Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

Efficient implementation of the number theoretic transform(NTT), also known as the discrete Fourier transform(DFT) over a finite field, has been studied actively for decades and found many applications in digital signal processing. In 1971 Schonhage and Strassen proposed an NTT based asymptotically fast multiplication method with the asymptotic complexity O(m log m log log m) for multiplication of $m$-bit integers or (m-1)st degree polynomials. Schonhage and Strassen\u27s algorithm was known to be the asymptotically fastest multiplication algorithm until Furer improved upon it in 2007. However, unfortunately, both algorithms bear significant overhead due to the conversions between the time and frequency domains which makes them impractical for small operands, e.g. less than 1000 bits in length as used in many applications. With this work we investigate for the first time the practical application of the NTT, which found applications in digital signal processing, to finite field multiplication with an emphasis on elliptic curve cryptography(ECC). We present efficient parameters for practical application of NTT based finite field multiplication to ECC which requires key and operand sizes as short as 160 bits in length. With this work, for the first time, the use of NTT based finite field arithmetic is proposed for ECC and shown to be efficient. We introduce an efficient algorithm, named DFT modular multiplication, for computing Montgomery products of polynomials in the frequency domain which facilitates efficient multiplication in GF(p^m). Our algorithm performs the entire modular multiplication, including modular reduction, in the frequency domain, and thus eliminates costly back and forth conversions between the frequency and time domains. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to ECC. This work presents the first hardware implementation of a frequency domain multiplier suitable for ECC and the first hardware implementation of ECC in the frequency domain. We introduce a novel area/time efficient ECC processor architecture which performs all finite field arithmetic operations in the frequency domain utilizing DFT modular multiplication over a class of Optimal Extension Fields(OEF). The proposed architecture achieves extension field modular multiplication in the frequency domain with only a linear number of base field GF(p) multiplications in addition to a quadratic number of simpler operations such as addition and bitwise rotation. With its low area and high speed, the proposed architecture is well suited for ECC in small device environments such as smart cards and wireless sensor networks nodes. Finally, we propose an adaptation of the Itoh-Tsujii algorithm to the frequency domain which can achieve efficient inversion in a class of OEFs relevant to ECC. This is the first time a frequency domain finite field inversion algorithm is proposed for ECC and we believe our algorithm will be well suited for efficient constrained hardware implementations of ECC in affine coordinates

Efficient Algorithms for Finite Fields, with Applications in Elliptic Curve Cryptography

This thesis introduces a new tower field representation, optimal tower fields (OTFs), that facilitates efficient finite field operations. The recursive direct inversion method presented for OTFs has significantly lower complexity than the known best method for inversion in optimal extension fields (OEFs), i.e., Itoh-Tsujii\u27s inversion technique. The complexity of OTF inversion algorithm is shown to be O(m^2), significantly better than that of the Itoh-Tsujii algorithm, i.e. O(m^2(log_2 m)). This complexity is further improved to O(m^(log_2 3)) by utilizing the Karatsuba-Ofman algorithm. In addition, it is shown that OTFs are in fact a special class of OEFs and OTF elements may be converted to OEF representation via a simple permutation of the coefficients. Hence, OTF operations may be utilized to achieve the OEF arithmetic operations whenever a corresponding OTF representation exists. While the original OTF multiplication and squaring operations require slightly more additions than their OEF counterparts, due to the free conversion, both OTF operations may be achieved with the complexity of OEF operations. Furthermore, efficient finite field algorithms are introduced which significantly improve OTF multiplication and squaring operations. The OTF inversion algorithm was implemented on the ARM family of processors for a medium and a large sized field whose elements can be represented with 192 and 320 bits, respectively. In the implementation, the new OTF inversion algorithm ran at least six to eight times faster than the known best method for inversion in OEFs, i.e., Itoh-Tsujii inversion technique. According to the implementation results obtained, it is indicated that using the OTF inversion method an elliptic curve scalar point multiplication operation can be performed at least two to three times faster than the known best implementation for the selected fields

Elliptic Curve Cryptography for Wireless Sensor Networks Using the Number Theoretic Transform

We implement elliptic curve cryptography on the MSP430 which is a commonly used microcontroller in wireless sensor network nodes. We use the number theoretic transform to perform finite field multiplication and squaring as required in elliptic curve scalar point multiplication. We take advantage of the fast Fourier transform for the first time in the literature to speed up the number theoretic transform for an efficient realization of elliptic curve cryptography. Our implementation achieves elliptic curve scalar point multiplication in only 0.65 s and 1.31 s for multiplication of fixed and random points, respectively, and has similar or better timing performance compared to previous works in the literature

A Novel Approach for Efficient Mitigation against the SIP-Based DRDoS Attack

Voice over Internet Protocol (VoIP) and its underlying Session Initiation Protocol (SIP) are widely deployed technologies since they provide an efficient and fast means of both voice and data communication over a single network. However, in spite of their advantages, they also have their security threats due to the inherent vulnerabilities in the underlying Internet Protocol (IP) that can potentially be exploited by hackers. This study introduces a novel defense mechanism to effectively combat advanced attacks that exploit vulnerabilities identified in some less-known features of SIP. The SIP-DRDoS (SIP-based distributed reflection denial of service) attack, which can survive the existing security systems, is an advanced attack that can be performed on an SIP network through the multiplication of legitimate traffic. In this study, we propose a novel defense mechanism that consists of statistics, inspection, and action modules to mitigate the SIP-DRDoS attack. We implement the SIP-DRDoS attack by utilizing our SIP-based audit and attack software in our VoIP/SIP security lab environment that simulates an enterprise-grade SIP network. We then utilize our SIP-based defense tool to realize our novel defense mechanism against the SIP-DRDoS attack. Our experimental results prove that our defense approach can do a deep packet analysis for SIP traffic, detect SIP flood attacks, and mitigate them by dropping attack packets. While the SIP-DRDoS attack with around 1 Gbps of traffic dramatically escalates the CPU (central processing unit) usage of the SIP server by up to 74%, our defense mechanism effectively reduces it down to 17% within 6 min after the attack is initiated. Our approach represents a significant advancement over the existing defense mechanisms and demonstrates the potential to effectively protect VoIP systems against SIP-based DRDoS attacks

A Novel Approach for Efficient Mitigation against the SIP-Based DRDoS Attack

Voice over Internet Protocol (VoIP) and its underlying Session Initiation Protocol (SIP) are widely deployed technologies since they provide an efficient and fast means of both voice and data communication over a single network. However, in spite of their advantages, they also have their security threats due to the inherent vulnerabilities in the underlying Internet Protocol (IP) that can potentially be exploited by hackers. This study introduces a novel defense mechanism to effectively combat advanced attacks that exploit vulnerabilities identified in some less-known features of SIP. The SIP-DRDoS (SIP-based distributed reflection denial of service) attack, which can survive the existing security systems, is an advanced attack that can be performed on an SIP network through the multiplication of legitimate traffic. In this study, we propose a novel defense mechanism that consists of statistics, inspection, and action modules to mitigate the SIP-DRDoS attack. We implement the SIP-DRDoS attack by utilizing our SIP-based audit and attack software in our VoIP/SIP security lab environment that simulates an enterprise-grade SIP network. We then utilize our SIP-based defense tool to realize our novel defense mechanism against the SIP-DRDoS attack. Our experimental results prove that our defense approach can do a deep packet analysis for SIP traffic, detect SIP flood attacks, and mitigate them by dropping attack packets. While the SIP-DRDoS attack with around 1 Gbps of traffic dramatically escalates the CPU (central processing unit) usage of the SIP server by up to 74%, our defense mechanism effectively reduces it down to 17% within 6 min after the attack is initiated. Our approach represents a significant advancement over the existing defense mechanisms and demonstrates the potential to effectively protect VoIP systems against SIP-based DRDoS attacks

Implementing RSA for Wireless Sensor Nodes

As wireless sensor networks (WSNs) become more widespread, potential attacks against them also increase and applying cryptography becomes inevitable to make secure WSN nodes. WSN nodes typically contain only a constrained microcontroller, such as MSP430, Atmega, etc., and running public key cryptography on these constrained devices is considered a challenge. Since WSN nodes are spread around in the field, the distribution of the shared private key, which is used in a symmetric key cryptographic algorithm for securing communications, is a problem. Thus, it is necessary to use public key cryptography to effectively solve the key distribution problem. The RSA cryptosystem, which requires at least a 1024-bit key, is the most widely used public key cryptographic algorithm. However, its large key size is considered a drawback for resource constrained microcontrollers. On the other hand, RSA allows for extremely fast digital signature generation which may make it desirable in applications where messages transmitted by sensor nodes need to be authenticated. Furthermore, for compatibility with an existing communication infrastructure, it may be desirable to adopt RSA in a WSN setting. With this work, we show that, in spite of its long key size, RSA is applicable for wireless sensor networks when optimized arithmetic, low-level coding and some acceleration algorithms are used. We pick three versions of the MSP430 microcontroller, which is used widely on wireless sensor network nodes, and implement 1024-bit RSA on them. Our implementation achieves 1024-bit RSA encryption and decryption operations on MSP430 in only 0.047 s and 1.14 s, respectively. In order to achieve these timings, we utilize several acceleration techniques, such as the subtractive Karatsuba-Ofman, Montgomery multiplication, operand scanning, Chinese remainder theorem and sliding window method. To the best of our knowledge, our timings for 1024-bit RSA encryption and decryption operations are the fastest reported timings in the literature for the MSP430 microcontroller

Highly-parallel Montgomery multiplication for multi-core general-purpose microprocessors

Popular public key algorithms such as RSA and Diffie-Hellman key exchange, and more advanced cryptographic schemes such as Paillier\u27s and Damgård-Jurik\u27s algorithms (with applications in private information retrieval), require efficient modular multiplication with large integers of size at least 1024 bits. Montgomery multiplication algorithm has proven successful for modular multiplication of large integers. While general purpose multi-core processors have become the mainstream on desktop as well as portable computers, utilization of their computing resources have been largely overlooked when it comes to performing computationally intensive cryptographic operations. In this work, we propose a new parallel Montgomery multiplication algorithm which exhibits up to 39% better performance than the known best serial Montgomery multiplication variant for the bit-lengths of 2048 or larger. Furthermore, for bit-lengths of 4096 or larger, the proposed algorithm exhibits better performance utilizing multiple cores available. It achieves speedups of up to 81%, 3.37 times and 4.87 times for the used general-purpose microprocessors with 2, 4 and 6 cores, respectively. To our knowledge, this is the first work that shows with actual implementation results that Montgomery multiplication can be practically parallelized on general-purpose multi-core processors