Ultra High Performance ECC over NIST Primes on Commercial FPGAs

  • Tim Güneysu
  • Christof Paar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5154)


Elliptic Curve Cryptosystems (ECC) have gained increasing acceptance in practice due to their significantly smaller bit size of the operands compared to other public-key cryptosystems. Since their computational complexity is often lower than in the case of RSA or discrete logarithm schemes, ECC are often chosen for high performance public-key applications. However, despite a wealth of research regarding high-speed software and high-speed FPGA implementation of ECC since the mid 1990s, providing truly high-performance ECC on readily available (i.e., non-ASIC) platforms remains an open challenge. This holds especially for ECC over prime fields, which are often preferred over binary fields due to standards in Europe and the US.

This work presents a new architecture for an FPGA-based ultra high performance ECC implementation over prime fields. Our architecture makes intensive use of the DSP blocks in modern FPGAs, which are embedded arithmetic units actually intended to accelerate digital signal processing algorithms. We describe a novel architecture and algorithms for performing ECC arithmetic and describe the actual implementation of standard compliant ECC based on the NIST primes P-224 and P-256. We show that ECC on Xilinx’s Virtex-4 SX55 FPGA can be performed at a rate of more than 37,000 point multiplications per second. Our architecture outperforms all single-chip hardware implementations over prime fields in the open literature by a wide margin.


Elliptic Curve Cryptosystems FPGA High-Performance 


  1. 1.
    ANSI X9.62-2005. American National Standard X9.62: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical report, Accredited Standards Committee X9 (2005),
  2. 2.
    Avanzi, R.M., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman & Hall/CRC (2005)Google Scholar
  3. 3.
    Bernstein, D.J.: A software implementation of NIST P-224. In: Presentation at the 5th Workshop on Elliptic Curve Cryptography (ECC 2001), October 29-31, 2001, University of Waterloo (2001),
  4. 4.
    Blum, T., Paar, C.: High radix Montgomery modular exponentiation on reconfigurable hardware. IEEE Transactions on Computers 50(7), 759–764 (2001)CrossRefGoogle Scholar
  5. 5.
    Certicom research. Standards for Efficient Cryptography — SEC 1: Elliptic Curve Cryptography. Version 1.0 (September 2000),
  6. 6.
    Certicom research. Standards for Efficient Cryptography — SEC 1: Recommended Elliptic Curve Domain Parameters. Version 1.0 (September 2000),
  7. 7.
    Daly, A., Marnane, W., Kerins, T., Popovici, E.: An FPGA implementation of a GF(p) ALU for encryption processors. Elsevier - Microprocessors and Microsystems 28(5–6), 253–260 (2004)CrossRefGoogle Scholar
  8. 8.
    de Dormale, G.M., Quisquater, J.-J.: High-speed hardware implementations of elliptic curve cryptography: A survey. J. Syst. Archit. 53(2-3), 72–84 (2007)CrossRefGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Eberle, H., Gura, N., Chang-Shantz, S.: A cryptographic processor for arbitrary elliptic curves over GF(2m). In: Application-Specific Systems, Architectures, and Processors (ASAP), pp. 444–454 (2003)Google Scholar
  11. 11.
    ECRYPT. eBATS: ECRYPT Benchmarking of Asymmetric Systems. Technical report (March 2007),
  12. 12.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Gaudry, P., Thomé, E.: The mp \(\mathbb{F}\)q library and implementing curve-based key exchanges. SPEED: Software Performance Enhancement for Encryption and Decryption, 49–64 (2007)Google Scholar
  14. 14.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2004)zbMATHGoogle Scholar
  15. 15.
    Institute of Electrical and Electronics Engineers. IEEE P1363 Standard Specifications for Public Key Cryptography (2000)Google Scholar
  16. 16.
    Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics—Doklady 7(7), 595–596 (1963)Google Scholar
  17. 17.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14(4), 255–293 (2001)zbMATHMathSciNetGoogle Scholar
  19. 19.
    McIvor, C., McLoone, M., McCanny, J.: An FPGA elliptic curve cryptographic accelerator over GF(p). In: Irish Signals and Systems Conference (ISSC), pp. 589–594 (2004)Google Scholar
  20. 20.
    Miller, V.: Uses of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  21. 21.
    National Institute of Standards and Technology (NIST). Recommended Elliptic Curves for Federal Government Use (July 1999),
  22. 22.
    Orlando, G., Paar, C.: A High-Performance Reconfigurable Elliptic Curve Processor for GF(2m). In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 41–56. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  23. 23.
    Orlando, G., Paar, C.: A scalable GF(p) elliptic curve processor architecture for programmable hardware. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 356–371. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Satoh, A., Takano, K.: A scalable dual-field elliptic curve cryptographic processor. IEEE Transactions Computers 52, 449–460 (2003)CrossRefGoogle Scholar
  25. 25.
    Savas, E., Tenca, A.F., Ciftcibasi, M.E., Koc, C.K.: Multiplier architectures for GF(p) and GF(2n). IEE Proc. Comput. Digit. Tech. 151(2), 147–160 (2004)CrossRefGoogle Scholar
  26. 26.
    Solinas, J.A.: Generalized Mersenne Numbers. Technical report (September 09, 1999)Google Scholar
  27. 27.
    Suzuki, D.: How to maximize the potential of FPGA Resources for Modular Exponentiation. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 272–288. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba Algorithm for Efficient Implementations. Technical report, Ruhr-Universität-Bochum, Germany (2003)Google Scholar
  29. 29.
    Xilinx. Xilinx Virtex 4, 5 and Spartan 3A FPGAs (2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tim Güneysu
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany

Personalised recommendations