Efficient Algorithms for Elliptic Curve Cryptosystems

Elliptic curves are the basis for a relative new class of public-key schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into low-level algorithms, which deal with arithmetic in the underlying finite field and high-level algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the Karatsuba-Ofman Algorithm to multiplication in composite fields GF((2n)m). The second algorithm deals with efficient inversion in composite Galois fields of the form GF((2n)m). The third algorithm is an entirely new approach which accelerates the multiplication of points which is the core operation in elliptic curve public-key systems. The algorithm explores computational advantages by computing repeated point doublings directly through closed formulae rather than from individual point doublings. Finally we apply all three algorithms to an implementation of an elliptic curve system over GF((216)11). We provide ablolute performance measures for the field operations and for an entire point multiplication. We also show the improvements gained by the new point multiplication algorithm in conjunction with the k-ary and improved k-ary methods for exponentiation

Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)

For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the state-of-the-art considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance

Implementação eficiente em software de criptossistemas de curvas elipticas

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: A criptografia de chave-pública é, reconhecidamente, uma ferramenta muito útil para prover requisitos de segurança tais como confidencialidade, integridade, autenticidade e não-repudio, parte integrante das comunicações. A principal vantagem dos criptossistemas de curvas elípticas (CCE) em relação a outras tecnologias de chave-pública concorrentes tais como RSA e DSA, é que parâmetros significativamente menores podem ser usados nos CCE com o mesmo nível de segurança. Essa vantagem é especialmente importante em aplicações em ambientes computacionais limitados como cartões inteligentes, telefones celulares, computadores de bolso e pagers. De um ponto de vista prático, a implementação dos CCE apresenta vários desafios. Uma aplicação baseada nos CCE precisa que várias escolhas sejam feitas tais como o nível de segurança, algoritmos para implementar a aritmética no corpo finito subjacente, algoritmos para implementar a aritmética na curva elíptica, protocolos de curvas elípticas e a plataforma computacional. Essas escolhas podem ter um grande impacto no desempenho da aplicação resultante. Esta dissertação trata do desenvolvimento de algoritmos eficientes para implementação em software de criptossistemas de curvas elípticas sobre o corpo finito F2m. Neste contexto, foram desenvolvidos métodos eficientes para implementar a aritmética no corpo finito F2m, e para calcular múltiplos de um ponto elíptico, a operação fundamental da criptografia pública baseada em curvas elípticas. Nesta dissertação também foi abordado o problema da implementação eficiente em software dos algoritmos propostos, em diferentes plataformas computacionais tais como PCs, estações de trabalho, e em dispositivos limitados como o pager da RIM.Abstract: It is widely recognized that public-key cryptography is an important tool for providing security services such as confidentiality, data integrity, authentication and non-repudiation, which are requirements present in almost all communications. The main advantage of elliptic curve cryptography (ECC) over competing public-key technologies such as RSA and DSA is that significantly smaller parameters can be used in ECC, but with equivalent levels of security. This advantage is especially important for applications on constrained environments such as smart cards, cell phones, personal device assistants, and pagers. From a practical point of view, the implementation of ECC presents various challenges. An ECC-based application requires that several choices be made including the security level, algorithms for implementing the finite field arithmetic, algorithms for implementing the elliptic group operation, elliptic curve protocols, and the computer platform. These choices may have a significant impact on the performance of the resulting application. This dissertation focuses on developing efficient algorithms for software implementation of ECC over F2m. In this framework, we study different ways of efficiently implementing arithmetic in F2¿, and computing an elliptic scalar multiplication, the central operation of public-key cryptography based on elliptic curves. We also concentrate on the software implementation of these algorithms for different platforms including PCs, workstations, and constrained devices such as the RIM interactive pager. This dissertation is a collection of five papers written in English, with an introduction and conclusions written in Portuguese.DoutoradoDoutor em Ciência da Computaçã

A microcoded elliptic curve cryptographic processor.

Leung Ka Ho.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves [85]-90).Abstracts in English and Chinese.Abstract --- p.iAcknowledgments --- p.iiiList of Figures --- p.ixList of Tables --- p.xiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- Aims --- p.3Chapter 1.3 --- Contributions --- p.3Chapter 1.4 --- Thesis Outline --- p.4Chapter 2 --- Cryptography --- p.6Chapter 2.1 --- Introduction --- p.6Chapter 2.2 --- Foundations --- p.6Chapter 2.3 --- Secret Key Cryptosystems --- p.8Chapter 2.4 --- Public Key Cryptosystems --- p.9Chapter 2.4.1 --- One-way Function --- p.10Chapter 2.4.2 --- Certification Authority --- p.10Chapter 2.4.3 --- Discrete Logarithm Problem --- p.11Chapter 2.4.4 --- RSA vs. ECC --- p.12Chapter 2.4.5 --- Key Exchange Protocol --- p.13Chapter 2.4.6 --- Digital Signature --- p.14Chapter 2.5 --- Secret Key vs. Public Key Cryptography --- p.16Chapter 2.6 --- Summary --- p.18Chapter 3 --- Mathematical Background --- p.19Chapter 3.1 --- Introduction --- p.19Chapter 3.2 --- Groups and Fields --- p.19Chapter 3.3 --- Finite Fields --- p.21Chapter 3.4 --- Modular Arithmetic --- p.21Chapter 3.5 --- Polynomial Basis --- p.21Chapter 3.6 --- Optimal Normal Basis --- p.22Chapter 3.6.1 --- Addition --- p.23Chapter 3.6.2 --- Squaring --- p.24Chapter 3.6.3 --- Multiplication --- p.24Chapter 3.6.4 --- Inversion --- p.30Chapter 3.7 --- Summary --- p.33Chapter 4 --- Literature Review --- p.34Chapter 4.1 --- Introduction --- p.34Chapter 4.2 --- Hardware Elliptic Curve Implementation --- p.34Chapter 4.2.1 --- Field Processors --- p.34Chapter 4.2.2 --- Curve Processors --- p.36Chapter 4.3 --- Software Elliptic Curve Implementation --- p.36Chapter 4.4 --- Summary --- p.38Chapter 5 --- Introduction to Elliptic Curves --- p.39Chapter 5.1 --- Introduction --- p.39Chapter 5.2 --- Historical Background --- p.39Chapter 5.3 --- Elliptic Curves over R2 --- p.40Chapter 5.3.1 --- Curve Addition and Doubling --- p.41Chapter 5.4 --- Elliptic Curves over Finite Fields --- p.44Chapter 5.4.1 --- Elliptic Curves over Fp with p>〉3 --- p.44Chapter 5.4.2 --- Elliptic Curves over F2n --- p.45Chapter 5.4.3 --- Operations of Elliptic Curves over F2n --- p.46Chapter 5.4.4 --- Curve Multiplication --- p.49Chapter 5.5 --- Elliptic Curve Discrete Logarithm Problem --- p.51Chapter 5.6 --- Public Key Cryptography --- p.52Chapter 5.7 --- Elliptic Curve Diffie-Hellman Key Exchange --- p.54Chapter 5.8 --- Summary --- p.55Chapter 6 --- Design Methodology --- p.56Chapter 6.1 --- Introduction --- p.56Chapter 6.2 --- CAD Tools --- p.56Chapter 6.3 --- Hardware Platform --- p.59Chapter 6.3.1 --- FPGA --- p.59Chapter 6.3.2 --- Reconfigurable Hardware Computing --- p.62Chapter 6.4 --- Elliptic Curve Processor Architecture --- p.63Chapter 6.4.1 --- Arithmetic Logic Unit (ALU) --- p.64Chapter 6.4.2 --- Register File --- p.68Chapter 6.4.3 --- Microcode --- p.69Chapter 6.5 --- Parameterized Module Generator --- p.72Chapter 6.6 --- Microcode Toolkit --- p.73Chapter 6.7 --- Initialization by Bitstream Reconfiguration --- p.74Chapter 6.8 --- Summary --- p.75Chapter 7 --- Results --- p.76Chapter 7.1 --- Introduction --- p.76Chapter 7.2 --- Elliptic Curve Processor with Serial Multiplier (p = 1) --- p.76Chapter 7.3 --- Projective verses Affine Coordinates --- p.78Chapter 7.4 --- Elliptic Curve Processor with Parallel Multiplier (p > 1) --- p.79Chapter 7.5 --- Summary --- p.80Chapter 8 --- Conclusion --- p.82Chapter 8.1 --- Recommendations for Future Research --- p.83Bibliography --- p.85Chapter A --- Elliptic Curves in Characteristics 2 and3 --- p.91Chapter A.1 --- Introduction --- p.91Chapter A.2 --- Derivations --- p.91Chapter A.3 --- "Elliptic Curves over Finite Fields of Characteristic ≠ 2,3" --- p.92Chapter A.4 --- Elliptic Curves over Finite Fields of Characteristic = 2 --- p.94Chapter B --- Examples of Curve Multiplication --- p.95Chapter B.1 --- Introduction --- p.95Chapter B.2 --- Numerical Results --- p.9

Cryptographic Key Distribution In Wireless Sensor Networks Using Bilinear Pairings

It is envisaged that the use of cheap and tiny wireless sensors will soon bring a third wave of evolution in computing systems. Billions of wireless senor nodes will provide a bridge between information systems and the physical world. Wireless nodes deployed around the globe will monitor the surrounding environment as well as gather information about the people therein. It is clear that this revolution will put security solutions to a great test. Wireless Sensor Networks (WSNs) are a challenging environment for applying security services. They differ in many aspects from traditional fixed networks, and standard cryptographic solutions cannot be used in this application space. Despite many research efforts, key distribution in WSNs still remains an open problem. Many of the proposed schemes suffer from high communication overhead and storage costs, low scalability and poor resilience against different types of attacks. The exclusive usage of simple and energy efficient symmetric cryptography primitives does not solve the security problem. On the other hand a full public key infrastructure which uses asymmetric techniques, digital signatures and certificate authorities seems to be far too complex for a constrained WSN environment. This thesis investigates a new approach to WSN security which addresses many of the shortcomings of existing mechanisms. It presents a detailed description on how to provide practical Public Key Cryptography solutions for wireless sensor networks. The contributions to the state-of-the-art are added on all levels of development beginning with the basic arithmetic operations and finishing with complete security protocols. This work includes a survey of different key distribution protocols that have been developed for WSNs, with an evaluation of their limitations. It also proposes Identity- Based Cryptography (IBC) as an ideal technique for key distribution in sensor networks. It presents the first in-depth study of the application and implementation of Pairing- Based Cryptography (PBC) to WSNs. This is followed by a presentation of the state of the art on the software implementation of Elliptic Curve Cryptography (ECC) on typical WSNplatforms. New optimized algorithms for performing multiprecision multiplication on a broad range of low-end CPUs are introduced as well. Three novel protocols for key distribution are proposed in this thesis. Two of these are intended for non-interactive key exchange in flat and clustered networks respectively. A third key distribution protocol uses Identity-Based Encryption (IBE) to secure communication within a heterogeneous sensor network. This thesis includes also a comprehensive security evaluation that shows that proposed schemes are resistant to various attacks that are specific to WSNs. This work shows that by using the newest achievements in cryptography like pairings and IBC it is possible to deliver affordable public-key cryptographic solutions and to apply a sufficient level of security for the most demanding WSN applications

Efficient software implementation of elliptic curves and bilinear pairings

Orientador: Júlio César Lopez HernándezTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O advento da criptografia assimétrica ou de chave pública possibilitou a aplicação de criptografia em novos cenários, como assinaturas digitais e comércio eletrônico, tornando-a componente vital para o fornecimento de confidencialidade e autenticação em meios de comunicação. Dentre os métodos mais eficientes de criptografia assimétrica, a criptografia de curvas elípticas destaca-se pelos baixos requisitos de armazenamento para chaves e custo computacional para execução. A descoberta relativamente recente da criptografia baseada em emparelhamentos bilineares sobre curvas elípticas permitiu ainda sua flexibilização e a construção de sistemas criptográficos com propriedades inovadoras, como sistemas baseados em identidades e suas variantes. Porém, o custo computacional de criptossistemas baseados em emparelhamentos ainda permanece significativamente maior do que os assimétricos tradicionais, representando um obstáculo para sua adoção, especialmente em dispositivos com recursos limitados. As contribuições deste trabalho objetivam aprimorar o desempenho de criptossistemas baseados em curvas elípticas e emparelhamentos bilineares e consistem em: (i) implementação eficiente de corpos binários em arquiteturas embutidas de 8 bits (microcontroladores presentes em sensores sem fio); (ii) formulação eficiente de aritmética em corpos binários para conjuntos vetoriais de arquiteturas de 64 bits e famílias mais recentes de processadores desktop dotadas de suporte nativo à multiplicação em corpos binários; (iii) técnicas para implementação serial e paralela de curvas elípticas binárias e emparelhamentos bilineares simétricos e assimétricos definidos sobre corpos primos ou binários. Estas contribuições permitiram obter significativos ganhos de desempenho e, conseqüentemente, uma série de recordes de velocidade para o cálculo de diversos algoritmos criptográficos relevantes em arquiteturas modernas que vão de sistemas embarcados de 8 bits a processadores com 8 coresAbstract: The development of asymmetric or public key cryptography made possible new applications of cryptography such as digital signatures and electronic commerce. Cryptography is now a vital component for providing confidentiality and authentication in communication infra-structures. Elliptic Curve Cryptography is among the most efficient public-key methods because of its low storage and computational requirements. The relatively recent advent of Pairing-Based Cryptography allowed the further construction of flexible and innovative cryptographic solutions like Identity-Based Cryptography and variants. However, the computational cost of pairing-based cryptosystems remains significantly higher than traditional public key cryptosystems and thus an important obstacle for adoption, specially in resource-constrained devices. The main contributions of this work aim to improve the performance of curve-based cryptosystems, consisting of: (i) efficient implementation of binary fields in 8-bit microcontrollers embedded in sensor network nodes; (ii) efficient formulation of binary field arithmetic in terms of vector instructions present in 64-bit architectures, and on the recently-introduced native support for binary field multiplication in the latest Intel microarchitecture families; (iii) techniques for serial and parallel implementation of binary elliptic curves and symmetric and asymmetric pairings defined over prime and binary fields. These contributions produced important performance improvements and, consequently, several speed records for computing relevant cryptographic algorithms in modern computer architectures ranging from embedded 8-bit microcontrollers to 8-core processorsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã

FPGA and ASIC Implementations of the ηT\eta_T Pairing in Characteristic Three

Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient algorithms and implementations of pairing primitives, the study of hardware accelerators became an active research area. In this paper, we propose two coprocessors for the reduced $\eta_T$ pairing introduced by Barreto {\it et al.} as an alternative means of computing the Tate pairing on supersingular elliptic curves. We prototyped our architectures on FPGAs. According to our place-and-route results, our coprocessors compare favorably with other solutions described in the open literature. We also present the first ASIC implementation of the reduced $\eta_T$ pairing