Skip to main content
SpringerLink
Log in

Fast prime field elliptic-curve cryptography with 256-bit primes

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This paper studies software optimization of elliptic-curve cryptography with \(256\)-bit prime fields. We propose a constant-time implementation of the NIST and SECG standardized curve P-\(256\), that can be seamlessly integrated into OpenSSL. This accelerates Perfect Forward Secrecy TLS handshakes that use ECDSA and/or ECDHE, and can help in improving the efficiency of TLS servers. We report significant performance improvements for ECDSA and ECDH, on several architectures. For example, on the latest Intel Haswell microarchitecture, our ECDSA sign is \(2.33\times \) faster than OpenSSL’s implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. “Demand for encryption apps has increased dramatically ever since the exposure of massive internet surveillance programs run by US and UK intelligence agencies. Now Facebook is reportedly moving to implement a strong, decades-old encryption technique that’s been largely avoided by the online services that need it most”; J. Kopstein, The Verge, http://www.theverge.com/2013/6/26/4468050/facebook-follows-google-with-tough-encryption-standard.

  2. RSA signature verification with the standard short public exponent remains faster than ECDSA verification. However, verification is done by the client, and not by the server side.

  3. An optimized implementation of P-224, P-\(^{\prime }256\) and P-521 was contributed to OpenSSL by Emilia K sper, Adam Langley and Bodo Moeller. To enable it, OpenSSL should be configured with ‘enable-ec_nistp_64_gcc_128’.

  4. Available from http://software.intel.com/en-us/articles/intel-software-development-emulator.

  5. It is currently in the process of integration into a future version of this library (1.0.2), and can be found in the latest beta version (1.0.2 beta 3).

References

  1. Aciiçmez, O., Gueron, S., Seifert, J.P.: New branch prediction vulnerabilities in open SSL and necessary software countermeasures. In: Galbarith, S.D (ed.) Cryptography and Coding. LNCS, vol. 4887, pp. 185–203. Springer, Heidelberg (2007)

  2. Barker, E., Roginsky, A.: Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication 800–131A, NIST (2011). http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

  3. Bernstein, D.J.: Curve25519: new Diffie–Hellman speed records. In: 9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24–26, 2006. Proceedings, pp. 24–26. Springer, Heidleberg (2006)

  4. Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Appl. Math. 4(2), 236–240. Oxford University Press, Oxford (1951)

  5. China Cryptography Administration: SM2 Elliptic curve recommended parameters (in Chinese). http://www.oscca.gov.cn/UpFile/2010122214836668.pdf

  6. China Cryptography Administration: State Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves (2010, in Chinese). http://www.oscca.gov.cn/UpFile/2010122214822692.pdf

  7. Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. IETF RFC5246. IETF (2008). http://tools.ietf.org/html/rfc5246

  8. Gueron, S., Krasnov, V.: [PATCH] Efficient and side channel analysis resistant 1024-bit and 2048-bit modular exponentiation, optimizing RSA, DSA and DH of compatible sizes, for AVX2 capable x86\_64 platforms. OpenSSL patch (2013). http://rt.openssl.org/Ticket/Display.html?id=3054&user=guest&pass=guest

  9. Gueron, S.: Efficient software implementations of modular exponentiation. J. Cryptograph. Eng. 2, 31–43. Springer, Heidelberg (2012)

  10. Gueron, S., Krasnov, V.: [PATCH] Fast and side channel protected implementation of the NIST P-256 elliptic curve, for x86–64 platforms. OpenSSL patch (2013). http://rt.openssl.org/Ticket/Display.html?id=3149&user=guest&pass=guest

  11. Greenwald, G., MacAskill, E.: NSA prism program taps in to user data of Apple, Google and others. In: The Guardian (June 2013). http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

  12. Intel: Intel R architecture instruction set extensions programming reference (2013). http://download-software.intel.com/sites/default/files/319433-015.pdf

  13. Käsper, E.: Fast Elliptic Curve Cryptography in OpenSSL. In: Danezis, G., Dietrich, S., Sako, K. (eds.) Financial Cryptography and Data Security. LNCS, vol. 7126, pp. 27–39. Springer, Heidelberg (2012)

  14. Langley, A.: Protecting data for the long term with forward secrecy. In: Google Online Security Blog (2011). http://googleonlinesecurity.blogspot.co.il/2011/11/protecting-data-for-long-term-with.html

  15. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)

    Article  MATH  Google Scholar 

  16. NIST: Mathematical routines for the NIST prime elliptic curves (2010). http://www.nsa.gov/ia/_files/nist-routines.pdf

  17. NSS, Mozilla. https://developer.mozilla.org/en/docs/NSS

  18. OpenSSL git repository. http://git.openssl.org/gitweb/

  19. Renfro, S.: Secure browsing by default. In: Facebook, Facebook Engineering. https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-default/10151590414803920

  20. Satler, M., Housley, R.: Suite B Profile for Transport Layer Security (TLS). IETF RFC6460. IETF (2012). http://tools.ietf.org/html/rfc6460

  21. Solinas, J.A.: Generalized Mersenne numbers. Center for Applied Cryptographic Research. University of Waterloo,Technical Report (1999)

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, University of Haifa, Haifa, Israel

    Shay Gueron

  2. Intel Corporation, Israel Development Center, Haifa, Israel

    Shay Gueron & Vlad Krasnov

Authors
  1. Shay Gueron
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vlad Krasnov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shay Gueron.

Appendix A

Appendix A

The configuration details of the platform that was used for the system profiling experiment:

CPU: Engineering sample of Intel microarchitecture codename Haswell, native speed of 2.9 GHz, 4 cores, 8 threads. For the experiment, we disabled 3 out of 4 cores and underclocked the CPU to 1 GHz, this is because otherwise, when using AES-GCM cipher, that performs at around 1 cycle/byte, the CPU outperforms the network card and idles most of the time.

Memory: 8GB DDR3 1,600 MHz, two-channel configuration.

Hard drive: Intel SSD X25-M 80GB.

Software: Apache server version 2.4.4; OpenSSL development version (from September 9, 2013).

Network: Engineering sample of Intel 10Gbit Ethernet adapter.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gueron, S., Krasnov, V. Fast prime field elliptic-curve cryptography with 256-bit primes. J Cryptogr Eng 5, 141–151 (2015). https://doi.org/10.1007/s13389-014-0090-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-014-0090-x

Keywords

Search

Navigation