Skip to main content
SpringerLink
Log in

Low-Latency Elliptic Curve Scalar Multiplication

  • Published:
International Journal of Parallel Programming Aims and scope Submit manuscript

Abstract

This paper presents a low-latency algorithm designed for parallel computer architectures to compute the scalar multiplication of elliptic curve points based on approaches from cryptographic side-channel analysis. A graphics processing unit implementation using a standardized elliptic curve over a 224-bit prime field, complying with the new 112-bit security level, computes the scalar multiplication in 1.9 ms on the NVIDIA GTX 500 architecture family. The presented methods and implementation considerations can be applied to any parallel 32-bit architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. AMD: ATI CTM reference guide. Technical reference manual (2006)

  2. Antao, S., Bajard, J.C., Sousa, L.: Elliptic curve point multiplication on GPUs. In: 21st IEEE International Conference on Application-Specific Systems Architectures and Processors (ASAP), 2010, pp. 192–199 (2010)

  3. Bernstein, D.J., Chen, H.C., Chen, M.S., Cheng, C.M., Hsiao, C.H., Lange, T., Lin, Z.C., Yang, B.Y.: The billion-mulmod-per-second PC. In: Special-Purpose Hardware for Attacking Cryptographic Systems—SHARCS 2009, pp. 131–144 (2009)

  4. Bernstein, D.J., Chen, H.C., Cheng, C.M., Lange, T., Niederhagen, R., Schwabe, P., Yang, B.Y.: ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds.) Indocrypt 2010, Lecture Notes in Computer Science, vol. 6498, pp. 328–346. Springer, Berlin, Heidelberg (2010)

  5. Bernstein, D.J., Chen, T.R., Cheng, C.M., Lange, T., Yang, B.Y.: ECM on graphics cards. In: Joux, A. (ed.) Eurocrypt 2009, Lecture Notes in Computer Science, vol. 5479, pp. 483–501. Springer, Heidelberg (2009)

  6. Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) Asiacrypt, Lecture Notes in Computer Science, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)

  7. Bernstein D.J., Lange T.: Analysis and optimization of elliptic-curve single-scalar multiplication. In: Mullen, G.L., Panario, D., Shparlinski, I.E. (eds.) Finite Fields and Applications, Contemporary Mathematics Series, vol. 461, pp. 1–119. American Mathematical Society, Providence, RI (2008)

    Google Scholar 

  8. Bevand, M.: MD5 Chosen-Prefix Collisions on GPUs. Whitepaper, Black Hat (2009)

  9. Blythe D.: The Direct3D 10 system. ACM Trans. Graph. 25(3), 724–734 (2006)

    Article  MathSciNet  Google Scholar 

  10. Bos, J.W.: High-performance modular multiplication on the cell processor. In: Hasan, M.A., Helleseth, T. (eds.) Arithmetic of Finite Fields—WAIFI 2010, Lecture Notes in Computer Science, vol. 6087, pp. 7–24. Springer, Heidelberg (2010)

  11. Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: On the security of 1024-bit RSA and 160-bit elliptic curve cryptography. Cryptology ePrint archive, report 2009/389. http://eprint.iacr.org/ (2009)

  12. Bos, J.W., Stefan, D.: Performance analysis of the SHA-3 candidates on exotic multi-core architectures. In: Mangard, S., Standaert, F.X. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2010, Lecture Notes in Computer Science, vol. 6225, pp. 279–293. Springer, Heidelberg (2010)

  13. Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography—PKC 2002, Lecture Notes in Computer Science, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)

  14. Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache, D. (ed.) CT-RSA, Lecture Notes in Computer Science, vol. 2020, pp. 250–265. Springer, Heidelberg (2001)

  15. Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) Asiacrypt 1998, Lecture Notes in Computer Science, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)

  16. Edwards H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44, 393–422 (2007)

    Article  MATH  Google Scholar 

  17. Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P.: Parallel scalar multiplication on general elliptic curves over \({\mathbb{F}_p}\) hedged against non-differential side-channel attacks. Cryptology ePrint archive, report 2002/007. http://eprint.iacr.org/ (2002)

  18. Garland M., Grand S.L., Nickolls J., Anderson J., Hardwick J., Morton S., Phillips E., Zhang Y., Volkov V.: Parallel computing experiences with CUDA. IEEE Micro 28(4), 13–27 (2008)

    Article  Google Scholar 

  19. Garner H.L.: The residue number system. IRE Trans. Electron. Comput. 8, 140–147 (1959)

    Article  Google Scholar 

  20. Granlund, T.: GMP small operands optimization. In: Software Performance Enhancement for Encryption and Decryption—SPEED 2007 (2007)

  21. Group, K.: OpenCL—the open standard for parallel programming of heterogeneous systems. http://www.khronos.org/opencl/

  22. Harrison, O., Waldron, J.: AES encryption implementation and analysis on commodity graphics processing units. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, Lecture Notes in Computer Science, vol. 4727, pp. 209–226. Springer, Heidelberg (2007)

  23. Harrison, O., Waldron, J.: Practical symmetric key cryptography on modern graphics hardware. In: Proceedings of the 17th Conference on Security Symposium, pp. 195–209. USENIX Association (2008)

  24. Harrison, O., Waldron, J.: Efficient acceleration of asymmetric cryptography on graphics hardware. In: Preneel, B. (ed.) Africacrypt 2009, Lecture Notes in Computer Science, vol. 5580, pp. 350–367. Springer, Heidelberg (2009)

  25. Hisil, H., Wong, K.K.H., Carter, G., Dawson, E.: Twisted Edwards curves revisited. In: Pieprzyk, J. (ed.) Asiacrypt 2008, Lecture Notes in Computer Science, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)

  26. Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography—PKC 2002, Lecture Notes in Computer Science, vol. 2274, pp. 371–374. Springer, Heidelberg (2002)

  27. Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski, B.S. Jr., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2002, Lecture Notes in Computer Science, vol. 2523, pp. 1–11. Springer, Heidelberg (2003)

  28. Karatsuba, A.A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. In: Proceedings of the USSR Academy of Science, vol. 145, pp. 293–294 (1962)

  29. Käsper, E.: Fast elliptic curve cryptography in OpenSSL. In: Danezis, G., Dietrich, S., Sako, K. (eds.) The 2nd Workshop on Real-Life Cryptographic Protocols and Standardization, Lecture Notes in Computer Science, vol. 7126. Springer. http://research.google.com/pubs/archive/37376.pdf (2012, to appear)

  30. Koblitz N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  31. Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Crypto 1996, Lecture Notes in Computer Science, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

  32. Lenstra A.K., Verheul E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)

    MathSciNet  MATH  Google Scholar 

  33. Lenstra H.W. Jr: Factoring integers with elliptic curves. Ann. Math. 126(3), 649–673 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  34. Lindholm E., Nickolls J., Oberman S., Montrym J.: NVIDIA tesla: a unified graphics and computing architecture. IEEE Micro 28(2), 39–55 (2008)

    Article  Google Scholar 

  35. Manavski, S.: CUDA compatible GPU as an efficient hardware accelerator for AES cryptography. In: IEEE International Conference on Signal Processing and Communications, 2007. ICSPC 2007, pp. 65–68 (2007)

  36. Merrill R.D.: Improving digital computer performance using residue number theory. IEEE Trans. Electron. Comput. EC-13(2), 93–101 (1964)

    Article  Google Scholar 

  37. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Crypto 1985, Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

  38. Montgomery P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)

    Article  MATH  Google Scholar 

  39. Moss, A., Page, D., Smart, N.P.: Toward acceleration of RSA using 3D graphics hardware. In: Galbraith, S.D. (ed.) Proceedings of the 11th IMA International Conference on Cryptography and Coding, Cryptography and Coding 2007, pp. 364–383. Springer (2007)

  40. National Security Agency: Fact sheet NSA suite B cryptography. http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml (2009)

  41. Nickolls J., Dally W.J.: The GPU computing era. IEEE Micro 30(2), 56–69 (2010)

    Article  Google Scholar 

  42. NVIDIA: NVIDIA’s next generation CUDA compute architecture: Fermi (2009)

  43. NVIDIA: NVIDIA CUDA programming guide 3.2 (2010)

  44. OpenSSL: The open source toolkit for SSL/TLS. http://www.openssl.org/ (2012)

  45. Osvik, D.A., Bos, J.W., Stefan, D., Canright, D.: Fast software AES encryption. In: Hong, S., Iwata, T. (eds.) Fast software encryption—FSE 2010, Lecture Notes in Computer Science, vol. 6147, pp. 75–93. Springer, Heidelberg (2010)

  46. Owens, J.: GPU architecture overview. In: Special Interest Group on Computer Graphics and Interactive Techniques—SIGGRAPH 2007, p. 2. ACM (2007)

  47. Patterson D.A., Hennessy J.L.: Computer Organization and Design: The Hardware/Software Interface, 4th edn. Morgan Kaufmann, San Francisco, CA (2009)

    MATH  Google Scholar 

  48. Rivest R.L., Shamir A., Adleman L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  49. Segal M., Akeley K.: The OpenGL Graphics System: A Specification (Version 2.0). Silicon Graphics, Mountain View, CA (2004)

    Google Scholar 

  50. Silverman J.H.: The Arithmetic of Elliptic Curves, Gradute Texts in Mathematics, vol. 106. Springer, Berlin (1986)

    Google Scholar 

  51. Solinas, J.A.: Generalized Mersenne numbers. Technical report CORR 99-39, Centre for Applied Cryptographic Research, University of Waterloo (1999)

  52. National Institute of Standards and Technology: Special publication 800-57: recommendation for key management part 1: general (revised). http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

  53. Szerwinski, R., Güneysu, T.: Exploiting the power of GPUs for asymmetric cryptography. In: Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2008, Lecture Notes in Computer Science, vol. 5154, pp. 79–99. Springer, Heidelberg (2008)

  54. US Department of Commerce and National Institute of Standards and Technology: Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography. See http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision_Mar08-2007.pdf (2007)

  55. US Department of Commerce/National Institute of Standards and Technology: Digital signature standard (DSS). FIPS-186-3. http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf (2009)

  56. Yang, J., Goodman, J.: Symmetric key cryptography on modern graphics hardware. In: Kurosawa, K. (ed.) Asiacrypt, Lecture Notes in Computer Science, vol. 4833, pp. 249–264. Springer, Heidelberg (2007)

Download references

Author information

Authors and Affiliations

  1. Laboratory for Cryptologic Algorithms, École Polytechnique Fédérale de Lausanne (EPFL), Station 14, 1015, Lausanne, Switzerland

    Joppe W. Bos

Authors
  1. Joppe W. Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joppe W. Bos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bos, J.W. Low-Latency Elliptic Curve Scalar Multiplication. Int J Parallel Prog 40, 532–550 (2012). https://doi.org/10.1007/s10766-012-0198-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10766-012-0198-5

Keywords

Search

Navigation