Multi-precision Squaring for Public-Key Cryptography on Embedded Microprocessors
In the paper, we revisit the “Lazy Doubling” (LD) method for multi-precision squaring, which reduces the number of addition operations by deferring the doubling process so that it can be performed on accumulated results. The original LD method has to employ carry-catcher registers to store carry values, which reduces the number of general purpose registers available for optimization of the implementation. Furthermore, the LD method adopts the idea of hybrid multiplication to separate the partial products into several product blocks, which prevents the doubling process to be conducted on fully accumulated intermediate results. To overcome these deficiencies of the LD method and improve the performance of multi-precision squaring, we propose a novel and flexible method named “Sliding Block Doubling” (SBD). The SBD method delays the doubling process till the very end of the partial-product computation and then doubles the result by simply shifting it one bit to the left. In order to further reduce the overhead of doubling, we also optimize the execution process for updating carry values and adopt the product-scanning method for efficient computation of the partial products. Our experimental results on an AVR ATmega128 processor show that the SBD method outperforms state-of-the-art implementations by a factor of between 3.5% and 4.4% for operands ranging from 128 bits to 192 bits.
KeywordsClock Cycle Intermediate Result Partial Product Scanning Method Elliptic Curve Cryptosystems
Unable to display preview. Download preview PDF.
- 1.Atmel Corporation. ATmega128(L) Datasheet (Rev. 2467O–AVR–10/06) (October 2006), http://www.atmel.com/dyn/resources/prod_documents/doc2467.pdf
- 5.Hsieh, P.Y., Laih, C.S.: An exception handling model and its application to the multiple-precision integer library. Ph.D. Thesis, Master of Science, Japan (December 2003)Google Scholar
- 9.Liu, Z., Großschädl, J., Kizhvatov, I.: Efficient and side-channel resistant RSA implementation for 8-bit AVR microcontrollers. In: Proceedings of the 1st International Workshop on the Security of the Internet of Things (SECIOT 2010). IEEE Computer Society Press (2010), https://www.nics.uma.es/seciot10/files/pdf/liu_seciot10_paper.pdf
- 10.Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press Series on Discrete Mathematics and Its Applications. CRC Press (1996)Google Scholar
- 11.Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
- 13.Scott, M., Szczechowiak, P.: Optimizing multiprecision multiplication for public key cryptography. Cryptology ePrint Archive, Report 2007/299 (2007) Available for download, http://eprint.iacr.org
- 17.Zhang, Y., Großschädl, J.: Efficient prime-field arithmetic for elliptic curve cryptography on wireless sensor nodes. In: Proceedings of the 1st International Conference on Computer Science and Network Technology, ICCSNT 2011, pp. 459–466. IEEE (2011)Google Scholar