Skip to main content

Low-Resource and Fast Binary Edwards Curves Cryptography

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2015 (INDOCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9462))

Included in the following conference series:

Abstract

Elliptic curve cryptography (ECC) is an ideal choice for low-resource applications because it provides the same level of security with smaller key sizes than other existing public key encryption schemes. For low-resource applications, designing efficient functional units for elliptic curve computations over binary fields results in an effective platform for an embedded co-processor. This paper proposes such a co-processor designed for area-constrained devices by utilizing state of the art binary Edwards curve equations over mixed point addition and doubling. The binary Edwards curve offers the security advantage that it is complete and is, therefore, immune to the exceptional points attack. In conjunction with Montgomery Ladder, such a curve is naturally immune to most types of simple power and timing attacks. The recently presented formulas for mixed point addition in [1] were found to be invalid, but were corrected such that the speed and register usage were maintained. We utilize corrected mixed point addition and doubling formulas to achieve a secure, but still fast implementation of a point multiplication on binary Edwards curves. Our synthesis results over NIST recommended fields for ECC indicate that the proposed co-processor requires about 50 % fewer clock cycles for point multiplication and occupies a similar silicon area when compared to the most recent in literature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://github.com/briankoziel/BEC_Small.

References

  1. Kim, K., Lee, C., Negre, C.: Binary edwards curves revisited. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 393–408. Springer, Heidelberg (2014)

    Google Scholar 

  2. Hankerson, D.R., Vanstone, S.A., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York Inc., New York (2004)

    MATH  Google Scholar 

  3. U.S. Department of Commerce/NIST: National Institute of Standards and Technology. Digital Signature Standard, FIPS Publications 186–2, January 2000

    Google Scholar 

  4. IEEE Std 1363–2000: IEEE Standard Specifications for Public-Key Cryptography, January 2000

    Google Scholar 

  5. Wenger, E., Hutter, M.: Exploring the design space of prime field vs. binary field ECC-hardware implementations. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 256–271. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Azarderakhsh, R., Jarvinen, K.U., Mozaffari Kermani, M.: Efficient algorithm and architecture for elliptic curve cryptography for extremely constrained secure applications. IEEE Trans. Circuits Syst. 61(4), 1144–1155 (2014)

    Article  Google Scholar 

  7. Roy, S.S., Jarvinen, K., Verbauwhede, I.: Lightweight coprocessor for Koblitz curves: 283-bit ECC including scalar conversion with only 4300 gates. Cryptology ePrint Archive, Report 2015/556 (2015). http://eprint.iacr.org/

  8. Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-curve-based security processor for RFID. IEEE Trans. Comput. 57(11), 1514–1527 (2008)

    Article  MathSciNet  Google Scholar 

  9. Kocabas, U., Fan, J., Verbauwhede, I.: Implementation of binary edwards curves for very-constrained devices. In: Proceedings of 21st International Conference on Application-Specific Systems Architectures and Processors (ASAP 2010), pp. 185–191 (2010)

    Google Scholar 

  10. Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary edwards curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)

    Article  MATH  Google Scholar 

  12. Lopez, J., Dahab, R.: Fast multiplication on elliptic curves over \({GF}(2^m)\) without precomputation. In: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 1999), pp. 316–327 (1999)

    Google Scholar 

  13. Farashahi, R.R., Joye, M.: Efficient arithmetic on Hessian curves. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 243–260. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Azarderakhsh, R., Reyhani-Masoleh, A.: Efficient FPGA implementations of point multiplication on binary Edwards and generalized Hessian curves using Gaussian normal basis. IEEE Trans. Very Large Scale Integr. Syst. 20(8), 1453–1466 (2012)

    Article  Google Scholar 

  15. Lee, Y.K., Verbauwhede, I.: A compact architecture for montgomery elliptic curve scalar multiplication processor. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 115–127. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Izu, T., Takagi, T.: Exceptional procedure attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Azarderakhsh, R., Jao, D., Lee, H.: Common subexpression algorithms for space-complexity reduction of Gaussian normal basis multiplication. IEEE Trans. Inf. Theory 61(5), 2357–2369 (2015)

    Article  MathSciNet  Google Scholar 

  19. Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \({GF}(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  20. Wenger, E., Hutter, M.: A hardware processor supporting elliptic curve cryptography for less than 9 kGEs. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 182–198. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Pessl, P., Hutter, M.: Curved tags — a low-resource ECDSA implementation tailored for RFID. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 156–172. Springer, Heidelberg (2014)

    Google Scholar 

  22. Wenger, E.: Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 290–306. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  23. Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)

    Book  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the reviewers for their constructive comments. This material is based upon work supported by the National Science Foundation under Award No. CNS-1464118 to Reza Azarderakhsh.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Brian Koziel .

Editor information

Editors and Affiliations

A Appendix

A Appendix

1.1 A.1 Subroutines

This contains a code listing of the program in assembly.

Algorithm 3 shows the Itoh-Tsujii [19] inversion subroutine for \(\mathbb {F}_{2^{283}}\). This follows the addition chain (1,2,4,8,16,17,34,35,70,140,141,282). Eleven multiplications are required for this binary field. A similar approach was done for \(\mathbb {F}_{2^{163}}\) and \(\mathbb {F}_{2^{233}}\).

figure c
figure d

Algorithm 4 shows the half-trace subroutine. This is a simple double square and add routine that produces the result after \(\frac{m-1}{2}\) iterations.

Algorithm 5 shows the beginning of the main program that was used. This includes the initialization of the point and the repeated step of the Montgomery ladder [11].

figure e

Algorithm 6 shows the end of the main program that was used. This includes the recovery of \(w_{2},w_{3},x_{2},y_{2}\).

figure f

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M. (2015). Low-Resource and Fast Binary Edwards Curves Cryptography. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26617-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26616-9

  • Online ISBN: 978-3-319-26617-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics