scispace - formally typeset
Search or ask a question
Book

Guide to Elliptic Curve Cryptography

Darrel Hankerson, Alfred Menezes, Scott A. Vanstone
01 Jan 2004-
TL;DR: This guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment, as well as side-channel attacks and countermeasures.
Abstract: After two decades of research and development, elliptic curve cryptography now has widespread exposure and acceptance. Industry, banking, and government standards are in place to facilitate extensive deployment of this efficient public-key mechanism. Anchored by a comprehensive treatment of the practical aspects of elliptic curve cryptography (ECC), this guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures. Readers receive the theoretical fundamentals as an underpinning for a wealth of practical and accessible knowledge about efficient application. Features & Benefits: * Breadth of coverage and unified, integrated approach to elliptic curve cryptosystems * Describes important industry and government protocols, such as the FIPS 186-2 standard from the U.S. National Institute for Standards and Technology * Provides full exposition on techniques for efficiently implementing finite-field and elliptic curve arithmetic* Distills complex mathematics and algorithms for easy understanding* Includes useful literature references, a list of algorithms, and appendices on sample parameters, ECC standards, and software toolsThis comprehensive, highly focused reference is a useful and indispensable resource for practitioners, professionals, or researchers in computer science, computer engineering, network design, and network data security.
Citations
More filters
Journal Article
Comparing elliptic curve cryptography and RSA on 8-bit CPUs

[...]

Nils Gura1, Arun Patel1, Arvinderpal Wander1, Hans Eberle1, Sheueling Chang Shantz1 
Sun Microsystems Laboratories1
01 Jan 2004-Lecture Notes in Computer Science
TL;DR: In this paper, an Atmel ATmega128 at 8 MHz was used to implement ECC point multiplication over fields using pseudo-Mersenne primes as standardized by NIST and SECG.
Abstract: Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication, we propose a new algorithm to reduce the number of memory accesses. Implementation and analysis led to three observations: 1. Public-key cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160-bit ECC point multiplication and 0.43s for a RSA-1024 operation with exponent e = 2 16 +1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.

1,113 citations

Book ChapterDOI
Comparing Elliptic Curve Cryptography and RSA on 8-Bit CPUs

[...]

Nils Gura1, Arun Patel1, Arvinderpal Wander1, Hans Eberle1, Sheueling Chang Shantz1 
Sun Microsystems Laboratories1
11 Aug 2004
TL;DR: To accelerate multiple-precision multiplication, a new algorithm to reduce the number of memory accesses is proposed and implemented elliptic curve point multiplication for 160-bit, 192- bit, and 224-bit NIST/SECG curves over GF(p), RSA-1024 and RSA-2048 on two 8-bit microcontrollers.
Abstract: Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication, we propose a new algorithm to reduce the number of memory accesses.

1,081 citations

Cites background from "Guide to Elliptic Curve Cryptograph..."

  • ...2 For a detailed introduction to ECC the reader is referred to [10]....

    [...]

Proceedings ArticleDOI
TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks

[...]

An Liu1, Peng Ning1
North Carolina State University1
22 Apr 2008
TL;DR: TinyECC is presented, a ready-to-use, publicly available software package for ECC-based PKC operations that can be flexibly configured and integrated into sensor network applications and shows the impacts of individual optimizations on the execution time and resource consumptions.
Abstract: Public key cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to provide PKC support in sensor network applications so that the existing PKC-based solutions can be exploited. This paper presents the design, implementation, and evaluation of TinyECC, a configurable library for ECC operations in wireless sensor networks. The primary objective of TinyECC is to provide a ready-to-use, publicly available software package for ECC-based PKC operations that can be flexibly configured and integrated into sensor network applications. TinyECC provides a number of optimization switches, which can turn specific optimizations on or off based on developers' needs. Different combinations of the optimizations have different execution time and resource consumptions, giving developers great flexibility in integrating TinyECC into sensor network applications. This paper also reports the experimental evaluation of TinyECC on several common sensor platforms, including MICAz, Tmote Sky, and Imotel. The evaluation results show the impacts of individual optimizations on the execution time and resource consumptions, and give the most computationally efficient and the most storage efficient configuration of TinyECC.

966 citations

Journal ArticleDOI
A survey of security issues in wireless sensor networks

[...]

Yong Wang1, Garhan Attebury1, Byrav Ramamurthy1
University of Nebraska–Lincoln1
01 Apr 2006-IEEE Communications Surveys and Tutorials
TL;DR: This article outlines the constraints, security requirements, and attacks with their corresponding countermeasures in WSNs, and presents a holistic view of security issues, classified into five categories: cryptography, key management, secure routing, secure data aggregation, and intrusion detection.
Abstract: Wireless Sensor Networks (WSNs) are used in many applications in military, ecological, and health-related areas These applications often include the monitoring of sensitive information such as enemy movement on the battlefield or the location of personnel in a building Security is therefore important in WSNs However, WSNs suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the use of insecure wireless communication channels These constraints make security in WSNs a challenge In this article we present a survey of security issues in WSNs First we outline the constraints, security requirements, and attacks with their corresponding countermeasures in WSNs We then present a holistic view of security issues These issues are classified into five categories: cryptography, key management, secure routing, secure data aggregation, and intrusion detection Along the way we highlight the advantages and disadvantages of various WSN security protocols and further compare and evaluate these protocols based on each of these five categories We also point out the open research issues in each subarea and conclude with possible future research directions on security in WSNs

929 citations

Cites methods from "Guide to Elliptic Curve Cryptograph..."

  • ...The result is shown in Table 4. The ECC-based signature is generated and verified using the Elliptic Curve Digital Signature Algorithm (ECDSA) [ 41 ]....

    [...]

Proceedings ArticleDOI
Energy analysis of public-key cryptography for wireless sensor networks

[...]

Arvinderpal Wander1, Nils Gura2, Hans Eberle2, Vishal Gupta2, Sheueling Chang Shantz2 
University of California, Santa Cruz1, Sun Microsystems Laboratories2
08 Mar 2005
TL;DR: Measurements on an Atmel ATmega128L low-power microcontroller platform indicate that public-key cryptography is very viable on 8-bit energy-constrained platforms even if implemented in software.
Abstract: In this paper, we quantify the energy cost of authentication and key exchange based on public-key cryptography on an 8-bit microcontroller platform. We present a comparison of two public-key algorithms, RSA and elliptic curve cryptography (ECC), and consider mutual authentication and key exchange between two untrusted parties such as two nodes in a wireless sensor network. Our measurements on an Atmel ATmega128L low-power microcontroller indicate that public-key cryptography is very viable on 8-bit energy-constrained platforms even if implemented in software. We found ECC to have a significant advantage over RSA as it reduces computation time and also the amount of data transmitted and stored.

846 citations

Cites background from "Guide to Elliptic Curve Cryptograph..."

  • ...For applications that do not require secure communication, three factors dominate the overall energy consumed; idle listening, application-specific operations and communication....

    [...]

References
More filters
Book
Quantum Computation and Quantum Information

[...]

Michael A. Nielsen, Isaac L. Chuang
01 Jan 2000
TL;DR: In this article, the quantum Fourier transform and its application in quantum information theory is discussed, and distance measures for quantum information are defined. And quantum error-correction and entropy and information are discussed.
Abstract: Part I Fundamental Concepts: 1 Introduction and overview 2 Introduction to quantum mechanics 3 Introduction to computer science Part II Quantum Computation: 4 Quantum circuits 5 The quantum Fourier transform and its application 6 Quantum search algorithms 7 Quantum computers: physical realization Part III Quantum Information: 8 Quantum noise and quantum operations 9 Distance measures for quantum information 10 Quantum error-correction 11 Entropy and information 12 Quantum information theory Appendices References Index

25,929 citations

Journal ArticleDOI
New Directions in Cryptography

[...]

Whitfield Diffie1, Martin E. Hellman1
Stanford University1
01 Nov 1976-IEEE Transactions on Information Theory
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations

"Guide to Elliptic Curve Cryptograph..." refers background or methods in this paper

  • ...247 Acronyms AES Advanced Encryption Standard AIA Almost Inverse Algorithm ANSI American National Standards Institute ASIC Application-Specific Integrated Circuit BEA Binary Extended Algorithm DES Data Encryption Standard DH Diffie-Hellman DHP Diffie-Hellman Problem DL Discrete Logarithm DLP Discrete Logarithm Problem DPA Differential Power Analysis DSA Digital Signature Algorithm DSS Digital Signature Standard ECC Elliptic Curve Cryptography ECDDHP Elliptic Curve Decision Diffie-Hellman Problem ECDH Elliptic Curve Diffie-Hellman ECDHP Elliptic Curve Diffie-Hellman Problem ECDLP Elliptic Curve Discrete Logarithm Problem ECDSA Elliptic Curve Digital Signature Algorithm ECIES Elliptic Curve Integrated Encryption Scheme EC-KCDSA Elliptic Curve Korean Certificate-based Digital Signature Algorithm ECMQV Elliptic Curve Menezes-Qu-Vanstone EEA Extended Euclidean Algorithm FIPS Federal Information Processing Standards FPGA Field-Programmable Gate Array gcd Greatest Common Divisor GHS Gaudry-Hess-Smart GMR Goldwasser-Micali-Rivest HCDLP Hyperelliptic Curve Discrete Logarithm Problem xviii Acronyms HMAC Hash-based Message Authentication Code IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronics Engineers IFP Integer Factorization Problem ISO International Organization for Standardization JSF Joint Sparse Form KDF Key Derivation Function KEM Key Encapsulation Mechanism LD López-Dahab MAC Message Authentication Code NAF Non-Adjacent Form NESSIE New European Schemes for Signatures, Integrity and Encryption NFS Number Field Sieve NIST National Institute of Standards and Technology OEF Optimal Extension Field PKI Public-Key Infrastructure PSEC Provably Secure Elliptic Curve encryption RSA Rivest-Shamir-Adleman SEC Standards for Efficient Cryptography SECG Standards for Efficient Cryptography Group SHA-1 Secure Hash Algorithm (revised) SIMD Single-Instruction Multiple-Data SPA Simple Power Analysis SSL Secure Sockets Layer STS Station-To-Station TLS Transport Layer Security TNAF τ -adic NAF VLSI Very Large Scale Integration Preface The study of elliptic curves by algebraists, algebraic geometers and number theorists dates back to the middle of the nineteenth century....

    [...]

  • ...4.1 The elliptic curve discrete logarithm problem . . . . . . . . . . . . . 153 4.1.1 Pohlig-Hellman attack . . . . . . . . . . . . . . . . . . . . ....

    [...]

  • ...4 The concept of a signature scheme was introduced in 1976 by Diffie and Hellman [121]....

    [...]

  • ...6 The Diffie-Hellman key agreement protocol was introduced in the landmark paper of Diffie and Hellman [121]....

    [...]

  • ...The notion of public-key cryptography, depicted in Figure 1.2(b), was introduced in 1975 by Diffie, Hellman and Merkle to address the aforementioned shortcomings 1This approach of using a centralized third-party to distribute keys for symmetric-key algorithms to parties as they are needed is used by the Kerberos network authentication protocol for client/server applications....

    [...]

Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems

[...]

Ronald L. Rivest1, Adi Shamir1, Leonard M. Adleman1
Massachusetts Institute of Technology1
01 Feb 1978-Communications of The ACM
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations

Book
Handbook of Applied Cryptography

[...]

Alfred Menezes, Scott A. Vanstone1, Paul C. van Oorschot1
University of Waterloo1
01 Jan 1996
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

13,597 citations

"Guide to Elliptic Curve Cryptograph..." refers background in this paper

  • ...247 Acronyms AES Advanced Encryption Standard AIA Almost Inverse Algorithm ANSI American National Standards Institute ASIC Application-Specific Integrated Circuit BEA Binary Extended Algorithm DES Data Encryption Standard DH Diffie-Hellman DHP Diffie-Hellman Problem DL Discrete Logarithm DLP Discrete Logarithm Problem DPA Differential Power Analysis DSA Digital Signature Algorithm DSS Digital Signature Standard ECC Elliptic Curve Cryptography ECDDHP Elliptic Curve Decision Diffie-Hellman Problem ECDH Elliptic Curve Diffie-Hellman ECDHP Elliptic Curve Diffie-Hellman Problem ECDLP Elliptic Curve Discrete Logarithm Problem ECDSA Elliptic Curve Digital Signature Algorithm ECIES Elliptic Curve Integrated Encryption Scheme EC-KCDSA Elliptic Curve Korean Certificate-based Digital Signature Algorithm ECMQV Elliptic Curve Menezes-Qu-Vanstone EEA Extended Euclidean Algorithm FIPS Federal Information Processing Standards FPGA Field-Programmable Gate Array gcd Greatest Common Divisor GHS Gaudry-Hess-Smart GMR Goldwasser-Micali-Rivest HCDLP Hyperelliptic Curve Discrete Logarithm Problem xviii Acronyms HMAC Hash-based Message Authentication Code IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronics Engineers IFP Integer Factorization Problem ISO International Organization for Standardization JSF Joint Sparse Form KDF Key Derivation Function KEM Key Encapsulation Mechanism LD López-Dahab MAC Message Authentication Code NAF Non-Adjacent Form NESSIE New European Schemes for Signatures, Integrity and Encryption NFS Number Field Sieve NIST National Institute of Standards and Technology OEF Optimal Extension Field PKI Public-Key Infrastructure PSEC Provably Secure Elliptic Curve encryption RSA Rivest-Shamir-Adleman SEC Standards for Efficient Cryptography SECG Standards for Efficient Cryptography Group SHA-1 Secure Hash Algorithm (revised) SIMD Single-Instruction Multiple-Data SPA Simple Power Analysis SSL Secure Sockets Layer STS Station-To-Station TLS Transport Layer Security TNAF τ -adic NAF VLSI Very Large Scale Integration Preface The study of elliptic curves by algebraists, algebraic geometers and number theorists dates back to the middle of the nineteenth century....

    [...]

  • ...2 Menezes, van Oorshot, and Vanstone [319] concisely cover algorithms for ordinary and modular integer arithmetic of practical interest in cryptography....

    [...]

  • ...Guide to Elliptic Curve Cryptography Darrel Hankerson Alfred Menezes Scott Vanstone Springer Guide to Elliptic Curve Cryptography Springer New York Berlin Heidelberg Hong Kong London Milan Paris Tokyo Darrel Hankerson Alfred Menezes Scott Vanstone Guide to Elliptic Curve Cryptography With 38 Illustrations Springer Darrel Hankcrsnn Department of Mathematics Auburn University Auhuni, Al....

    [...]

  • ...Thanks also to Cindy Hankerson and Sherry Shannon-Vanstone for suggestions on the general theme of “curves in nature” represented in the illustrations....

    [...]

  • ...Darrel R. Hankerson, Alfred J. Menezes, Scott A. Vanstone Auburn & Waterloo July 2003 CHAPTER 1 Introduction and Overview Elliptic curves have a rich and beautiful history, having been studied by mathematicians for over a hundred years....

    [...]

Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms

[...]

Taher Elgamal1
Hewlett-Packard1
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

7,514 citations

Related Papers (5)
Elliptic curve cryptosystems

[...]

01 Jan 1987-Mathematics of Computation
Neal Koblitz
Use of Elliptic Curves in Cryptography

[...]

18 Aug 1985
Victor S. Miller
A method for obtaining digital signatures and public-key cryptosystems

[...]

01 Feb 1978-Communications of The ACM
Ronald L. Rivest, Adi Shamir, Leonard M. Adleman
Handbook of Applied Cryptography

[...]

01 Jan 1996
Alfred Menezes, Scott A. Vanstone, Paul C. van Oorschot
New Directions in Cryptography

[...]

01 Nov 1976-IEEE Transactions on Information Theory
Whitfield Diffie, Martin E. Hellman