Journal of the Institute of Electronics Engineers of Korea SD (대한전자공학회논문지SD)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

Elliptic Curve Cryptography Coprocessors Using Variable Length Finite Field Arithmetic Unit

크기 가변 유한체 연산기를 이용한 타원곡선 암호 프로세서

  • Lee Dong-Ho (School of Electrical Engineering and Computer Science, Kyungpook National University)
  • 이동호 (경북대학교 전자전기컴퓨터학부)
  • Published : 2005.01.01
Download PDF
⟨ Previous Next ⟩

Abstract

Fast scalar multiplication of points on elliptic curve is important for elliptic curve cryptography applications. In order to vary field sizes depending on security situations, the cryptography coprocessors should support variable length finite field arithmetic units. To determine the effective variable length finite field arithmetic architecture, two well-known curve scalar multiplication algorithms were implemented on FPGA. The affine coordinates algorithm must use a hardware division unit, but the projective coordinates algorithm only uses a fast multiplication unit. The former algorithm needs the division hardware. The latter only requires a multiplication hardware, but it need more space to store intermediate results. To make the division unit versatile, we need to add a feedback signal line at every bit position. We proposed a method to mitigate this problem. For multiplication in projective coordinates implementation, we use a widely used digit serial multiplication hardware, which is simpler to be made versatile. We experimented with our implemented ECC coprocessors using variable length finite field arithmetic unit which has the maximum field size 256. On the clock speed 40 MHz, the scalar multiplication time is 6.0 msec for affine implementation while it is 1.15 msec for projective implementation. As a result of the study, we found that the projective coordinates algorithm which does not use the division hardware was faster than the affine coordinate algorithm. In addition, the memory implementation effectiveness relative to logic implementation will have a large influence on the implementation space requirements of the two algorithms.

고속 스칼라곱 연산은 타원곡선 암호 응용을 위해서 매우 중요하다. 보안 상황에 따라 유한체의 크기를 변경하려면 타원곡선 암호 보조프로세서가 크기 가변 유한체 연산 장치를 제공하여야 한다. 크기 가변 유한체 연산기의 효율적인 연산 구조를 연구하기 위하여 전형적인 두 종류의 스칼라곱 연산 알고리즘을 FPGA로 구현하였다. Affine 좌표계 알고리즘은 나눗셈 연산기를 필요로 하며, projective 좌표계 알고리즘은 곱셈 연산기만 사용하나 중간 결과 저장을 위한 메모리가 더 많이 소요된다. 크기 가변 나눗셈 연산기는 각 비트마다 궤환 신호선을 추가하여야 하는 문제점이 있다. 본 논문에서는 이로 인한 클록 속도저하를 방지하는 간단한 방법을 제안하였다. Projective 좌표계 구현에서는 곱셈 연산으로 널리 사용되는 디지트 serial 곱셈구조를 사용하였다. 디지트 serial 곱셈기의 크기 가변 구현은 나눗셈의 경우보다 간단하다. 최대 256 비트 크기의 연산이 가능한 크기 가변 유한체 연산기를 이용한 암호 프로세서로 실험한 결과, affine 좌표계 알고리즘으로 스칼라곱 연산을 수행한 시간이 6.0 msec, projective 좌표계 알고리즘의 경우는 1.15 msec로 나타났다. 제안한 타원곡선 암호 프로세서를 구현함으로써, 하드웨어 구현의 경우에도 나눗셈 연산을 사용하지 않는 projective 좌표계 알고리즘이 속도 면에서 우수함을 보였다. 또한, 메모리의 논리회로에 대한 상대적인 면적 효율성이 두 알고리즘의 하드웨어 구현 면적 요구에 큰 영향을 미친다.

Keywords

References

  1. D. Hankerson, J. L. Hernandez, and A. Menezes, 'Software implementation of elliptic curve cryptography over binary fields,' Cryptographic Hardware and Embedded Systems(CHES 2000), LNCS 1965, Springer, pp. 2-24, Worcester, MA, USA, August 2000
  2. M. Brown, D. Hankerson, J. Lopez, and A. Menezes, 'Software implementation of the NIST elliptic curves over prime fields,' CT-RSA 2001, LNCS 2020, Springer, pp. 250-265, 2001
  3. G. B. Agnew, R. C. Mullin, and S. A. Vanstone, 'An implementation of elliptic curve cryptosystems over F $_2^{155}$,' IEEE Journal on Selected Areas in Communications, Vol. 11, no. 5, pp. 804-813, June 1993 https://doi.org/10.1109/49.223883
  4. G. Orlando and C. Paar, 'A high-performance reconfigurable elliptic curve processor for GF($2^m$),' Cryptographic Hardware and Embedded Systems(CHES 2000), LNCS 1965, Springer, pp. 41-56, Worcester, MA, USA, August 2000
  5. E. Savas, A. F. Tenca, and Cetin K. Koc, 'A scalable and unified multiplier architecture for finite fields GF(p) and GF($2^m$),' Cryptographic Hardware and Embedded Systems(CHES 2000), LNCS 1965, Springer, pp. '277-292, Worcester, MA, USA, August 2000
  6. M. A. Hasan and A. G. Wassal, 'VLSI algorithms, architectures, and implementation of a versatile GF($2^m$) processor,' IEEE Transactions on Computers, Vol. 49, no. 10, pp. 1064-1073, October 2000 https://doi.org/10.1109/12.888042
  7. S. Okada, N. Torii, K. Itoh, and M. Takenaka, 'Implementation of elliptic curve cryptographic coprocessor over GF($2^m$) on an FPGA,' Cryptographic Hardware and Embedded Systems(CHES 2000), LNCS 1965, Springer, pp. 25-40, Redwood Shores, CA, USA, August 2000
  8. J. H. Kim and D. H. Lee, 'A compact finite field processor over GF($2^m$) for elliptic curve cryptography,' IEEE International Symposium on Circuits and Systems 2002(ISCAS 2002), Vol. 2, pp. II-340-II-343, May 2002
  9. J. Lopez and R. Dahab, 'Fast multiplication on elliptic curves over GF($2^m$) without precomputation,' Cryptographic Hardware and Embedded Systems(CHES '99), LNCS 1717, Springer, pp. 316-327, Worcester, MA, USA, August 1999 https://doi.org/10.1007/3-540-48059-5_27
  10. H. Brunner, A. Curiger, and M. Hofstetter, 'On computing multiplicative inverses in GF($2^m$),' IEEE Transactions on Computers, Vol. 42, no. S, pp. 1010-1015, August 1993 https://doi.org/10.1109/12.238496
  11. M. Ernst, M, Jung, F. Madlener, S. Huss, and R. Bluemel, 'A reconfigurable system on chip implementation for elliptic curve cryptography over GF($2^m$),' Cryptographic Hardware and Embedded Systems(CHES 2002), LNCS 2523, Springer, pp. 382-399, Worcester, MA, USA, August 2002
  12. L. Song and K. K. Parhi, 'Low-energy digit-seria/parallel finite field multipliers,' Journal of VLSI Signal Processing Systems, Vol. 2, no. 22, pp. 1-17, August 1997
  13. H. Wu, 'Low complexity bit parallel finite field arithmetic using polynomial basis,' Cryptographic Hardware and Embedded Systems(CHES '99), LNCS 1717, Springer, pp. 280-291, Worcester, MA, U.S.A, August 1999 https://doi.org/10.1007/3-540-48059-5_24
  14. K. Okeya and K. Sakurai, 'Fast multi-scalar multiplication methods on elliptic curves with precomputation strategy using montgomery trick,' Cryptographic Hardware and Embedded Systems(CHES 2002), LNCS 2523, Springer, pp. 566-581, Worcester, MA, USA, August 2002
  15. M. Rosing, 'Implementing Elliptic Curve Cryptography,' Manning Publications Co., 1999
  16. Quartus-II S/W On Line Manual, Altera Corp, http://www.altera.com/product/software/pld/q2/qts -index.html
  17. J. Goodman and A. P. Chandrakasan, 'An energy efficient reconfigurable public key cryptographic processor,' IEEE Journal of Solid State Circuits, Vol. 36, no. 11, pp. 1808-1820, September 2001 https://doi.org/10.1109/4.962304