Full-Custom VLSI Design of a Unified Multiplier for Elliptic Curve Cryptography on RFID Tags

  • Johann Großschädl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


The question of whether elliptic curve cryptography (ECC) can be implemented efficiently enough to meet the strict power and area constraints of passive RFID tags has received considerable attention in recent years. While numerous algorithmic and architectural approaches for reducing the footprint of ECC hardware have been investigated, the potential of full-custom VLSI design is still completely unexplored. In this paper we present the design of a radix-2 and a radix-4 version of a unified (16 ×16)-bit multiplier with a 40-bit accumulator that provides all the arithmetic functionality needed to perform ECC over prime and binary fields. The term ”unified” means that our multiply/accumulate (MAC) unit uses the same datapath for the multiplication of integers as well as binary polynomials. We designed a full-custom layout of both the radix-2 and the radix-4 multiplier on basis of a conventional array architecture. Simulation of netlists showed a power saving of 22% and an energy-delay advantage of 48% for the radix-4 multiplier compared to the radix-2 version. The multiplication of binary polynomials consumes about 39% less power than integer multiplication.


Partial Product Full Adder Array Multiplier Polynomial Mode Integer Mode 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Au, L.S., Burgess, N.: A (4:2) adder for unified GF(p) and GF(2n) Galois field multipliers. In: Conference Record of the 36th Asilomar Conference on Signals, Systems, and Computers, vol. 2, pp. 1619–1623. IEEE, Los Alamitos (November 2002)Google Scholar
  2. 2.
    Avoine, G.: Scalability issues in privacy-compliant RFID protocols. In: Kitsos, P., Zhang, Y. (eds.) RFID Security: Techniques, Protocols and System-On-Chip Design, ch. 9, pp. 191–228. Springer, Heidelberg (2008)Google Scholar
  3. 3.
    Bisdounis, L., Gouvetas, D., Koufopavlou, O.: Circuit techniques for reducing power consumption in adders and multipliers. In: Soudris, D., Piguet, C., Goutis, C. (eds.) Designing CMOS Circuits for Low Power, ch. 5, pp. 71–96. Kluwer Academic Publishers, Dordrecht (2002)Google Scholar
  4. 4.
    Bock, H., Braun, M., Dichtl, M., Heyszl, J., Hess, E., Kargl, W., Koroschetz, H., Meyer, B., Seuschek, H.: A milestone towards RFID products offering asymmetric authentication based on elliptic curve cryptography. In: Proceedings of the 4th Workshop on RFID Security (RFIDSec 2008), Budapest, Hungary (June 2008)Google Scholar
  5. 5.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.H.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Callaway, T.K., Swartzlander, E.E.: Power-delay characteristics of CMOS multipliers. In: Proceedings of the 13th IEEE Symposium on Computer Arithmetic (ARITH 1997), pp. 26–32. IEEE Computer Society Press, Los Alamitos (July 1997)CrossRefGoogle Scholar
  7. 7.
    Chang, A., Dally, W.J.: Explaining the gap between ASIC and custom power: A custom perspective. In: Proceedings of the 42nd Design Automation Conference (DAC 2005), pp. 281–284. ACM Press, New York (June 2005)Google Scholar
  8. 8.
    Dally, W.J., Chang, A.: The role of custom design in ASIC chips. In: Proceedings of the 37th Design Automation Conference (DAC 2000), pp. 643–647. ACM Press, New York (June 2000)CrossRefGoogle Scholar
  9. 9.
    Drescher, W., Bachmann, K., Fettweis, G.: VLSI architecture for datapath integration of arithmetic over GF(2m) on digital signal processors. In: Proceedings of the 22nd IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP 1997), Munich, Germany, vol. 1, pp. 631–634 (April 1997)Google Scholar
  10. 10.
    Fan, J., Batina, L., Verbauwhede, I.: Implementation of hyperelliptic curve cryptography using a unified multiplier and inverter. Tech. rep., ESAT/COSIC, Katholieke Universiteit Leuven, Leuven-Heverlee, Belgium (July 2009),
  11. 11.
    Fan, J., Batina, L., Verbauwhede, I.: Light-weight implementation options for curve-based cryptography: HECC is also ready for RFID. In: Proceedings of the 4th International Conference for Internet Technology and Secured Transactions (ICITST 2009), pp. 845–850. IEEE, Los Alamitos (2009)Google Scholar
  12. 12.
    Fürbass, F., Wolkerstorfer, J.: ECC processor with low die size for RFID applications. In: Proceedings of the 40th IEEE International Symposium on Circuits and Systems (ISCAS 2007), pp. 1835–1838. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  13. 13.
    Garcia, J.E., Schulte, M.J.: A combined 16-bit binary and dual Galois field multiplier. In: Proceedings of the 16th IEEE Workshop on Signal Processing Systems (SIPS 2002), pp. 63–68. IEEE, New York (October 2002)Google Scholar
  14. 14.
    Großschädl, J.: A low-power bit-serial multiplier for finite fields GF(2m). In: Proceedings of the 34th IEEE International Symposium on Circuits and Systems (ISCAS 2001), vol. IV, pp. 37–40. IEEE, Los Alamitos (May 2001)Google Scholar
  15. 15.
    Großschädl, J.: A unified radix-4 partial product generator for integers and binary polynomials. In: Proceedings of the 35th IEEE International Symposium on Circuits and Systems (ISCAS 2002), vol. III, pp. 567–570. IEEE, Los Alamitos (May 2002)Google Scholar
  16. 16.
    Großschädl, J., Kamendje, G.A.: Instruction set extension for fast elliptic curve cryptography over binary finite fields GF(2m). In: Deprettere, E., Bhattacharyya, S., Cavallaro, J., Darte, A., Thiele, L. (eds.) Proceedings of the 14th IEEE International Conference on Application-specific Systems, Architectures and Processors (ASAP 2003), pp. 455–468. IEEE Computer Society Press, Los Alamitos (June 2003)Google Scholar
  17. 17.
    Großschädl, J., Kamendje, G.A.: Low-power design of a functional unit for arithmetic in finite fields GF(p) and GF(2m). In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 227–243. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  19. 19.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC is ready for RFID — A proof in silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Juels, A.: RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Kaya, S.V., Savaş, E., Levi, A., Erçetin, Ö.: Privacy-aware multi-context RFID infrastructure using public key cryptography. In: Akyildiz, I.F., Sivakumar, R., Ekici, E., de Oliveira, J.C., McNair, J. (eds.) NETWORKING 2007. LNCS, vol. 4479, pp. 263–274. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Kobayashi, K., Takagi, N., Takagi, K.: An algorithm for inversion in GF(2m) suitable for implementation using a polynomial multiply instruction on GF(2). In: Proceedings of 18th IEEE Symposium on Computer Arithmetic (ARITH 2007), pp. 105–112. IEEE Computer Society Press, Los Alamitos (June 2007)CrossRefGoogle Scholar
  23. 23.
    Lee, H., Sobelman, G.E.: New low-voltage circuits for XOR and XNOR. In: Proceedings of IEEE SouthEastCon 1997, pp. 225–229. IEEE, Los Alamitos (April 1997)Google Scholar
  24. 24.
    Lee, Y.K., Batina, L., Sakiyama, K., Verbauwhede, I.: Elliptic curve based security processor for RFID. IEEE Transactions on Computers 57(11), 1514–1527 (2008)CrossRefMathSciNetGoogle Scholar
  25. 25.
    MacSorley, O.L.: High-speed arithmetic in binary computers. Proceedings of the IRE 49(1), 67–91 (1961)CrossRefMathSciNetGoogle Scholar
  26. 26.
    Meier, P.C., Rutenbar, R.A., Carley, L.R.: Exploring multiplier architecture and layout for low power. In: Proceedings of the 18th IEEE Custom Integrated Circuits Conference (CICC 1996), pp. 513–516. IEEE, Los Alamitos (May 1996)Google Scholar
  27. 27.
    Mekhallalati, M.C., Ashur, A.S., Ibrahim, M.K.: Novel radix finite field multiplier for GF(2m). Journal of VLSI Signal Processing 15(3), 233–245 (1997)CrossRefGoogle Scholar
  28. 28.
    Oklobdžija, V.G.: Design and analysis of fast carry-propagate adder under non-equal input signal arrival profile. In: Conference Record of the 28th Asilomar Conference on Signals, Systems, and Computers, vol. 2, pp. 1398–1401. IEEE, Los Alamitos (October 1994)Google Scholar
  29. 29.
    Oren, Y., Feldhofer, M.: A low-resource public-key identification scheme for RFID tags and sensor nodes. In: Basin, D.A., Capkun, S., Lee, W. (eds.) Proceedings of the 2nd ACM Conference on Wireless Network Security (WISEC 2009), pp. 59–68. ACM Press, New York (2009)CrossRefGoogle Scholar
  30. 30.
    Poschmann, A., Robshaw, M.J., Vater, F., Paar, C.: Lightweight cryptography and RFID: Tackling the hidden overheads. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 129–145. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-lightweight implementations for smart devices – Security for 1000 gate equivalents. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89–103. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Sakiyama, K.: Secure Design Methodology and Implementation for Embedded Public-Key Cryptosystems. Ph.D. Thesis, Katholieke Universiteit Leuven, Leuven-Heverlee, Belgium (December 2007)Google Scholar
  33. 33.
    Satoh, A., Takano, K.: A scalable dual-field elliptic curve cryptographic processor. IEEE Transactions on Computers 52(4), 449–460 (2003)CrossRefGoogle Scholar
  34. 34.
    Sava, E., Tenca, A.F., Koç, Ç.K.: A scalable and unified multiplier architecture for finite fields GF(p) and GF(2m). In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 277–292. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  35. 35.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. 36.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) SPC 2003. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  37. 37.
    Weste, N.H., Eshraghian, K.: Principles of CMOS VLSI Design: A Systems Perspective, 2nd edn. Addison-Wesley, Reading (1993)Google Scholar
  38. 38.
    Wolkerstorfer, J.: Is elliptic-curve cryptography suitable to secure RFID tags? In: Proceedings of the ECRYPT Workshop RFID and Lightweight Crypto, Graz, Austria, pp. 78–91 (July 2005)Google Scholar
  39. 39.
    Zimmermann, R., Fichtner, W.: Low-power logic styles: CMOS versus pass-transistor logic. IEEE Journal of Solid-State Circuits 32(7), 1079–1090 (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Johann Großschädl
    • 1
    • 2
  1. 1.Laboratory of Algorithmics, Cryptology and Security (LACS)University of LuxembourgLuxembourgLuxembourg
  2. 2.Department of Computer ScienceUniversity of BristolBristolU.K.

Personalised recommendations