Advertisement

Journal of Cryptographic Engineering

, Volume 8, Issue 4, pp 285–300 | Cite as

Arithmetic of \(\tau \)-adic expansions for lightweight Koblitz curve cryptography

  • Kimmo Järvinen
  • Sujoy Sinha Roy
  • Ingrid Verbauwhede
Regular Paper

Abstract

Koblitz curves allow very efficient elliptic curve cryptography. The reason is that one can trade expensive point doublings to cheap Frobenius endomorphisms by representing the scalar as a \(\tau \)-adic expansion. Typically elliptic curve cryptosystems, such as ECDSA, also require the scalar as an integer. This results in a need for conversions between integers and the \(\tau \)-adic domain, which are costly and hinder the use of Koblitz curves on very constrained devices, such as RFID tags, wireless sensors, or certain applications of the Internet of things. We provide solutions to this problem by showing how complete cryptographic processes, such as ECDSA signing, can be completed in the \(\tau \)-adic domain with very few resources. This allows outsourcing conversions to a more powerful party. We provide several algorithms for performing arithmetic operations in the \(\tau \)-adic domain. In particular, we introduce a new representation allowing more efficient and secure computations compared to the algorithms available in the preliminary version of this work from CARDIS 2014. We also provide datapath extensions with different speed and side-channel resistance properties that require areas from less than one hundred to a few hundred gate equivalents on 0.13-\(\upmu \)m CMOS. These extensions are applicable for all Koblitz curves.

Keywords

Elliptic curve cryptography Koblitz curves Lightweight cryptography ECDSA 

Notes

Acknowledgements

This work was done when K. Järvinen was an FWO Pegasus Marie Curie Fellow. S. Sinha Roy was supported by the Erasmus Mundus PhD Scholarship. The work was partly funded by KU Leuven under GOA TENSE (GOA/11/007) and the F+ fellowship (F+/13/039) and by the Hercules Foundation (AKUL/11/19). We thank one of the anonymous reviewers of a preliminary version of this paper for pointing out the option of Remark 5.

References

  1. 1.
    Adikari, J., Dimitrov, V., Järvinen, K.: A fast hardware architecture for integer to \(\tau \)NAF conversion for Koblitz curves. IEEE Trans. Comput. 61(5), 732–737 (2012)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Ahmadi, O., Hankerson, D., Rodríguez-Henríquez, F.: Parallel formulations of scalar multiplication on Koblitz curves. J. Univ. Comput. Sci. 14(3), 481–504 (2008)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Aranha, D.F., Faz-Hernández, A., López, J., Rodríguez-Henríquez, F.: Faster implementation of scalar multiplication on Koblitz curves. In: Progress in Cryptology (LATINCRYPT 2012), LNCS, vol. 7533, pp. 177–193. Springer, Berlin (2012)CrossRefGoogle Scholar
  4. 4.
    Azarderakhsh, R., Järvinen, K.U., Mozaffari-Kermani, M.: Efficient algorithm and architecture for elliptic curve cryptography for extremely constrained secure applications. IEEE Trans. Circuits Syst. I Reg. Pap. 61(4), 1144–1155 (2014)CrossRefGoogle Scholar
  5. 5.
    Azarderakhsh, R., Reyhani-Masoleh, A.: High-performance implementation of point multiplication on Koblitz curves. IEEE Trans. Circuits Syst. II 60(1), 41–45 (2013)CrossRefGoogle Scholar
  6. 6.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-cost elliptic curve cryptography for wireless sensor networks. In: Proceedings of 3rd European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS 2006). LNCS, vol. 4357, pp. 6–17 (2006)Google Scholar
  7. 7.
    Bauer, A., Jaulmes, E., Prouff, E., Reinhard, J.R., Wild, J.: Horizontal collision correlation attack on elliptic curves. Cryptogr. Commun. 7(1), 91–119 (2015)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Benits, Jr., W.D., Galbraith, S.D.: The GPS identification scheme using Frobenius expansions. In: Western European Workshop Research in Cryptology (WEWoRC’07). LNCS, vol. 4945, pp. 13–27 (2008)Google Scholar
  9. 9.
    Brumley, B.B., Järvinen, K.: Koblitz curves and integer equivalents of Frobenius expansions. In: Selected Areas in Cryptography (SAC 2007). LNCS, vol. 4876, pp. 126–137 (2007)Google Scholar
  10. 10.
    Brumley, B.B., Järvinen, K.U.: Conversion algorithms and implementations for Koblitz curve cryptography. IEEE Trans. Comput. 59(1), 81–92 (2010)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Cinnati Loi, K.C., An, S., Ko, S.B.: FPGA implementation of low latency scalable elliptic curve cryptosystem processor in \(GF(2^m)\). In: IEEE International Symposium on Circuits and Systems (ISCAS 2014), pp. 822–825. IEEE (2014)Google Scholar
  12. 12.
    Cinnati Loi, K.C., Ko, S.B.: High performance scalable elliptic curve cryptosystem processor for Koblitz curves. Microproc. Microsyst. 37(4), 394–406 (2013)Google Scholar
  13. 13.
    De Clercq, R., Uhsadel, L., Van Herrewege, A., Verbauwhede, I.: Ultra low-power implementation of ECC on the ARM Cortex-M0+. In: Design Automation Conference (DAC 2014), pp. 1–6. ACM, New York (2014)Google Scholar
  14. 14.
    Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: Cryptographic Hardware and Embedded Systems (CHES 2000). LNCS, vol. 1965, pp. 1–24. Springer (2000)Google Scholar
  15. 15.
    Hanley, N., Kim, H., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. In: Topics in Cryptology—CT-RSA 2015. Lecture Notes in Computer Science, vol. 9048, pp. 431–448. Springer, Berlin (2015)zbMATHGoogle Scholar
  16. 16.
    Hanser, C., Wagner, C.: Speeding up the fixed-base comb method for faster scalar multiplication on Koblitz curves. In: Modern Cryptography and Security Engineering (MoCrySEn 2013), LNCS, vol. 8128, pp. 168–179. Springer, Berlin (2013)CrossRefGoogle Scholar
  17. 17.
    Hein, D.M., Wolkerstorfer, J., Felber, N.: ECC is ready for RFID: a proof in silicon. In: Selected Areas in Cryptography (SAC 2008). LNCS, vol. 5381, pp. 401–413 (2009)CrossRefGoogle Scholar
  18. 18.
    Järvinen, K.: Optimized FPGA-based elliptic curve cryptography processor for high-speed applications. Integration 44(4), 270–279 (2011)CrossRefGoogle Scholar
  19. 19.
    Järvinen, K., Forsten, J., Skyttä, J.: Efficient circuitry for computing \(\tau \)-adic non-adjacent form. In: Proceedings of 13th IEEE International Conference on Electronics, Circuits and Systems (ICECS 2006), pp. 232–235 (2006)Google Scholar
  20. 20.
    Järvinen, K., Verbauwhede, I.: How to use Koblitz curves on small devices? In: Smart Card Research and Advanced Application Conference (CARDIS 2014). LNCS, vol. 8968, pp. 154–170 (2015)Google Scholar
  21. 21.
    Joye, M., Tymen, C.: Compact encoding of non-adjacent forms with applications to elliptic curve cryptography. In: Public Key Cryptography (PKC 2001). LNCS, vol. 1992, pp. 353–364 (2001)CrossRefGoogle Scholar
  22. 22.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Koblitz, N.: CM-curves with good cryptographic properties. In: CRYPTO ’91. LNCS, vol. 576, pp. 279–287 (1991)Google Scholar
  24. 24.
    Koçabas, Ü., Fan, J., Verbauwhede, I.: Implementation of binary Edwards curves for very-constrained devices. In: Proceedings of 21st IEEE International Conference on Application-Specific Systems Architectures and Processors (ASAP 2010), pp. 185–191 (2010)Google Scholar
  25. 25.
    Lange, T.: Koblitz curve cryptosystems. Finite Fields Appl. 11, 200–229 (2005)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-curve-based security processor for RFID. IEEE Trans. Comput. 57(11), 1514–1527 (2008)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Lutz, J., Hasan, A.: High performance FPGA based elliptic curve cryptographic co-processor. In: International Conference on Information Technology: Coding and Computing (ITCC 2004), vol. 2, pp. 486–492. IEEE (2004)Google Scholar
  28. 28.
    Meier, W., Staffelbach, O.: Efficient multiplication on certain nonsupersingular elliptic curves. In: CRYPTO ’92. LNCS, vol. 740, pp. 333–344 (1993)Google Scholar
  29. 29.
    Miller, V.S.: Use of elliptic curves in cryptography. In: CRYPTO ’85. LNCS, vol. 218, pp. 417–426 (1986)Google Scholar
  30. 30.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved? Complexity trade-offs with the digital signature algorithm. In: EUROCRYPT ’94. LNCS, vol. 950, pp. 77–85 (1994)Google Scholar
  32. 32.
    National Institute of Standards and Technology (NIST): Digital signature standard (DSS). FIPS PUB 186-4 (2013)Google Scholar
  33. 33.
    Okada, S., Torii, N., Itoh, K., Takenaka, M.: Implementation of elliptic curve cryptographic coprocessor over \(GF(2^m)\) on an FPGA. In: Cryptographic Hardware and Embedded Systems (CHES 2000), LNCS, vol. 1965, pp. 25–40. Springer, Berlin (2000)Google Scholar
  34. 34.
    Okeya, K., Takagi, T., Vuillaume, C.: Efficient representations on Koblitz curves with resistance to side channel attacks. In: Proceedings of 10th Australasian Conference on Information Security and Privacy (ACISP 2005). LNCS, vol. 3574, pp. 218–229 (2005)CrossRefGoogle Scholar
  35. 35.
    Oren, Y., Feldhofer, M.: A low-resource public-key identification scheme for RFID tags and sensor nodes. In: ACM Conference on Wireless Network Security (WiSec’09), pp. 59–68. ACM (2009)Google Scholar
  36. 36.
    Secunet Security Networks AG: Elliptic curve cryptography “Made in Germany”. Press release (2014). https://www.secunet.com/fileadmin/user_upload/Presse/Pressemitteilungen/Pressemitteilungen_EN/Pressemitteilungen_2014_EN/140625_PI_ECC_EN.pdf. Retrieved 21 Feb 2017
  37. 37.
    Sinha Roy, S., Fan, J., Verbauwhede, I.: Accelerating scalar conversion for Koblitz curve cryptoprocessors on hardware platforms. IEEE Trans. VLSI Syst. 23(5), 810–818 (2015)CrossRefGoogle Scholar
  38. 38.
    Sinha Roy, S., Järvinen, K., Verbauwhede, I.: Lightweight coprocessor for Koblitz curves: 283-bit ECC including scalar conversion with only 4.3 kGE. In: Cryptographic Hardware and Embedded Systems (CHES 2015). LNCS, vol. 9293, pp. 102–122 (2015)Google Scholar
  39. 39.
    Solinas, J.A.: Efficient arithmetic on Koblitz curves. Des. Code Cryptogr. 19(2–3), 195–249 (2000)MathSciNetCrossRefGoogle Scholar
  40. 40.
    Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction. J. Cryptogr. Eng. 1(3), 187–199 (2011)CrossRefGoogle Scholar
  41. 41.
    Vuillaume, C., Okeya, K., Takagi, T.: Defeating simple power analysis on Koblitz curves. IEICE Trans. Fund. Elect. E89–A(5), 1362–1369 (2006)CrossRefGoogle Scholar
  42. 42.
    Weimerskirch, A., Stebila, D., Shantz, S.C.: Generic \(GF(2^m)\) arithmetic in software and its application to ECC. In: Australasian Conference on Information Security and Privacy (ACISP 2003). LNCS, vol. 2727, pp. 79–92. Springer, Berlin (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Kimmo Järvinen
    • 1
  • Sujoy Sinha Roy
    • 2
  • Ingrid Verbauwhede
    • 2
  1. 1.Department of Computer ScienceUniversity of HelsinkiHelsinkiFinland
  2. 2.KU Leuven ESAT/COSIC and imecLeuven-HeverleeBelgium

Personalised recommendations