A comparison of different finite fields for elliptic curve cryptosystems

AbstractWe examine the relative efficiency of four methods for finite field representation in the context of elliptic curve cryptography (ECC). We conclude that a set of fields called the optimized extension fields (OEFs) give greater performance, even when used with affine coordinates, when compared against the type of fields recommended in the emerging ECC standards. Although this performance advantage is only marginal, and hence, there is probably no need to change the current standards to allow OEF fields in standards compliant implementations

Low-Weight Primes for Lightweight Elliptic Curve Cryptography on 8-bit AVR Processors

Small 8-bit RISC processors and micro-controllers based on the AVR instruction set architecture are widely used in the embedded domain with applications ranging from smartcards over control systems to wireless sensor nodes. Many of these applications require asymmetric encryption or authentication, which has spurred a body of research into implementation aspects of Elliptic Curve Cryptography (ECC) on the AVR platform. In this paper, we study the suitability of a special class of finite fields, the so-called Optimal Prime Fields (OPFs), for a "lightweight" implementation of ECC with a view towards high performance and security. An OPF is a finite field Fp defined by a prime of the form p = u*2^k + v, whereby both u and v are "small" (in relation to 2^k) so that they fit into one or two registers of an AVR processor. OPFs have a low Hamming weight, which allows for a very efficient implementation of the modular reduction since only the non-zero words of p need to be processed. We describe a special variant of Montgomery multiplication for OPFs that does not execute any input-dependent conditional statements (e.g. branch instructions) and is, hence, resistant against certain side-channel attacks. When executed on an Atmel ATmega processor, a multiplication in a 160-bit OPF takes just 3237 cycles, which compares favorably with other implementations of 160-bit modular multiplication on an 8-bit processor. We also describe a performance-optimized and a security-optimized implementation of elliptic curve scalar multiplication over OPFs. The former uses a GLV curve and executes in 4.19M cycles (over a 160-bit OPF), while the latter is based on a Montgomery curve and has an execution time of approximately 5.93M cycles. Both results improve the state-of-the-art in lightweight ECC on 8-bit processors

Elliptic Curve Cryptography On Smart Cards Without Coprocessors

This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other cost-sensitive devices. The implementation is based on the use of the finite field GF ((2 8 - 17) 17 ) which is particularly suited for low end 8-bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii's inversion algorithm is used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2 134 in less than 2 seconds. Unlike other implementations, we do not make use of curves defined over a subfield such as Koblitz curves. 1 2 Keywords: finite fields, fast arithmetic, Optimal Extension Fields, mo..

Customisable arithmetic hardware designs

Imperial Users onl

Securing group communication in dynamic, disadvantaged networks : implementation of an elliptic-curve pairing-based cryptography library

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 155-158).This thesis considers the problem of securing communication among dynamic groups of participants without relying on an online group keying service. As a solution, we offer the design and implementation of the Public Key Group Encryption (PKGE) service. It is a cryptography library, written in C, and designed to be shared among all communications applications on any particular system. PKGE imposes low communication overhead and embraces disconnected operation, making it especially appropriate for deployment in low-bandwidth tactical environments. PKGE provides forward-secure confidentiality and authentication among any subset of users using small communication overhead by bringing together a number of modern cryptographic developments, with the piece de resistance being the elliptic curve-based Collusion-Resistant Broadcast Encryption. The focus of this thesis is primarily the engineering and synthesis of known theoretical schemes; we also present novel extensions to the Boneh-Gentry-Waters encryption scheme. 1. Forward secrecy: Add forward secrecy to the scheme at a cost of T private keys for T security epochs. 2. Optimized session protocols: Sidestep the majority of costs in computation and bandwidth. 3. Cheap over-provisioning of system capacity: Support up to 232 users for resource costs proportional only to the number actually registered. 4. Chosen Ciphertext Attack (CCA) Security: Elevate security from CPA to CCA strength. Using PKGE, we have developed a plugin for Gaim2 as a motivating launch application. The plugin both demonstrates the use of PKGE and enables secure conferencing over the range of Gaim-supported protocols, including Jabber, IRC, AIM, and ICQ. PKGE and its Gaim plugin may be run and further developed under MS Windows, Mac OS X, and Linux operating systems.by Rob Figueiredo.M.Eng