptosystem on inexpensive microprocessors is disclosed which provides for advantageous finite field computational performance on microprocessors having limited computational capabilities. The method can be employed with a variety of commercial and industrial imbedded microprocessor applications such as consumer smart cards, smart cards, wireless devices, personal digital assistants, and microprocessor controlled equipment. In one embodiment, a Galois Field (GF) implementation based on the finite field GF((2 8 −17) 17 ) is disclosed for an Intel 8051 microcontroller, a popular commercial smart card microprocessor. The method is particularly suited for low end 8-bit and 16-bit processors either with or without a coprocessor. The method provides for fast and efficient finite field multiplication on any microprocessor or coprocessor device having intrinsic computational characteristics such that a modular reduction has a greater computational cost than double precision, long number additions or accumulations. The disclosed method offers unique computational efficiencies in requiring only infrequent subfield modular reduction and in employing an adaptation of Itoh and Tsujii's inversion algorithm for the group operation. In one embodiment, a core operation for a signature generation, an elliptic curve scalar multiplication with a fixed point, is performed in a group of order approximately 2 134 in less than 2 seconds. In contrast to conventional methods, the method does not utilize or require curves defined over a subfield such as Koblitz curves.

Cryptographic Hardware and Embedded Systems - CHES 2001: Third International Workshop, Paris, France, May 14-16, 2001 Proceedings

Abstract: Invited Talk.- Protecting Embedded Systems- The Next Ten Years.- Side Channel Attacks I.- A Sound Method for Switching between Boolean and Arithmetic Masking.- Fast Primitives for Internal Data Scrambling in Tamper Resistant Hardware.- Random Register Renaming to Foil DPA.- Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks.- Rijndael Hardware Implementations.- Architectural Optimization for a 1.82Gbits/sec VLSI Implementation of the AES Rijndael Algorithm.- High Performance Single-Chip FPGA Rijndael Algorithm Implementations.- Two Methods of Rijndael Implementation in Reconfigurable Hardware.- Random Number Generators.- Pseudo-random Number Generation on the IBM 4758 Secure Crypto Coprocessor.- Efficient Online Tests for True Random Number Generators.- Elliptic Curve Algorithms.- The Hessian Form of an Elliptic Curve.- Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve.- Generating Elliptic Curves of Prime Order.- Invited Talk.- New Directions in Croptography.- Arithmetic Architectures.- A New Low Complexity Parallel Multiplier for a Class of Finite Fields.- Efficient Rijndael Encryption Implementation with Composite Field Arithmetic.- High-Radix Design of a Scalable Modular Multiplier.- A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m).- Cryptanalysis.- Attacks on Cryptoprocessor Transaction Sets.- Bandwidth-Optimal Kleptographic Attacks.- Electromagnetic Analysis: Concrete Results.- Embedded Implementations and New Ciphers.- NTRU in Constrained Devices.- Transparent Harddisk Encryption.- Side Channel Attacks II.- Sliding Windows Succumbs to Big Mac Attack.- Universal Exponentiation Algorithm A First Step towards Provable SPA-Resistance.- An Implementation of DES and AES, Secure against Some Attacks.- Hardware Implementations of Ciphers.- Efficient Implementation of "Large" Stream Cipher Systems.- Tradeoffs in Parallel and Serial Implementations of the International Data Encryption Algorithm IDEA.- A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware.- Implementation of RSA Algorithm Based on RNS Montgomery Multiplication.- Side Channel Attacks on Elliptic Curve Cryptosystems.- Protections against Differential Analysis for Elliptic Curve Cryptography - An Algebraic Approach -.- Preventing SPA/DPA in ECC Systems Using the Jacobi Form.- Hessian Elliptic Curves and Side-Channel Attacks.