Abstract
Elliptic curve cryptography (ECC) is an ideal choice for low-resource applications because it provides the same level of security with smaller key sizes than other existing public key encryption schemes. For low-resource applications, designing efficient functional units for elliptic curve computations over binary fields results in an effective platform for an embedded co-processor. This paper proposes such a co-processor designed for area-constrained devices by utilizing state of the art binary Edwards curve equations over mixed point addition and doubling. The binary Edwards curve offers the security advantage that it is complete and is, therefore, immune to the exceptional points attack. In conjunction with Montgomery Ladder, such a curve is naturally immune to most types of simple power and timing attacks. The recently presented formulas for mixed point addition in [1] were found to be invalid, but were corrected such that the speed and register usage were maintained. We utilize corrected mixed point addition and doubling formulas to achieve a secure, but still fast implementation of a point multiplication on binary Edwards curves. Our synthesis results over NIST recommended fields for ECC indicate that the proposed co-processor requires about 50 % fewer clock cycles for point multiplication and occupies a similar silicon area when compared to the most recent in literature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kim, K., Lee, C., Negre, C.: Binary edwards curves revisited. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 393–408. Springer, Heidelberg (2014)
Hankerson, D.R., Vanstone, S.A., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York Inc., New York (2004)
U.S. Department of Commerce/NIST: National Institute of Standards and Technology. Digital Signature Standard, FIPS Publications 186–2, January 2000
IEEE Std 1363–2000: IEEE Standard Specifications for Public-Key Cryptography, January 2000
Wenger, E., Hutter, M.: Exploring the design space of prime field vs. binary field ECC-hardware implementations. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 256–271. Springer, Heidelberg (2012)
Azarderakhsh, R., Jarvinen, K.U., Mozaffari Kermani, M.: Efficient algorithm and architecture for elliptic curve cryptography for extremely constrained secure applications. IEEE Trans. Circuits Syst. 61(4), 1144–1155 (2014)
Roy, S.S., Jarvinen, K., Verbauwhede, I.: Lightweight coprocessor for Koblitz curves: 283-bit ECC including scalar conversion with only 4300 gates. Cryptology ePrint Archive, Report 2015/556 (2015). http://eprint.iacr.org/
Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-curve-based security processor for RFID. IEEE Trans. Comput. 57(11), 1514–1527 (2008)
Kocabas, U., Fan, J., Verbauwhede, I.: Implementation of binary edwards curves for very-constrained devices. In: Proceedings of 21st International Conference on Application-Specific Systems Architectures and Processors (ASAP 2010), pp. 185–191 (2010)
Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary edwards curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008)
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)
Lopez, J., Dahab, R.: Fast multiplication on elliptic curves over \({GF}(2^m)\) without precomputation. In: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 1999), pp. 316–327 (1999)
Farashahi, R.R., Joye, M.: Efficient arithmetic on Hessian curves. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 243–260. Springer, Heidelberg (2010)
Azarderakhsh, R., Reyhani-Masoleh, A.: Efficient FPGA implementations of point multiplication on binary Edwards and generalized Hessian curves using Gaussian normal basis. IEEE Trans. Very Large Scale Integr. Syst. 20(8), 1453–1466 (2012)
Lee, Y.K., Verbauwhede, I.: A compact architecture for montgomery elliptic curve scalar multiplication processor. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 115–127. Springer, Heidelberg (2008)
Izu, T., Takagi, T.: Exceptional procedure attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2002)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Azarderakhsh, R., Jao, D., Lee, H.: Common subexpression algorithms for space-complexity reduction of Gaussian normal basis multiplication. IEEE Trans. Inf. Theory 61(5), 2357–2369 (2015)
Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \({GF}(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)
Wenger, E., Hutter, M.: A hardware processor supporting elliptic curve cryptography for less than 9 kGEs. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 182–198. Springer, Heidelberg (2011)
Pessl, P., Hutter, M.: Curved tags — a low-resource ECDSA implementation tailored for RFID. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 156–172. Springer, Heidelberg (2014)
Wenger, E.: Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 290–306. Springer, Heidelberg (2013)
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Acknowledgements
The authors would like to thank the reviewers for their constructive comments. This material is based upon work supported by the National Science Foundation under Award No. CNS-1464118 to Reza Azarderakhsh.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Subroutines
This contains a code listing of the program in assembly.
Algorithm 3 shows the Itoh-Tsujii [19] inversion subroutine for \(\mathbb {F}_{2^{283}}\). This follows the addition chain (1,2,4,8,16,17,34,35,70,140,141,282). Eleven multiplications are required for this binary field. A similar approach was done for \(\mathbb {F}_{2^{163}}\) and \(\mathbb {F}_{2^{233}}\).
Algorithm 4 shows the half-trace subroutine. This is a simple double square and add routine that produces the result after \(\frac{m-1}{2}\) iterations.
Algorithm 5 shows the beginning of the main program that was used. This includes the initialization of the point and the repeated step of the Montgomery ladder [11].
Algorithm 6 shows the end of the main program that was used. This includes the recovery of \(w_{2},w_{3},x_{2},y_{2}\).
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M. (2015). Low-Resource and Fast Binary Edwards Curves Cryptography. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-26617-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26616-9
Online ISBN: 978-3-319-26617-6
eBook Packages: Computer ScienceComputer Science (R0)