Efficient Arithmetic for the Implementation of Elliptic Curve Cryptography

The technology of elliptic curve cryptography is now an important branch in public-key based crypto-system. Cryptographic mechanisms based on elliptic curves depend on the arithmetic of points on the curve. The most important arithmetic is multiplying a point on the curve by an integer. This operation is known as elliptic curve scalar (or point) multiplication operation. A cryptographic device is supposed to perform this operation efficiently and securely. The elliptic curve scalar multiplication operation is performed by combining the elliptic curve point routines that are defined in terms of the underlying finite field arithmetic operations. This thesis focuses on hardware architecture designs of elliptic curve operations. In the first part, we aim at finding new architectures to implement the finite field arithmetic multiplication operation more efficiently. In this regard, we propose novel schemes for the serial-out bit-level (SOBL) arithmetic multiplication operation in the polynomial basis over F_2^m. We show that the smallest SOBL scheme presented here can provide about 26-30\% reduction in area-complexity cost and about 22-24\% reduction in power consumptions for F_2^{163} compared to the current state-of-the-art bit-level multiplier schemes. Then, we employ the proposed SOBL schemes to present new hybrid-double multiplication architectures that perform two multiplications with latency comparable to the latency of a single multiplication. Then, in the second part of this thesis, we investigate the different algorithms for the implementation of elliptic curve scalar multiplication operation. We focus our interest in three aspects, namely, the finite field arithmetic cost, the critical path delay, and the protection strength from side-channel attacks (SCAs) based on simple power analysis. In this regard, we propose a novel scheme for the scalar multiplication operation that is based on processing three bits of the scalar in the exact same sequence of five point arithmetic operations. We analyse the security of our scheme and show that its security holds against both SCAs and safe-error fault attacks. In addition, we show how the properties of the proposed elliptic curve scalar multiplication scheme yields an efficient hardware design for the implementation of a single scalar multiplication on a prime extended twisted Edwards curve incorporating 8 parallel multiplication operations. Our comparison results show that the proposed hardware architecture for the twisted Edwards curve model implemented using the proposed scalar multiplication scheme is the fastest secure SCA protected scalar multiplication scheme over prime field reported in the literature

Fast Galois field arithmetic for elliptic curve cryptography and error control codes

Today's computer and network communication systems rely on authenticated and secure transmission of information, which requires computationally efficient and low bandwidth cryptographic algorithms. Among these cryptographic algorithms are the elliptic curve cryptosystems which use the arithmetic of finite fields. Furthermore, the fields of characteristic two are preferred since they provide carry-free arithmetic and at the same time a simple way to represent field elements on current processor architectures. Arithmetic in finite field is analogous to the arithmetic of integers. When performing the multiplication operation, the finite field arithmetic uses reduction modulo the generating polynomial. The generating polynomial is an irreducible polynomial over GF(2), and the degree of this polynomial determines the size of the field, thus the bit-lengths of the operands. The fundamental arithmetic operations in finite fields are addition, multiplication, and inversion operations. The sum of two field elements is computed very easily. However, multiplication operation requires considerably more effort compared to addition. On the other hand, the inversion of a field element requires much more computational effort in terms of time and space. Therefore, we are mainly interested in obtaining implementations of field multiplication and inversion. In this dissertation, we present several new bit-parallel hardware architectures with low space and time complexity. Furthermore, an analysis and refinement of the complexity of an existing hardware algorithm and a software method highly efficient and suitable for implementation on many 32-bit processor architectures are also described

Design of ALU and Cache Memory for an 8 bit ALU

The design of an ALU and a Cache memory for use in a high performance processor was examined in this thesis. Advanced architectures employing increased parallelism were analyzed to minimize the number of execution cycles needed for 8 bit integer arithmetic operations. In addition to the arithmetic unit, an optimized SRAM memory cell was designed to be used as cache memory and as fast Look Up Table. The ALU consists of stand alone units for bit parallel computation of basic integer arithmetic operations. Addition and subtraction were performed using Kogge Stone parallel prefix hardware operating at 330MHz. A high performance multiplier was built using Radix 4 Modified Booth Encoder (MBE) and a Wallace Tree summation array. The multiplier requires single clock cycle for 8 bit integer multiplication and operates at a maximum frequency of 100MHz. Multiplicative division hardware was built for executing both integer division and square root. The division hardware computes 8-bit division and square root in 4 clock cycles. Multiplier forms the basic building block of all these functional units, making high level of resource sharing feasible with this architecture. The optimal operating frequency for the arithmetic unit is 70MHz. A 6T CMOS SRAM cell measuring 90 µm2 was designed using minimum size transistors. The layout allows for horizontal overlap resulting in effective area of 76 µm2 for an 8x8 array. By substituting equivalent bit line capacitance of P4 L1 Cache, the memory was simulated to have a read time of 3.27ns. An optimized set of test vectors were identified to enable high fault coverage without the need for any additional test circuitry. Sixteen test cases were identified that would toggle all the nodes and provide all possible inputs to the sub units of the multiplier. A correlation based semi automatic method was investigated to facilitate test case identification for large multipliers. This method of testability eliminates performance and area overhead associated with conventional testability hardware. Bottom up design methodology was employed for the design. The performance and area metrics are presented along with estimated power consumption. A set of Monte Carlo analysis was carried out to ensure the dependability of the design under process variations as well as fluctuations in operating conditions. The arithmetic unit was found to require a total die area of 2mm2 (approx.) in 0.35 micron process

Design and analysis of efficient and secure elliptic curve cryptoprocessors

Elliptic Curve Cryptosystems have attracted many researchers and have been included in many standards such as IEEE, ANSI, NIST, SEC and WTLS. The ability to use smaller keys and computationally more efficient algorithms compared with earlier public key cryptosystems such as RSA and ElGamal are two main reasons why elliptic curve cryptosystems are becoming more popular. They are considered to be particularly suitable for implementation on smart cards or mobile devices. Power Analysis Attacks on such devices are considered serious threat due to the physical characteristics of these devices and their use in potentially hostile environments. This dissertation investigates elliptic curve cryptoprocessor architectures for curves defined over GF(2m) fields. In this dissertation, new architectures that are suitable for efficient computation of scalar multiplications with resistance against power analysis attacks are proposed and their performance evaluated. This is achieved by exploiting parallelism and randomized processing techniques. Parallelism and randomization are controlled at different levels to provide more efficiency and security. Furthermore, the proposed architectures are flexible enough to allow designers tailor performance and hardware requirements according to their performance and cost objectives. The proposed architectures have been modeled using VHDL and implemented on FPGA platform

Efficient Implementation of Elliptic Curve Cryptography on FPGAs

This work presents the design strategies of an FPGA-based elliptic curve co-processor. Elliptic curve cryptography is an important topic in cryptography due to its relatively short key length and higher efficiency as compared to other well-known public key crypto-systems like RSA. The most important contributions of this work are: - Analyzing how different representations of finite fields and points on elliptic curves effect the performance of an elliptic curve co-processor and implementing a high performance co-processor. - Proposing a novel dynamic programming approach to find the optimum combination of different recursive polynomial multiplication methods. Here optimum means the method which has the smallest number of bit operations. - Designing a new normal-basis multiplier which is based on polynomial multipliers. The most important part of this multiplier is a circuit of size $O(n \log n)$ for changing the representation between polynomial and normal basis

Key Randomization Countermeasures to Power Analysis Attacks on Elliptic Curve Cryptosystems

It is essential to secure the implementation of cryptosystems in embedded devices agains side-channel attacks. Namely, in order to resist differential (DPA) attacks, randomization techniques should be employed to decorrelate the data processed by the device from secret key parts resulting in the value of this data. Among the countermeasures that appeared in the literature were those that resulted in a random representation of the key known as the binary signed digit representation (BSD). We have discovered some interesting properties related to the number of possible BSD representations for an integer and we have proposed a different randomization algorithm. We have also carried our study to the $\tau$-adic representation of integers which is employed in elliptic curve cryptosystems (ECCs) using Koblitz curves. We have then dealt with another randomization countermeasure which is based on randomly splitting the key. We have investigated the secure employment of this countermeasure in the context of ECCs

EcGFp5: a Specialized Elliptic Curve

We present here the design and implementation of ecGFp5, an elliptic curve meant for a specific compute model in which operations modulo a given 64-bit prime are especially efficient. This model is primarily intended for running operations in a virtual machine that produces and verifies zero-knowledge STARK proofs. We describe here the choice of a secure curve, amenable to safe cryptographic operations such as digital signatures, that maps to such models, while still providing reasonable performance on general purpose computers