Advertisement

Journal of Cryptographic Engineering

, Volume 2, Issue 4, pp 221–240 | Cite as

Co-\(Z\) ECC scalar multiplications for hardware, software and hardware–software co-design on embedded systems

  • Brian BaldwinEmail author
  • Raveen R. Goundar
  • Mark Hamilton
  • William P. Marnane
Regular Paper

Abstract

Recent elliptic curve scalar multiplication algorithms are based on efficient co-\(Z\) arithmetics. These arithmetics were initially introduced by Meloni in 2007 where addition of projective points share the same \(Z\)-coordinate. The co-\(Z\) version algorithms are sufficiently fast and secure against a large variety of implementation attacks. This paper analyses the performance of these algorithms in hardware and then compares them against software and hardware–software co-design environments on FPGA, in terms of speed, memory, power and energy consumption. Specifically, this paper presents a survey and performance comparison of implementations of co-\(Z\) versions of the Montgomery ladder and the Joye’s double-add algorithm in an embedded system environment.

Keywords

Elliptic curves regular ladders FPGA Microblaze Hardware Hardware–software co-design 

References

  1. 1.
    National Institute of Advanced Industrial Science and Technology (AIST), Research Center for Information Security (RCIS), Sidechannel Attack Standard, Evaluation Board (SASEBO) (2009)Google Scholar
  2. 2.
    Avanzi, R., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)Google Scholar
  3. 3.
    Avanzi, R.M.: Side channel attacks on implementations of curve-based cryptographic primitives. Cryptology ePrint Archive, Report 2005/017 (2005). http://eprint.iacr.org/
  4. 4.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005)Google Scholar
  5. 5.
    Brier, E., Joye, M.: Weierstraß Elliptic curve and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) Public key cryptography—PKC 2002. Lecture Notes in Computer Science, vol. 2274, pp. 335–345. Springer, Berlin (2002)Google Scholar
  6. 6.
    Byrne, A., Meloni, N., Crowe, F., Marnane, W.P., Tisserand, A., Popovici, E.M.: SPA resistant elliptic curve cryptosystem using addition chains. Int. J. High Perform. Syst. Archit. 1(2), 133–142 (2007)CrossRefGoogle Scholar
  7. 7.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Square always exponentiation. In: Springer (ed.) 12th International Conference on Cryptology in India—INDOCRYPT 2011. LNCS, Chennai, India (2011). http://hal.inria.fr/inria-00633545
  8. 8.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) Advances in Cryptology—ASIACRYPT ’98. Lecture Notes in Computer Science, vol. 1514, pp. 51–65. Springer, Berlin (1998)Google Scholar
  9. 9.
    Coron, J.S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems (CHES ’99). Lecture Notes in Computer Science, vol. 1717, pp. 292–302. Springer, Berlin (1999)Google Scholar
  10. 10.
    European Network of Excellence in Cryptology II: ECRYPT II Yearly Report on Algorithms and Keysizes (2010)Google Scholar
  11. 11.
    Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P.: Parallel scalar multiplication on general elliptic curves over \(\mathbb{F}_p\) hedged against non-differential side-channel attacks. Cryptology ePrint Archive, Report 2002/007 (2002). http://eprint.iacr.org/
  12. 12.
    Galbraith, S., Lin, X., Scott, M.: A faster way to do ECC. In: Presented at 12th Workshop on Elliptic Curve Cryptography (ECC 2008), Utrecht, The Netherlands (2008). Slides available at URL http://www.hyperelliptic.org/tanja/conf/ECC08/slides/Mike-Scott.pdf
  13. 13.
    Giraud, C., Verneuil, V.: Atomicity improvement for elliptic curve scalar multiplication. Computing Research Repository abs/1002.4, 80–101 (2010). doi: 10.1007/978-3-642-12510-2-7
  14. 14.
    Goundar, R.R., Joye, M., Miyaji, A.: Co-\(Z\) addition formulæ and binary ladders on elliptic curves. In: Mangard, S., Standaert, F.X. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2010. Lecture Notes in Computer Science, vol. 6225, pp. 65–79. Springer, Berlin (2010)Google Scholar
  15. 15.
    Goundar, R.R., Joye, M., Miyaji, A.: Co-\(Z\) addition formulæ and binary ladders on elliptic curves. Cryptology ePrint Archive, Report 2010/309 (2010). http://eprint.iacr.org/
  16. 16.
    Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Vanelli, A.: A scalar multiplication on weierstraß elliptic curves from co-\(z\) arithmetic. J. Cryptogr. Eng. 1(2), 161–176 (2011)CrossRefGoogle Scholar
  17. 17.
    Hutter, M., Joye, M., Sierra, Y.: Memory-constrained implementations of elliptic curve cryptography in co-\(z\) coordinate representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT. Lecture Notes in Computer Science, vol. 6737, pp. 170–187. Springer, Berlin (2011)Google Scholar
  18. 18.
    Izu, T., Möller, B., Takagi, T.: Improved elliptic curve multiplication methods reistant against side-channel attacks. In: Menezes, A., Sarkar, P. (eds.) Progress in Cryptology—INDOCRYPT 2002. Lecture Notes in Computer Science, vol. 2551, pp. 296–313. Springer, Berlin (2002)Google Scholar
  19. 19.
    Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography (PKC 2002). Lecture Notes in Computer Science, vol. 2274, pp. 280–296. Springer, Berlin (2002)Google Scholar
  20. 20.
    Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P. Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007. Lecture Notes in Computer Science, vol. 4727, pp. 135–147. Springer, Berlin (2007)Google Scholar
  21. 21.
    Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski, B.S. Jr., et al. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 291–302. Springer, Berlin (2003)Google Scholar
  22. 22.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. pp. 104–113. Springer, Berlin (1996)Google Scholar
  24. 24.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) Advances in Cryptology—CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Berlin (1999)Google Scholar
  25. 25.
    Longa, P., Gebotys, C.H.: Novel precomputation schemes for elliptic curve cryptosystems. In: Abdalla, M., et al. (eds.) Applied Cryptography and Network Security (ACNS 2009). Lecture Notes in Computer Science, vol. 5536, pp. 71–88. Springer, Berlin (2009)Google Scholar
  26. 26.
    Longa, P., Miri, A.: New composite operations and precomputation for elliptic curve cryptosystems over prime fields. In: Cramer, R. (ed.) Public Key Cryptography—PKC 2008. Lecture Notes in Computer Science, vol. 4939, pp. 229–247. Springer, Berlin (2008)Google Scholar
  27. 27.
    López, J., Dahab, R.: Fast multiplication on elliptic curves over \({GF}(2^m)\) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems (CHES ’99). Lecture Notes in Computer Science, vol. 1717, pp. 316–327. Springer, Berlin (1999)Google Scholar
  28. 28.
    McIvor, C.J., McLoone, M., McCanny, J.V.: Hardware elliptic curve cryptographic processor over GF(\(p\)). IEEE Trans. Circuits Syst. 53, 1946–1957 (2006)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Meloni, N.: New point addition formulæ for ECC applications. In: Carlet, C., Sunar, B. (eds.) Arithmetic of Finite Fields (WAIFI 2007). Lecture Notes in Computer Science, vol. 4547, pp. 189–201. Springer, Berlin (2007)Google Scholar
  30. 30.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Advances in Cryptology—CRYPTO ’85. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Berlin (1985)Google Scholar
  31. 31.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)zbMATHCrossRefGoogle Scholar
  32. 32.
    Montgomery, P.L.: Speeding up the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)zbMATHCrossRefGoogle Scholar
  33. 33.
    NIST: Advanced Encryption Standard (AES) (FIPS-197). National Institute of Standards and Technology (2001)Google Scholar
  34. 34.
    NIST: Recommendation for Key Management-Part 1 (2007)Google Scholar
  35. 35.
    Orlando, G., Paar, C.: A scalable gf(p) elliptic curve processor architecture for programmable hardware. Lect. Notes Comput. Sci. 2162, 348–363 (2001)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Research, C.: Sec 2: Recommended elliptic curve domain, parameters (2000) Google Scholar
  37. 37.
    Rivain, M.: Fast and regular algorithms for scalar multiplication over elliptic curves. Cryptology ePrint Archive, Report 2011/338 (2011). http://eprint.iacr.org/
  38. 38.
    Slla, A.M., Drabek, V.: An efficient list-based scheduling algorithm for high-level synthesis. In: Proceedings of the Euromicro Symposium on Digital Systems Design, pp. 316–323. IEEE Computer Society, New York (2002)Google Scholar
  39. 39.
    Venelli, A., Dassance, F.: Faster side-channel resistant elliptic curve scalar multiplication. Contemp. Math. 521, 29–40 (2010)MathSciNetCrossRefGoogle Scholar
  40. 40.
    Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electron. Lett. 35(21), 1831–1832 (1999)CrossRefGoogle Scholar
  41. 41.
    Xilinx: Microblaze soft processor core. http://www.xilinx.com/tools/microblaze.htm
  42. 42.
    Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)CrossRefGoogle Scholar
  43. 43.
    Yen, S.M., Kim, S., Lim, S., Moon, S.J.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) Information Security and Cryptology—ICISC 2001. Lecture Notes in Computer Science, vol. 2288, pp. 414–427. Springer, Berlin (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Brian Baldwin
    • 1
    Email author
  • Raveen R. Goundar
    • 2
  • Mark Hamilton
    • 1
  • William P. Marnane
    • 1
  1. 1.Department of Electrical and Electronic Engineering, Claude Shannon Institute for Discrete Mathematics, Coding and CryptographyUniversity College CorkCorkIreland
  2. 2.Centro de investigación y de Estudios Avanzados del I.P.N.MexicoMexico

Personalised recommendations