An RNS Implementation of an $F_{p}$ Elliptic Curve Point Multiplier
01 Jun 2009-IEEE Transactions on Circuits and Systems I-regular Papers (IEEE)-Vol. 56, Iss: 6, pp 1202-1213
TL;DR: A hardware architecture of an elliptic Curve point multiplier is proposed that exploits the intrinsic parallelism of the residue number system (RNS), in order to speed up the elliptic curve point calculations and minimize the area complexity of the elliptIC curve point multiplier.
Abstract: Elliptic curve point multiplication is considered to be the most significant operation in all elliptic curve cryptography systems, as it forms the basis of the elliptic curve discrete logarithm problem. Designs for elliptic curve cryptography point multiplication are area demanding and time consuming. Thus, the efficient realization of point multiplication is of fundamental importance for the performance of an elliptic curve system. In this paper, a hardware architecture of an elliptic curve point multiplier is proposed that exploits the intrinsic parallelism of the residue number system (RNS), in order to speed up the elliptic curve point calculations and minimize the area complexity of the elliptic curve point multiplier. The architecture proves to be the fastest among all known design approaches, while complexity is less than half of that of previous efforts. This architecture also supports the required input (binary-to-RNS) and output (RNS-to-binary) conversions. Through a graph-oriented approach, the area of the elliptic curve point multiplier is minimized, by optimizing the point addition and doubling algorithms. Also, through this approach, the number of execution steps for point addition is matched to the number of execution steps for point doubling. Additionally, the impact of various RNS bases, in terms of number of moduli and their bit lengths, on the area and speed of the proposed implementation is analyzed, in an effort to define the potential for using RNS in elliptic curve cryptography.
Citations
More filters
17 Aug 2010
TL;DR: This work presents a new hardware architecture to compute scalar multiplications in the group of rational points of elliptic curves defined over a prime field, based upon the Residue Number System, guaranteeing carry-free arithmetic and easy parallelism.
Abstract: We present a new hardware architecture to compute scalar multiplications in the group of rational points of elliptic curves defined over a prime field. We have made an implementation on Altera FPGA family for some elliptic curves defined over randomly chosen ground fields offering classic cryptographic security level. Our implementations show that our architecture is the fastest among the public designs to compute scalar multiplication for elliptic curves defined over a general prime ground field. Our design is based upon the Residue Number System, guaranteeing carry-free arithmetic and easy parallelism. It is SPA resistant and DPA capable.
123 citations
TL;DR: The aim in this paper is to show this revolution by discussing interesting development in RNS and foster the innovative use of RNS for more applications by investigating how this unconventional number system can be leveraged to benefit their implementation.
Abstract: Residue Number System (RNS) is a non-weighted number system which was proposed by Garner back in 1959 to achieve fast implementation of addition, subtraction and multiplication operations in special-purpose computations. Unfortunately, RNS did not turn out as a popular alternative to two?s complement number system in those days. The rigidity of instruction set architectures of the market-dominant computers and microprocessors then has been the main barrier to sustain the development of RNS-based applications. In recent years, technological advancement in semiconductor technology has revived the interests to reconsider RNS for application-specific computing. There are at least two unique motivations which make RNS computations more attractive and applicable in modern digital signal processing applications. Firstly, the modular and distributive properties of RNS are used to achieve performance improvements especially in the emerging distributed and ubiquitous computing platforms such as cloud, wireless ad hoc networks, and applications which require tolerance against soft error. Secondly, energy efficiency becomes a key driver in the continual densification of complementary metal oxide semiconductor (CMOS) digital integrated circuits. The high degree of computational parallelism in RNS offers new degree of freedom to optimize energy performance, particularly for very long word length arithmetic such as those involved in the hardware implementation of cryptographic algorithms. Our aim in this paper is to show this revolution by discussing interesting development in RNS and foster the innovative use of RNS for more applications. Different applications of RNS are investigated to demonstrate how this unconventional number system can be leveraged to benefit their implementation.
111 citations
Cites background or methods from "An RNS Implementation of an $F_{p}$..."
...38 IEEE cIrcuIts and systEms magazInE fourth QuartEr 2015 multiplications using less than half the areas of other previous design efforts [77]....
[...]
...Any speedup on point multiplication will result in a noteworthy improvement in ECC’s performance....
[...]
...tation of modular multiplication and modular exponentiation in Rivest, Shamir and Adleman (RSA) [76] and Elliptic Curve Cryptography (ECC) [77] algorithms....
[...]
...On the other hand, the most important and computationally intensive arithmetic operation of ECC is point multiplication....
[...]
...RNS is useful in speeding up the hardware implementation of modular multiplication and modular exponentiation in Rivest, Shamir and Adleman (RSA) [76] and Elliptic Curve Cryptography (ECC) [77] algorithms....
[...]
TL;DR: A new hardware architecture for ECPM over GF(p) is presented, based on the residue number system (RNS), which encompasses RNS bases with various word-lengths in order to efficiently implement RNS Montgomery multiplication.
Abstract: Elliptic curve point multiplication (ECPM) is one of the most critical operations in elliptic curve cryptography. In this brief, a new hardware architecture for ECPM over GF(p) is presented, based on the residue number system (RNS). The proposed architecture encompasses RNS bases with various word-lengths in order to efficiently implement RNS Montgomery multiplication. Two architectures with four and six pipeline stages are presented, targeted on area-efficient and fast RNS Montgomery multiplication designs, respectively. The fast version of the proposed ECPM architecture achieves higher speeds and the area-efficient version achieves better area-delay tradeoffs compared to state-of-the-art implementations.
85 citations
Cites background or methods from "An RNS Implementation of an $F_{p}$..."
...The field characteristic is p = 2160 + 7 for a 160-b implementation and NIST recommendations for p − 192, p− 224, and p− 256 corresponding to 2192− 264 − 1, 2224 − 296 + 1, and 2256 − 2224 + 2192 + 296 − 1, respectively [4]....
[...]
...One way to speed up the elliptic curve point multiplication (ECPM) is through the residue number system (RNS) representation [4]....
[...]
...In this brief, a new architecture for ECPM was presented, based on efficient RNS bases....
[...]
...The required operations for point addition and doubling are detailed in [4]....
[...]
...Among various ECC implementations [4]–[8], RNS has been recently exploited for ECPM [4], [8]....
[...]
TL;DR: A programmable GF(p) arithmetic unit for elliptic curve cryptography that can perform modular addition, subtraction, multiplication, inversion, and division and is resistant against timing and power attacks is proposed.
Abstract: This paper proposes a programmable GF(p) arithmetic unit for elliptic curve cryptography. The proposed unit can perform modular addition, subtraction, multiplication, inversion, and division. A suitable countermeasure against differential power analysis attack and doubling attack is proposed. An elliptic curve scalar multiplication hardware is subsequently designed for the curves defined over GF(p) using two cores of programmable GF(p) arithmetic unit. It performs point doubling and point addition in each iteration concurrently on two cores. The proposed scalar multiplication hardware is implemented on the Xilinx Virtex-2 Pro FPGA platform. The proposed parallel architecture is inherently programmable, memoryless, and resistant against timing and power attacks. It efficiently optimizes area × time per bit value for elliptic curve scalar multiplication.
61 citations
Cites background from "An RNS Implementation of an $F_{p}$..."
...Among the existing works, the designs in [2] and [3] support only NIST primes [53]....
[...]
TL;DR: This work focuses on ECC over five standard prime fields recommended by the National Institute of Standard and Technology and proposes a novel hardware processor that enables flexible security-performance tradeoffs and flexibility of the processor.
Abstract: Elliptic curve cryptography (ECC) is widely used as an efficient mechanism to secure private data using public-key protocols. We focus on ECC over five standard prime fields recommended by the National Institute of Standard and Technology (with the corresponding prime sizes of 192, 224, 256, 384, and 521 bits) and propose a novel hardware processor that enables flexible security-performance tradeoffs. To enhance performance, our processor exploits parallelism by pipelining modular arithmetic computations and associated input/output data transfers. To enhance security, modular arithmetic computations and associated data transfers are grouped into atomically executed computational blocks. The flexibility of our processor is achieved through the software-controlled hardware programmability, which allows for different scenarios of computing atomic block sequences. A Xilinx Virtex-6 FPGA implementation of the proposed hardware architecture takes between 0.30 ms (192-bit ECC) and 3.91 ms (521-bit ECC) to perform a typical scalar multiplication, which demonstrates both flexibility and efficiency of our processor.
59 citations
References
More filters
TL;DR: The question of primitive points on an elliptic curve modulo p is discussed, and a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point is given.
Abstract: We discuss analogs based on elliptic curves over finite fields of public key cryptosystems which use the multiplicative group of a finite field. These elliptic curve cryptosystems may be more secure, because the analog of the discrete logarithm problem on elliptic curves is likely to be harder than the classical discrete logarithm problem, especially over GF(2'). We discuss the question of primitive points on an elliptic curve modulo p, and give a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point.
5,378 citations
"An RNS Implementation of an $F_{p}$..." refers background in this paper
...I. INTRODUCTION E LLIPTIC curve cryptography (ECC), presented byKoblitz [1] and Miller [2] independently in 1985, has withstood a large number of attacks and has evolved significantly, so that it is considered a mature public-key cryptosystem....
[...]
...E LLIPTIC curve cryptography (ECC), presented by Koblitz [1] and Miller [2] independently in 1985, has withstood a large number of attacks and has evolved significantly, so that it is considered a mature public-key cryptosystem....
[...]
IBM1
TL;DR: In this paper, an analogue of the Diffie-Hellmann key exchange protocol was proposed, which appears to be immune from attacks of the style of Western, Miller, and Adleman.
Abstract: We discuss the use of elliptic curves in cryptography. In particular, we propose an analogue of the Diffie-Hellmann key exchange protocol which appears to be immune from attacks of the style of Western, Miller, and Adleman. With the current bounds for infeasible attack, it appears to be about 20% faster than the Diffie-Hellmann scheme over GF(p). As computational power grows, this disparity should get rapidly bigger.
4,004 citations
Book•
01 Jan 2004
TL;DR: This guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment, as well as side-channel attacks and countermeasures.
Abstract: After two decades of research and development, elliptic curve cryptography now has widespread exposure and acceptance. Industry, banking, and government standards are in place to facilitate extensive deployment of this efficient public-key mechanism. Anchored by a comprehensive treatment of the practical aspects of elliptic curve cryptography (ECC), this guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures. Readers receive the theoretical fundamentals as an underpinning for a wealth of practical and accessible knowledge about efficient application. Features & Benefits: * Breadth of coverage and unified, integrated approach to elliptic curve cryptosystems * Describes important industry and government protocols, such as the FIPS 186-2 standard from the U.S. National Institute for Standards and Technology * Provides full exposition on techniques for efficiently implementing finite-field and elliptic curve arithmetic* Distills complex mathematics and algorithms for easy understanding* Includes useful literature references, a list of algorithms, and appendices on sample parameters, ECC standards, and software toolsThis comprehensive, highly focused reference is a useful and indispensable resource for practitioners, professionals, or researchers in computer science, computer engineering, network design, and network data security.
2,893 citations
TL;DR: A method for multiplying two integers modulo N while avoiding division by N, a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms.
Abstract: Let N > 1. We present a method for multiplying two integers (called N-residues) modulo N while avoiding division by N. N-residues are represented in a nonstandard way, so this method is useful only if several computations are done modulo one N. The addition and subtraction algorithms are unchanged. 1. Description. Some algorithms (1), (2), (4), (5) require extensive modular arith- metic. We propose a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms. Other recent algorithms for modular arithmetic appear in (3), (6). Fix N > 1. Define an A'-residue to be a residue class modulo N. Select a radix R coprime to N (possibly the machine word size or a power thereof) such that R > N and such that computations modulo R are inexpensive to process. Let R~l and N' be integers satisfying 0 N then return t - N else return t ■ To validate REDC, observe mN = TN'N = -Tmod R, so t is an integer. Also, tR = Tmod N so t = TR'X mod N. Thirdly, 0 < T + mN < RN + RN, so 0 < t < 2N. If R and N are large, then T + mN may exceed the largest double-precision value. One can circumvent this by adjusting m so -R < m < 0. Given two numbers x and y between 0 and N - 1 inclusive, let z = REDC(xy). Then z = (xy)R~x mod N, so (xR-l)(yR~x) = zRx mod N. Also, 0 < z < N, so z is the product of x and y in this representation. Other algorithms for operating on N-residues in this representation can be derived from the algorithms normally used. The addition algorithm is unchanged, since xR~x + yR~x = zR~x mod N if and only if x + y = z mod N. Also unchanged are
2,647 citations
Book•
01 Jan 1994
TL;DR: This book covers techniques for synthesis and optimization of digital circuits at the architectural and logic levels, i.e., the generation of performance-and-or area-optimal circuits representations from models in hardware description languages.
Abstract: From the Publisher:
Synthesis and Optimization of Digital Circuits offers a modern, up-to-date look at computer-aided design (CAD) of very large-scale integration (VLSI) circuits. In particular, this book covers techniques for synthesis and optimization of digital circuits at the architectural and logic levels, i.e., the generation of performance-and/or area-optimal circuits representations from models in hardware description languages. The book provides a thorough explanation of synthesis and optimization algorithms accompanied by a sound mathematical formulation and a unified notation. The text covers the following topics: modern hardware description languages (e.g., VHDL, Verilog); architectural-level synthesis of data flow and control units, including algorithms for scheduling and resource binding; combinational logic optimization algorithms for two-level and multiple-level circuits; sequential logic optimization methods; and library binding techniques, including those applicable to FPGAs.
2,311 citations
"An RNS Implementation of an $F_{p}$..." refers background in this paper
...Many abstract models for representing the behavior of an algorithm at the architectural level have been proposed in the technical literature [12]....
[...]