• Title/Summary/Keyword: 타원곡선 암호법

Search Result 19, Processing Time 0.022 seconds

A Scalar Multiplication Method and its Hardware with resistance to SPA(Simple Power Analysis) (SPA에 견디는 스칼라 곱셈 방법과 하드웨어)

  • 윤중철;정석원;임종인
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.3
    • /
    • pp.65-70
    • /
    • 2003
  • In this paper, we propose a scalar multiplication method and its hardware architecture which is resistant to SPA while its computation speed is faster than Colon's. There were SPA-resistant scalar multiplication method which has performance problem. Due to this reason, the research about an efficient SPA-resistant scalar multiplication is one of important topics. The proposed architecture resists to SPA and is faster than Colon's method under the assumption that Colon's and the proposed method use same fmite field arithmetic units(multiplier and inverter). With n-bit scalar multiple, the computation cycle of the proposed is 2n·(Inversion cycle)+3(Aultiplication cycle).

A Method for Scalar Multiplication on Elliptic Curves against Differential Power Analysis using Efficient Key-Randomization (효율적인 키-난수화를 사용한 차분 전력 분석 공격에 대응하는 타원곡선 위의 스칼라 곱셈 방법)

  • Jung, Seok Won
    • The Journal of the Korea Contents Association
    • /
    • v.20 no.1
    • /
    • pp.356-363
    • /
    • 2020
  • As a becoming era of Internet-of-Things, various devices are connected via wire or wirless networks. Although every day life is more convenient, security problems are also increasing such as privacy, information leak, denial of services. Since ECC, a kind of public key cryptosystem, has a smaller key size compared to RSA, it is widely used for environmentally constrained devices. The key of ECC in constrained devices can be exposed to power analysis attacks during scalar multiplication operation. In this paper, a key-randomization method is suggested for scalar multiplication on SECG parameters. It is against differential power analysis and has operational efficiency. In order to increase of operational efficiency, the proposed method uses the property 2lP=∓cP where the constant c is small compared to the order n of SECG parameters and n=2l±c. The number of operation for the Coron's key-randomization scalar multiplication algorithm is 21, but the number of operation for the proposed method in this paper is (3/2)l. It has efficiency about 25% compared to the Coron's method using full random numbers.

An Efficient Hardware Implementation of Square Root Computation over GF(p) (GF(p) 상의 제곱근 연산의 효율적인 하드웨어 구현)

  • Choe, Jun-Yeong;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.23 no.4
    • /
    • pp.1321-1327
    • /
    • 2019
  • This paper describes an efficient hardware implementation of modular square root (MSQR) computation over GF(p), which is the operation needed to map plaintext messages to points on elliptic curves for elliptic curve (EC)-ElGamal public-key encryption. Our method supports five sizes of elliptic curves over GF(p) defined by the National Institute of Standards and Technology (NIST) standard. For the Koblitz curves and the pseudorandom curves with 192-bit, 256-bit, 384-bit and 521-bit, the Euler's Criterion based on the characteristic of the modulo values was applied. For the elliptic curves with 224-bit, the Tonelli-Shanks algorithm was simplified and applied to compute MSQR. The proposed method was implemented using the finite field arithmetic circuit with 32-bit datapath and memory block of elliptic curve cryptography (ECC) processor, and its hardware operation was verified by implementing it on the Virtex-5 field programmable gate array (FPGA) device. When the implemented circuit operates with a 50 MHz clock, the computation of MSQR takes about 18 ms for 224-bit pseudorandom curves and about 4 ms for 256-bit Koblitz curves.

Arithmetic of finite fields with shifted polynomial basis (변형된 다항식 기저를 이용한 유한체의 연산)

  • 이성재
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.4
    • /
    • pp.3-10
    • /
    • 1999
  • More concerns are concentrated in finite fields arithmetic as finite fields being applied for Elliptic curve cryptosystem coding theory and etc. Finite fields arithmetic is affected in represen -tation of those. Optimal normal basis is effective in hardware implementation and polynomial field which is effective in the basis conversion with optimal normal basis and show that the arithmetic of finite field with the basis is effective in software implementation.

Design of a Bit-Serial Divider in GF(2$^{m}$ ) for Elliptic Curve Cryptosystem (타원곡선 암호시스템을 위한 GF(2$^{m}$ )상의 비트-시리얼 나눗셈기 설계)

  • 김창훈;홍춘표;김남식;권순학
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.27 no.12C
    • /
    • pp.1288-1298
    • /
    • 2002
  • To implement elliptic curve cryptosystem in GF(2$\^$m/) at high speed, a fast divider is required. Although bit-parallel architecture is well suited for high speed division operations, elliptic curve cryptosystem requires large m(at least 163) to support a sufficient security. In other words, since the bit-parallel architecture has an area complexity of 0(m$\^$m/), it is not suited for this application. In this paper, we propose a new serial-in serial-out systolic array for computing division operations in GF(2$\^$m/) using the standard basis representation. Based on a modified version of tile binary extended greatest common divisor algorithm, we obtain a new data dependence graph and design an efficient bit-serial systolic divider. The proposed divider has 0(m) time complexity and 0(m) area complexity. If input data come in continuously, the proposed divider can produce division results at a rate of one per m clock cycles, after an initial delay of 5m-2 cycles. Analysis shows that the proposed divider provides a significant reduction in both chip area and computational delay time compared to previously proposed systolic dividers with the same I/O format. Since the proposed divider can perform division operations at high speed with the reduced chip area, it is well suited for division circuit of elliptic curve cryptosystem. Furthermore, since the proposed architecture does not restrict the choice of irreducible polynomial, and has a unidirectional data flow and regularity, it provides a high flexibility and scalability with respect to the field size m.

Design of Serial-Parallel Multiplier for GF($2^n$) (GF($2^n$)에서의 직렬-병렬 곱셈기 구조)

  • 정석원;윤중철;이선옥
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.3
    • /
    • pp.27-34
    • /
    • 2003
  • Recently, an efficient hardware development for a cryptosystem is concerned. The efficiency of a multiplier for GF($2^n$)is directly related to the efficiency of some cryptosystem. This paper, considering the trade-off between time complexity andsize complexity, proposes a new multiplier architecture having n[n/2] AND gates and n([n/2]+1)- $$\Delta$_n$ = XOR gates, where $$\Delta$_n$=1 if n is even, $$\Delta$_n$=0 otherwise. This size complexity is less than that of existing ${multipliers}^{[5][12]}$which are $n^2$ AND gates and $n^2$-1 XOR gates. While a new multiplier is a serial-parallel multiplier to output a result of multiplication of two elements of GF($2^n$) after 2 clock cycles, the suggested multiplier is more suitable for some cryptographic device having space limitations.

New Simple Power Analysis on scalar multiplication based on sABS recoding (sABS 형태의 스칼라 곱셈 연산에 대한 새로운 단순전력 공격)

  • Kim, Hee-Seok;Kim, Sung-Kyoung;Kim, Tae-Hyun;Park, Young-Ho;Lim, Jong-In;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.115-123
    • /
    • 2007
  • In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.

Word Level Multiplier for $GF(2^m)$ Using Gaussian Normal Basis (가우시안 정규기저를 이용한 $GF(2^m)$상의 워드-레벨 곱셈기)

  • Kim, Chang-Hoon;Kwon, Yun-Ki;Kim, Tae-Ho;Kwon, Soon-Hak;Hong, Chun-Pyo
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.11C
    • /
    • pp.1120-1127
    • /
    • 2006
  • [ $GF(2^m)$ ] for elliptic curve cryptosystem. The proposed multiplier uses Gaussian normal basis representation and produces multiplication results at a rate of one per [m/w] clock cycles, where w is the selected we.4 size. We implement the p.oposed design using Xilinx XC2V1000 FPGA device. Our design has significantly less critical path delay compared with previously proposed hard ware implementations.

Security Analysis against RVA-based DPA Countermeasure Applied to $Eta_T$ Pairing Algorithm (RVA 기반의 페어링 부채널 대응법에 대한 안전성 분석)

  • Seo, Seog-Chung;Han, Dong-Guk;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.83-90
    • /
    • 2011
  • Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the $Eta_T$ pairings over GF($P^n$) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on $Eta_T$ Pairing algorithm from the implementation point of view.