• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.81-88
• /
• 2010

Sun et al. proposed a new design of wearable token system for security of mobile devices, such as a notebook and PDA. In this paper, we show that Sun et al.'s system is vulnerable to off-line password guessing attack and man in the middle attack based on known plain-text attack. We propose an improved scheme which overcomes the weaknesses of Sun et al.'s system. The proposed protocol requires to perform one modular multiplication in the wearable token, which has low computation ability, and modular exponentiation in the mobile devices, which have sufficient computing resources. Our protocol has no security problem, which threatens Sun's system, and known vulnerabilities. That is, the proposed protocol overcomes the security problems of Sun's system with minimal overheads.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.12
• /
• pp.1609-1617
• /
• 2019

Described in this paper is a design of hardware accelerator for implementing public-key cryptographic protocols (PKCPs) based on Elliptic Curve Cryptography (ECC) and RSA. It supports five elliptic curves (ECs) over GF(p) and three key lengths of RSA that are defined by NIST standard. It was designed to support four point operations over ECs and six modular arithmetic operations, making it suitable for hardware implementation of ECC- and RSA-based PKCPs. In order to achieve small-area implementation, a finite field arithmetic circuit was designed with 32-bit data-path, and it adopted word-based Montgomery multiplication algorithm, the Jacobian coordinate system for EC point operations, and the Fermat's little theorem for modular multiplicative inverse. The hardware operation was verified with FPGA device by implementing EC-DH key exchange protocol and RSA operations. It occupied 20,800 gate equivalents and 28 kbits of RAM at 50 MHz clock frequency with 180-nm CMOS cell library, and 1,503 slices and 2 BRAMs in Virtex-5 FPGA device.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.8
• /
• pp.1095-1102
• /
• 2021

A scalable ECC architecture with high scalability and flexibility between performance and hardware complexity is proposed. For architectural scalability, a modular arithmetic unit based on a one-dimensional array of processing element (PE) that performs finite field operations on 32-bit words in parallel was implemented, and the number of PEs used can be determined in the range of 1 to 8 for circuit synthesis. A scalable algorithms for word-based Montgomery multiplication and Montgomery inversion were adopted. As a result of implementing scalable ECC processor (sECCP) using 180-nm CMOS technology, it was implemented with 100 kGEs and 8.8 kbits of RAM when N_PE=1, and with 203 kGEs and 12.8 kbits of RAM when N_PE=8. The performance of sECCP with N_PE=1 and N_PE=8 was analyzed to be 110 PSMs/sec and 610 PSMs/sec, respectively, on P256R elliptic curve when operating at 100 MHz clock.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.469-472
• /
• 2003

The computational cost of encryption is a barrier to wider application of a variety of data security protocols. Virtually all research on Elliptic Curve Cryptography(ECC) provides evidence to suggest that ECC can provide a family of encryption algorithms that implementation than do current widely used methods. This efficiency is obtained since ECC allows much shorter key lengths for equivalent levels of security. This paper suggests how improvements in execution of ECC algorithms can be obtained by changing the representation of the elements of the finite field of the ECC algorithm. Specifically, this research compares the time complexity of ECC computation eve. a variety of finite fields with elements expressed in the polynomial basis(PB) and normal basis(NB).

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.16 no.5
• /
• pp.564-581
• /
• 2016

We present an efficient hardware prime generator that generates a prime p by combining trial division and Fermat test in parallel. Since the execution time of this parallel combination is greatly influenced by the number k of the smallest odd primes used in the trial division, it is important to determine the optimal k to create the fastest parallel combination. We present probabilistic analysis to determine the optimal k and to estimate the expected running time for the parallel combination. Our analysis is conducted in two stages. First, we roughly narrow the range of optimal k by using the expected values for the random variables used in the analysis. Second, we precisely determine the optimal k by using the exact probability distribution of the random variables. Our experiments show that the optimal k and the expected running time determined by our analysis are precise and accurate. Furthermore, we generalize our analysis and propose a guideline for a designer of a hardware prime generator to determine the optimal k by simply calculating the ratio of M to D, where M and D are the measured running times of a modular multiplication and an integer division, respectively.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.11
• /
• pp.157-162
• /
• 2010

Due to the IT development, RFID/USN became very familiar means of communication. However, because of increased number, security, and size constraints of nodes, it is insufficient to implement a variety of services. To solve these problems, this paper suggests RI-RSA, which is an appropriate asymmetric cryptographic system for RFID/USN environment. The proposed RI-RSA cryptographic system is easy to implement. To increase the processing speed, RI-RSA was suggested by subdividing the multiplication section into two-dimensional, where bottleneck phenomena occurs, and it was implemented in the hardware chip level. The simulation result verified that it caused 6% of circuit reduction, and for the processing speed, RI-RSA was 30% faster compare to the existing RSA.

• The KIPS Transactions:PartA
• /
• v.11A no.1
• /
• pp.1-10
• /
• 2004

A cellular array parallel multiplier with parallel-inputs and parallel-outputs for performing the multiplication of two polynomials in the finite fields GF$(2^m)$ is presented in this paper. The presented cellular way parallel multiplier consists of three operation parts: the multiplicative operation part (MULOP), the irreducible polynomial operation part (IPOP), and the modular operation part (MODOP). The MULOP and the MODOP are composed if the basic cells which are designed with AND Bates and XOR Bates. The IPOP is constructed by XOR gates and D flip-flops. This multiplier is simulated by clock period l${\mu}\textrm{s}$ using PSpice. The proposed multiplier is designed by 24 AND gates, 32 XOR gates and 4 D flip-flops when degree m is 4. In case of using AOP irreducible polynomial, this multiplier requires 24 AND gates and XOR fates respectively. and not use D flip-flop. The operating time of MULOP in the presented multiplier requires one unit time(clock time), and the operating time of MODOP using IPOP requires m unit times(clock times). Therefore total operating time is m+1 unit times(clock times). The cellular array parallel multiplier is simple and regular for the wire routing and have the properties of concurrency and modularity. Also, it is expansible for the multiplication of two polynomials in the finite fields with very large m.

• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.38 no.1
• /
• pp.27-34
• /
• 2001

The multiplication algorithm using the primitive irreducible trinomial $x^m+x+1$ over $GF(2^m)$ was proposed by Mastrovito. The multiplier proposed in this paper consisted of the multiplicative operation unit, the primitive irreducible operation unit and mod operation unit. Among three units mentioned above, the Primitive irreducible operation was modified to primitive irreducible trinomial $x^m+x+1$ that satisfies the range of 1$x^m,{\cdots},x^{2m-2}\;to\;x^{m-1},{\cdots},x^0$ is reduced. In this paper, the primitive irreducible polynomial was reduced to the primitive irreducible trinomial proposed. As a result of this reduction, the primitive irreducible trinomial reduced the size of circuit. In addition, the proposed design of multiplier was suitable for VLSI implementation because the circuit became regular and modular in structure, and required simple control signal.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.33-41
• /
• 2006

RSA cryptosystem is of great use in systems such as IC card, mobile system, WPKI, electronic cash, SET, SSL and so on. RSA is performed through modular exponentiation. It is well known that the Montgomery multiplier is efficient in general. The critical path delay of the Montgomery multiplier depends on an addition of three operands, the problem that is taken over carry-propagation makes big influence at an efficiency of Montgomery Multiplier. Recently, the use of the Carry Save Adder(CSA) which has no carry propagation has worked McIvor et al. proposed a couple of Montgomery multiplication for an ideal exponentiation, the one and the other are made of 3 steps and 2 steps of CSA respectively. The latter one is more efficient than the first one in terms of the time complexity. In this paper, for faster operation than the latter one we use binary signed-digit(SD) number system which has no carry-propagation. We propose a new redundant binary adder(RBA) that performs the addition between two binary SD numbers and apply to Montgomery multiplier. Instead of the binary SD addition rule using in existing RBAs, we propose a new addition rule. And, we construct and simulate to the proposed adder using gates provided from SAMSUNG STD130 $0.18{\mu}m$ 1.8V CMOS Standard Cell Library. The result is faster by a minimum 12.46% in terms of the time complexity than McIvor's 2 method and existing RBAs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.81-93
• /
• 2000

In a methodological approach to improve the processing performance of modulo exponentiation which is the primary arithmetic in RSA crypto algorithm, we present a new RSA hardware architecture based on high-radix modulo multiplication and CRT(Chinese Remainder Theorem). By implementing the modulo multiplier using radix-16 arithmetic, we reduced the number of PE(Processing Element)s by quarter comparing to the binary arithmetic scheme. This leads to having the number of clock cycles and the delay of pipelining flip-flops be reduced by quarter respectively. Because the receiver knows p and q, factors of N, it is possible to apply the CRT to the decryption process. To use CRT, we made two s/2-bit multipliers operating in parallel at decryption, which accomplished 4 times faster performance than when not using the CRT. In encryption phase, the two s/2-bit multipliers can be connected to make a s-bit linear multiplier for the s-bit arithmetic operation. We limited the encryption exponent size up to 17-bit to maintain high speed, We implemented a linear array modulo multiplier by projecting horizontally the DG of Montgomery algorithm. The H/W proposed here performs encryption with 15Mbps bit-rate and decryption with 1.22Mbps, when estimated with reference to Samsung 0.5um CMOS Standard Cell Library, which is the fastest among the publications at present.