P-224 ECC와 2048-비트 RSA를 지원하는 공개키 암호 프로세서

A Public-key Cryptography Processor supporting P-224 ECC and 2048-bit RSA

  • Sung, Byung-Yoon (School of Electronic Engineering, Kumoh National Institute of Technology) ;
  • Lee, Sang-Hyun (School of Electronic Engineering, Kumoh National Institute of Technology) ;
  • Shin, Kyung-Wook (School of Electronic Engineering, Kumoh National Institute of Technology)
  • 투고 : 2018.07.04
  • 심사 : 2018.09.11
  • 발행 : 2018.09.30


FIPS 186-2에 정의된 224-비트 소수체 타원곡선 암호와 2048-비트 키길이의 RSA 암호를 단일 하드웨어로 통합 구현한 공개키 암호 프로세서 EC-RSA를 설계하였다. ECC의 스칼라 곱셈과 RSA의 멱승 연산에 공통으로 사용되는 유한체 연산장치를 32 비트 데이터 패스로 구현하였으며, 이들 연산장치와 내부 메모리를 ECC와 RSA 연산에서 효율적으로 공유함으로써 경량화된 하드웨어로 구현하였다. EC-RSA 프로세서를 FPGA에 구현하여 하드웨어 동작을 검증하였으며, 180-nm CMOS 셀 라이브러리로 합성한 결과 11,779 GEs와 14 kbit의 RAM으로 구현되었고, 최대 동작 주파수는 133 MHz로 평가되었다. ECC의 스칼라 곱셈 연산에 867,746 클록 사이클을 소요되어 34.3 kbps의 처리율을 가지며, RSA의 복호화 연산에 26,149,013 클록 사이클이 소요되어 10.4 kbps의 처리율을 갖는 것으로 평가되었다.

A public-key cryptography processor EC-RSA was designed, which integrates a 224-bit prime field elliptic curve cryptography (ECC) defined in the FIPS 186-2 as well as RSA with 2048-bit key length into a single hardware structure. A finite field arithmetic core used in both scalar multiplication for ECC and exponentiation for RSA was designed with 32-bit data-path. A lightweight implementation was achieved by an efficient hardware sharing of the finite field arithmetic core and internal memory for ECC and RSA operations. The EC-RSA processor was verified by FPGA implementation. It occupied 11,779 gate equivalents (GEs) and 14 kbit RAM synthesized with a 180-nm CMOS cell library and the estimated maximum clock frequency was 133 MHz. It takes 867,746 clock cycles for ECC scalar multiplication resulting in the estimated throughput of 34.3 kbps, and takes 26,149,013 clock cycles for RSA decryption resulting in the estimated throughput of 10.4 kbps.



  1. H. Lin, and N. Bergmann, "IoT Privacy and Security Challenges for Smart Home Environments," information, pp. 1-15, 2016. DOI:10.3390/info7030044
  2. O. Toshihiko, "Lightweight Cryptography Applicable to various IoT Devices," NEC Technical Journal, vol.12, no.1, pp. 67-71, 2017.
  3. T. Eisenbarth and S. Kumar, "A Survey of Lightweight Cryptography Implementations," IEEE Design & Test of Computers, vol.24, pp. 522-533, 2007. DOI:10.1109/MDT.2007.178
  4. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining Digital Signatures and Public-Key Crypto-systems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, 1978. DOI:10.1145/359340.359342
  5. N. Koblitz, "Elliptic curve cryptosystems," Mathematics of Computation, vol.48, no.177, pp. 203-209, 1987. DOI:10.1090/S0025-5718-1987-0866109-5
  6. V. S. Miller, "Use of elliptic curve in cryptography," in CRYPTO85: Proceedings of the Advances in Cryptology, Springer-Verlag, pp. 417-426, 1986.
  7. M. Amara and A. Siad, "Hardware implementation of Elliptic Curve Point Multiplication over GF(2^m) for ECC protocols," International Journal for Information Security Research (IJISR), vol.2, no.1, pp. 106-112, March. 2012.
  8. F. Morain and J. Olivos, "Speeding up the computations on an elliptic curve using additionsubtraction chains," RAIRO Theoretical Informatics and Applications, vol.24, no.6, pp. 531-543, 1990.
  9. P. L. Montgomery, "Speeding the Pollard and elliptic curve methods of factorization," Mathematics of Computation, vol.48, no.177, pp. 243-264, 1987. DOI:10.1090/S0025-5718-1987-0866113-7
  10. J. H. Silverman, The Arithmetic of Elliptic Curves, Graduate Texts in Mathematics (GTM) 106, Springer-Verlag, 1986.
  11. J. Lopez and R. Dahab, "Improved Algorithms for Elliptic Curve Arithmetic in GF(2^n)," International Workshop on Selected Areas in Cryptography (SAC), pp. 201-212, 1998. Also in Lecture Notes in Computer Science, vol.1556, Springer.
  12. NIST Std. FIPS PUB 186-2, Digital Signature Standard (DSS), National Institute of Standard and Technology (NIST), Jan. 2000.
  13. J. Guajardo et al, "Efficient hardware implementation of finite fields with applications to cryptography," in Acta Applicandae Mathematicae, vol.93, pp. 75-118, 2006. DOI:10.1007/s10440-006-9072-z
  14. Miyamoto et al, "Systematic design of highradix Montgomery multipliers for RSA processors," IEEE International Conference on Computer Design (ICCD), pp. 416-421, 2008. DOI:10.1109/ICCD.2008.4751894
  15. M. D. Shieh and W. C. Lin, "Word-Based Montgomery Modular Multiplication Algorithm for Low-Latency Scalable Architectures," IEEE Transactions on Computers, vol.59, no.8, pp. 1145-1151, 2010. DOI:10.1109/TC.2010.72
  16. A. Bellemou, M. Anane, N. Benblidia, and M. Issad, "FPGA Implementation of Scalar Multiplication over F_p for Elliptic Curve Cryptosystem," 2015 10th International Design & Test Symposium (IDT), pp. 135-140, 2015. DOI:10.1109/IDT.2015.7396750
  17. K. Javeed, X. Wang, and M. Scott, "High performance hardware support for elliptic curve cryptography over general prime field," Microprocessors and Microsystems, pp. 331-342, 2017. DOI:10.1016/j.micpro.2016.12.005
  18. K. Javeed, and X. Wang "FPGA Based High Speed SPA Resistant Elliptic Curve Scalar-Multiplier Architecture," International Journal of Reconfigurable Computing, pp. 1-10, 2016. DOI:10.1155/2016/6371403
  19. B. Song, K. Kawakami, K. Nakano, and Y. Ito, "An RSA Encryption Hardware Algorithm using a Single DSP Block and a Single Block RAM on the FPGA," First International Conference on Networking and Computing, pp. 140-147, 2010. DOI:10.15803/ijnc.1.2_277
  20. W. L. Cho, and K. W. Shin, “2,048 bits RSA public-key cryptography processor based on 32-bit Montgomery modular multiplier,” Journal of the Korea Institute of Information and Communication Engineering, Vol. 21, No. 8, pp. 1471-1479, Aug. 2017.