How to Use Koblitz Curves on Small Devices?
Koblitz curves allow very efficient scalar multiplications because point doublings can be traded for cheap Frobenius endomorphisms by representing the scalar as a \(\tau \)-adic expansion. Typically elliptic curve cryptosystems, such as ECDSA, also require the scalar as an integer. This results in a need for conversions between integers and the \(\tau \)-adic domain, which are costly and prevent from using Koblitz curves on very constrained devices, such as RFID tags or wireless sensors. In this paper, we provide a solution to this problem by showing how complete cryptographic processes, such as ECDSA signing, can be completed in the \(\tau \)-adic domain with very few resources, consequently outsourcing the expensive conversions to a more powerful party. We also provide small circuitries that require about 76 gate equivalents on 0.13 \(\upmu \)m CMOS and that are applicable for all Koblitz curves.
KeywordsElliptic Curve Clock Cycle Scalar Multiplication Finite State Machine Point Doubling
We would like to thank the anonymous reviewers for their valuable comments and improvement suggestions. The work was partly funded by KU Leuven under GOA TENSE (GOA/11/007) and the F+ fellowship (F+/13/039) and by the Hercules Foundation (AKUL/11/19).
- 10.Järvinen, K., Forsten, J., Skyttä, J.: Efficient circuitry for computing \(\tau \)-adic non-adjacent form. In: Proceedings of the 13th IEEE International Conference on Electronics, Circuits and Systems – ICECS 2006, pp. 232–235. IEEE (2006)Google Scholar
- 11.Joye, M., Tymen, C.: Compact encoding of non-adjacent forms with applications to elliptic curve cryptography. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 353–364. Springer, Heidelberg (2001)Google Scholar
- 13.Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992) Google Scholar
- 14.Koçabas, Ü., Fan, J., Verbauwhede, I.: Implementation of binary edwards curves for very-constrained devices. In: Proceedings of the 21st IEEE International Conference on Application-specific Systems Architectures and Processors – ASAP 2010, pp. 185–191. IEEE (2010)Google Scholar
- 17.Meier, W., Staffelbach, O.: Efficient multiplication on certain nonsupersingular elliptic curves. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 333–344. Springer, Heidelberg (1993) Google Scholar
- 18.Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986) Google Scholar
- 20.Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved? In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995) Google Scholar
- 21.National Institute of Standards and Technology (NIST): Digital signature standard (DSS). Federal Information Processing Standard, FIPS PUB 186–4 (July 2013)Google Scholar
- 23.Sinha Roy, S., Fan, J., Verbauwhede, I.: Accelerating scalar conversion for Koblitz curve cryptoprocessors on hardware platforms. In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems (to appear)Google Scholar
- 26.Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of Design, Automation and Test in Europe Conference and Exhibition – DATE 2004, vol. 1, pp. 246–251. IEEE (2004)Google Scholar
- 27.Vuillaume, C., Okeya, K., Takagi, T.: Defeating simple power analysis on Koblitz curves. In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E89-A(5), pp. 1362–1369 (May 2006)Google Scholar