• JSTS:Journal of Semiconductor Technology and Science
• /
• v.16 no.1
• /
• pp.118-125
• /
• 2016

This paper presents a new high-efficient algorithm and architecture for an elliptic curve cryptographic processor. To reduce the computational complexity, novel modified Lopez-Dahab scalar point multiplication and left-to-right algorithms are proposed for point multiplication operation. Moreover, bit-serial Galois-field multiplication is used in order to decrease hardware complexity. The field multiplication operations are performed in parallel to improve system latency. As a result, our approach can reduce hardware costs, while the total time required for point multiplication is kept to a reasonable amount. The results on a Xilinx Virtex-5, Virtex-7 FPGAs and VLSI implementation show that the proposed architecture has less hardware complexity, number of clock cycles and higher efficiency than the previous works.

• Proceedings of the IEEK Conference
• /
• 2001.06b
• /
• pp.305-308
• /
• 2001

This paper describes the design of elliptic curve cryptographic (ECC) coprocessor over binary fields for the If card. This coprocessor is implemented by the shift-and-add algorithm for the field multiplication algorithm. And the modified almost inverse algorithm(MAIA) is selected for the inverse multiplication algorithm. These two algorithms is merged to minimize the hardware size. Scalar multiplication is performed by the binary Non Adjacent Format(NAF) method. The ECC we have implemented is defined over the field GF(2$^{163}$), which is a SEC-2 recommendation［7］..

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.356-360
• /
• 2006

Recently, many power analysis attacks have been proposed. Since the attacks are powerful, it is very important to implement cryptosystems securely against the attacks. We propose countermeasures against power analysis attacks for elliptic curve cryptosystems based on Koblitz curves (KCs), which are a special class of elliptic curves. That is, we make our countermeasures be secure against SPA, DPA, and new DPA attacks, specially RPA, ZPA, using a random point at each execution of elliptic curve scalar multiplication. And since our countermeasures are designed to use the Frobenius map of KC, those are very fast.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.784-787
• /
• 2004

The most time-consuming back-bone operation in an elliptic curve cryptosystem is scalar multiplication. In this paper, we propose a method of inducing a GF operation named point quadruple operation to be used in the quad-and-add algorithm, whith was achieved by refining the traditional double-and-add algorithm. Induced expression of the algorithm was verified and proven by C program in a real model of calculation. The point quadruple operation can be used in fast and efficient implementation of scalar multiplication operation.

• ETRI Journal
• /
• v.32 no.3
• /
• pp.362-369
• /
• 2010

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side-channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1019-1025
• /
• 2012

Fault attacks manipulate the computation of an algorithm and get information about the private key from the erroneous result. It is the most powerful attack for the cryptographic device. Currently, the research on error detection methods and fault attacks have been studied actively. S. Pontarelli et al. introduced an error detection method in 2009. It can detect an error that occurs during Elliptic Curve Scalar Multiplication (ECSM). In this paper, we present a new fault attack. Our attack can avoid the error detection method introduced by S. Pontarelli et al. We inject a bit flip error in the Euclidean Addition Chain (EAC) on the private key in ECSM and retrieve the private key.

• Journal of applied mathematics & informatics
• /
• v.31 no.3_4
• /
• pp.425-441
• /
• 2013

In literature, several strong designated verifier signature (SDVS) schemes have been devised using elliptic curve bilinear pairing and map-topoint (MTP) hash function. The bilinear pairing requires a super-singular elliptic curve group having large number of elements and the relative computation cost of it is approximately two to three times higher than that of elliptic curve point multiplication, which indicates that bilinear pairing is an expensive operation. Moreover, the MTP function, which maps a user identity into an elliptic curve point, is more expensive than an elliptic curve scalar point multiplication. Hence, the SDVS schemes from bilinear pairing and MTP hash function are not efficient in real environments. Thus, a cost-efficient SDVS scheme using elliptic curve cryptography with pairingfree operation is proposed in this paper that instead of MTP hash function uses a general cryptographic hash function. The security analysis shows that our scheme is secure in the random oracle model with the hardness assumption of CDH problem. In addition, the formal security validation of the proposed scheme is done using AVISPA tool (Automated Validation of Internet Security Protocols and Applications) that demonstrated that our scheme is unforgeable against passive and active attacks. Our scheme also satisfies the different properties of an SDVS scheme including strongness, source hiding, non-transferability and unforgeability. The comparison of our scheme with others are given, which shows that it outperforms in terms of security, computation cost and bandwidth requirement.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.1
• /
• pp.57-67
• /
• 2005

Fast scalar multiplication of points on elliptic curve is important for elliptic curve cryptography applications. In order to vary field sizes depending on security situations, the cryptography coprocessors should support variable length finite field arithmetic units. To determine the effective variable length finite field arithmetic architecture, two well-known curve scalar multiplication algorithms were implemented on FPGA. The affine coordinates algorithm must use a hardware division unit, but the projective coordinates algorithm only uses a fast multiplication unit. The former algorithm needs the division hardware. The latter only requires a multiplication hardware, but it need more space to store intermediate results. To make the division unit versatile, we need to add a feedback signal line at every bit position. We proposed a method to mitigate this problem. For multiplication in projective coordinates implementation, we use a widely used digit serial multiplication hardware, which is simpler to be made versatile. We experimented with our implemented ECC coprocessors using variable length finite field arithmetic unit which has the maximum field size 256. On the clock speed 40 MHz, the scalar multiplication time is 6.0 msec for affine implementation while it is 1.15 msec for projective implementation. As a result of the study, we found that the projective coordinates algorithm which does not use the division hardware was faster than the affine coordinate algorithm. In addition, the memory implementation effectiveness relative to logic implementation will have a large influence on the implementation space requirements of the two algorithms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.1
• /
• pp.143-152
• /
• 2012

In this paper hardware implementation of GF($2^{191}$) elliptic curve cryptographic coprocessor which supports 7 operations such as scalar multiplication(kP), Menezes-Vanstone(MV) elliptic curve cipher/decipher algorithms, point addition(P+Q), point doubling(2P), finite-field multiplication/division is described. To meet structure resistant against simple power analysis, the ECC processor adopts the Montgomery scalar multiplication scheme which main loop operation consists of the key-independent operations. It has operational characteristics that arithmetic units, such GF_ALU, GF_MUL, and GF_DIV, which have 1, (m/8), and (m-1) fixed operation cycles in GF($2^m$), respectively, can be executed in parallel. The processor has about 68,000 gates and its simulated worst case delay time is about 7.8 ns under 0.35um CMOS technology. Because it has about 320 kbps cipher and 640 kbps rate and supports 7 finite-field operations, it can be efficiently applied to the various cryptographic and communication applications.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.686-689
• /
• 2009

This paper describes a scalar multiplier for Elliptic curve cryptography. The scalar multiplier has 163-bits key size which supports the specifications of smart card standard. To reduce the computational complexity of scalar multiplication on finite field $GF(2^{163})$, the Non-Adjacent-Format (NAF) conversion algorithm based on complementary recoding is adopted. The scalar multiplier core synthesized with a $0.35-{\mu}m$ CMOS cell library has 32,768 gates and can operate up to 150-MHz@3.3-V. It can be used in hardware design of Elliptic curve cryptography processor for smart card security.