• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.190-192
• /
• 2018

This paper describes a design of an elliptic curve cryptography (ECC) processor that supports five pseudo-random curves and five Koblitz curves over binary field defined by the NIST standard. The ECC processor adopts the Lopez-Dahab projective coordinate system so that scalar multiplication is computed with modular multiplier and XORs. A word-based Montgomery multiplier of $32-b{\times}32-b$ was designed to implement ECCs of various key lengths using fixed-size hardware. The hardware operation of the ECC processor was verified by FPGA implementation. The ECC processor synthesized using a 0.18-um CMOS cell library occupies 10,674 gate equivalents (GEs) and 9 Kbits RAM at 100 MHz, and the estimated maximum clock frequency is 154 MHz.

• Journal of IKEEE
• /
• v.23 no.1
• /
• pp.58-67
• /
• 2019

A design of an elliptic curve cryptography (ECC) processor that supports both pseudo-random curves and Koblitz curves over $GF(2^m)$ defined by the NIST standard is described in this paper. A finite field arithmetic circuit based on a word-based Montgomery multiplier was designed to support five key lengths using a datapath of fixed size, as well as to achieve a lightweight hardware implementation. In addition, Lopez-Dahab's coordinate system was adopted to remove the finite field division operation. The ECC processor was implemented in the FPGA verification platform and the hardware operation was verified by Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol operation. The ECC processor that was synthesized with a 180-nm CMOS cell library occupied 10,674 gate equivalents (GEs) and a dual-port RAM of 9 kbits, and the maximum clock frequency was estimated at 154 MHz. The scalar multiplication operation over the 223-bit pseudo-random elliptic curve takes 1,112,221 clock cycles and has a throughput of 32.3 kbps.

• Journal of IKEEE
• /
• v.24 no.4
• /
• pp.961-968
• /
• 2020

This paper describes a design of high performance modular multiplier that is essentially used for elliptic curve cryptography. Our modular multiplier supports modular multiplications for five field sizes over GF(p), including 192, 224, 256, 384 and 521 bits as defined in NIST FIPS 186-2, and it calculates modular multiplication in two steps with integer multiplication and reduction. The Karatsuba-Ofman multiplication algorithm was used for fast integer multiplication, and the Lazy reduction algorithm was adopted for reduction operation. In addition, the Nikhilam division algorithm was used for the division operation included in the Lazy reduction. The division operation is performed only once for a given modulo value, and it was designed to skip division operation when continuous modular multiplications with the same modulo value are calculated. It was estimated that our modular multiplier can perform 6.4 million modular multiplications per second when operating at a clock frequency of 32 MHz. It occupied 456,400 gate equivalents (GEs), and the estimated clock frequency was 67 MHz when synthesized with a 180-nm CMOS cell library.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.419-426
• /
• 2021

A high-performance elliptic curve cryptography processor (HP-ECCP) was designed to support five field sizes of 192, 224, 256, 384 and 521 bits over GF(p) defined in NIST FIPS 186-2, and it provides eight modes of arithmetic operations including ECPSM, ECPA, ECPD, MA, MS, MM, MI and MD. In order to make the HP-ECCP resistant to side-channel attacks, a modified left-to-right binary algorithm was used, in which point addition and point doubling operations are uniformly performed regardless of the Hamming weight of private key used for ECPSM. In addition, Karatsuba-Ofman multiplication algorithm (KOMA), Lazy reduction and Nikhilam division algorithms were adopted for designing high-performance modular multiplier that is the core arithmetic block for elliptic curve point operations. The HP-ECCP synthesized using a 180-nm CMOS cell library occupied 620,846 gate equivalents with a clock frequency of 67 MHz, and it was evaluated that an ECPSM with a field size of 256 bits can be computed 2,200 times per second.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.6
• /
• pp.502-510
• /
• 2009

Multiprecision squaring is one of the most significant algorithms in the core public key cryptography operation. The aim of this work is to present a new improved squaring algorithm compared with the MIRACL's multi precision squaring algorithm in which the previous work [1] on multiprecision multiplication is implemented. First, previous works on multiprecision multiplication and standard squaring are analyzed. Then, our new Lazy Doubling squaring algorithm is introduced. In MIRACLE library [3], Scott's Carry-Catcher Hybrid multiplication technique [1] is applied to implementation of multiprecision multiplication and squaring. Experimental results of the Carry-Catcher hybrid squaring algorithm and the proposed Lazy Doubling squaring algorithm both of which are tested on Atmega128 CPU show that proposed idea has achieved significant performance improvements. The proposed Lazy Doubling Squaring algorithm reduces addition instructions by the fact $a_0\;{\ast}\;2\;+\;a_1\;{\ast}\;2\;+\;...\;+\;a_{n-1}\;{\ast}\;2\;+\;a_n\;{\ast}\;2\;=\;(a_0\;+\;a_1\;+\;...\;+\;a_{n-1}\;+\;a_n)\;{\ast}\;2$ while the standard squaring algorithm reduces multiplication instructions by the fact $S_{ij}\;=\;x_i\;{\ast}\;x_j\;=\;S_{ij}$. Experimental results show that the proposed squaring method is 25% faster than that in MIRACL.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.100-108
• /
• 2018

This paper describes a design of scalable RSA public-key cryptography processor supporting four key lengths of 512/1,024/2,048/3,072 bits. The modular multiplier that is a core arithmetic block for RSA crypto-system was designed with 32-bit datapath, which is based on the CIOS (Coarsely Integrated Operand Scanning) Montgomery modular multiplication algorithm. The modular exponentiation was implemented by using L-R binary exponentiation algorithm. The scalable RSA crypto-processor was verified by FPGA implementation using Virtex-5 device, and it takes 456,051/3,496347/26,011,947/88,112,770 clock cycles for RSA computation for the key lengths of 512/1,024/2,048/3,072 bits. The RSA crypto-processor synthesized with a $0.18{\mu}m$ CMOS cell library occupies 10,672 gate equivalent (GE) and a memory bank of $6{\times}3,072$ bits. The estimated maximum clock frequency is 147 MHz, and the RSA decryption takes 3.1/23.8/177/599.4 msec for key lengths of 512/1,024/2,048/3,072 bits.

• Journal of IKEEE
• /
• v.18 no.2
• /
• pp.198-205
• /
• 2014

As the development of information technology, the interests in tiny applications such as wearable devices, portable devices and RFID are increased and the importance of low-area encryption circuit is emphasized. This paper proposes a compact architecture of AES-based encryption circuit suitable for tiny applications. The circuit area is reduced by minimizing storage space and sharing computation resources. The synthesized gate-level circuit using 65nm standard cell library consists of 2,241 gates and two $8{\times}16$-bit SRAMs. It can process data at a rate of 50.57Mbits per second. Therefore, the proposed encryption circuit is suitable for various applications requiring very small encryption circuit.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3352-3365
• /
• 2012

Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.13-23
• /
• 2001

This paper implemented into hardware SEED which is the KOREA standard 128-bit block cipher. First, at the respect of hardware implementation, we compared and analyzed SEED with AES finalist algorithms - MARS, RC6, RIJNDAEL, SERPENT, TWOFISH, which are secret key block encryption algorithms. The encryption of SEED is faster than MARS, RC6, TWOFISH, but is as five times slow as RIJNDAEL which is the fastest. We propose a SEED hardware architecture which improves the encryption speed. We divided one round into three parts, J1 function block, J2 function block J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined one round into three parts, J1 function block, J2 function block, J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined it to make it more faster. G-function is implemented more easily by xoring four extended 4 byte SS-boxes. We tested it using ALTERA FPGA with Verilog HDL. If the design is synthesized with 0.5 um Samsung standard cell library, encryption of ECB and decryption of ECB, CBC, CFB, which can be pipelined would take 50 clock cycles to encrypt 384-bit plaintext, and hence we have 745.6 Mbps assuming 97.1 MHz clock frequency. Encryption of CBC, OFB, CFB and decryption of OFB, which cannot be pipelined have 258.9 Mbps under same condition.