• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.3C
• /
• pp.176-184
• /
• 2005

In this paper, we implemented an Elliptic Curve Cryptography(ECC) processor for Digital Transmission Contents Protection (DTCP), which is a standard for protecting various digital contents in the network. Unlikely to other applications, DTCP uses ECC algorithm which is defined over GF(p), where p is a 160-bit prime integer. The core arithmetic operation of ECC is a scalar multiplication, and it involves large amount of very long integer modular multiplications and additions. In this paper, the modular multiplier was designed using the well-known Montgomery algorithm which was implemented with CSA(Carry-save Adder) and 4-level CLA(Carry-lookahead Adder). Our new ECC processor has been synthesized using Samsung 0.18 m CMOS standard cell library, and the maximum operation frequency was estimated 98 MHz, with the size about 65,000 gates. The resulting performance was 29.6 kbps, that is, it took 5.4 msec to process a 160-bit data frame. We assure that this performance is enough to be used for digital signature, encryption and decryption, and key exchanges in real time environments.

• Journal of Broadcast Engineering
• /
• v.17 no.1
• /
• pp.195-198
• /
• 2012

The N basis functions are typically chosen so that Surface reflectance functions(SRFs) and spectral power distributions (SPDs) can be accurately reconstructed from their N-dimensional vector codes. Typical rendering applications assume that the resulting mapping is an isomorphism where vector operations of addition, scalar multiplication, component-wise multiplication on the N-vectors can be used to model physical operations such as superposition of lights, light-surface interactions and inter-reflection. The vector operations do not mirror the physical. However, if the choice of basis functions is restricted to characteristic functions then the resulting map between SPDs/SRFs and N-vectors is anisomorphism that preserves the physical operations needed in rendering. This paper will show how to select optimal characteristic function bases of any dimension N (number of basis functions) and also evaluate how accurately a large set of Munsell color chips can approximated as basis functions of dimension N.

• Journal of IKEEE
• /
• v.23 no.1
• /
• pp.58-67
• /
• 2019

A design of an elliptic curve cryptography (ECC) processor that supports both pseudo-random curves and Koblitz curves over $GF(2^m)$ defined by the NIST standard is described in this paper. A finite field arithmetic circuit based on a word-based Montgomery multiplier was designed to support five key lengths using a datapath of fixed size, as well as to achieve a lightweight hardware implementation. In addition, Lopez-Dahab's coordinate system was adopted to remove the finite field division operation. The ECC processor was implemented in the FPGA verification platform and the hardware operation was verified by Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol operation. The ECC processor that was synthesized with a 180-nm CMOS cell library occupied 10,674 gate equivalents (GEs) and a dual-port RAM of 9 kbits, and the maximum clock frequency was estimated at 154 MHz. The scalar multiplication operation over the 223-bit pseudo-random elliptic curve takes 1,112,221 clock cycles and has a throughput of 32.3 kbps.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.419-426
• /
• 2021

A high-performance elliptic curve cryptography processor (HP-ECCP) was designed to support five field sizes of 192, 224, 256, 384 and 521 bits over GF(p) defined in NIST FIPS 186-2, and it provides eight modes of arithmetic operations including ECPSM, ECPA, ECPD, MA, MS, MM, MI and MD. In order to make the HP-ECCP resistant to side-channel attacks, a modified left-to-right binary algorithm was used, in which point addition and point doubling operations are uniformly performed regardless of the Hamming weight of private key used for ECPSM. In addition, Karatsuba-Ofman multiplication algorithm (KOMA), Lazy reduction and Nikhilam division algorithms were adopted for designing high-performance modular multiplier that is the core arithmetic block for elliptic curve point operations. The HP-ECCP synthesized using a 180-nm CMOS cell library occupied 620,846 gate equivalents with a clock frequency of 67 MHz, and it was evaluated that an ECPSM with a field size of 256 bits can be computed 2,200 times per second.

• ETRI Journal
• /
• v.30 no.3
• /
• pp.365-376
• /
• 2008

This paper presents the design and implementation of a hyperelliptic curve cryptography (HECC) coprocessor over affine and projective coordinates, along with measurements of its performance, hardware complexity, and power consumption. We applied several design techniques, including parallelism, pipelining, and loop unrolling, in designing field arithmetic units, group operation units, and scalar multiplication units to improve the performance and power consumption. Our affine and projective coordinate-based HECC processors execute in 0.436 ms and 0.531 ms, respectively, based on the underlying field GF($2^{89}$). These results are about five times faster than those for previous hardware implementations and at least 13 times better in terms of area-time products. Further results suggest that neither case is superior to the other when considering the hardware complexity and performance. The characteristics of our proposed HECC coprocessor show that it is applicable to high-speed network applications as well as resource-constrained environments, such as PDAs, smart cards, and so on.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5625-5641
• /
• 2017

Certificateless public key cryptography resolves the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based cryptography. In recent years, some good results have been achieved in speeding up the computation of bilinear pairing. However, the computation cost of the pairing is much higher than that of the scalar multiplication over the elliptic curve group. Therefore, it is still significant to design cryptosystem without pairing operations. A multi-signer universal designated multi-verifier signature scheme allows a set of signers to cooperatively generate a public verifiable signature, the signature holder then can propose a new signature such that only the designated set of verifiers can verify it. Multi-signer universal designated multi-verifier signatures are suitable in many different practical applications such as electronic tenders, electronic voting and electronic auctions. In this paper, we propose a certificateless multi-signer universal designated multi-verifier signature scheme and prove the security in the random oracle model. Our scheme does not use pairing operation. To the best of our knowledge, our scheme is the first certificateless multi-signer universal designated multi-verifier signature scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.35-43
• /
• 2003

The randomization of scalar multiplication in ECC is one of the fundamental concepts in defense methods against side-channel attacks. This paper proposes a countermeasure against simple and differential power analysis attacks through randomizing the transformed m-ary method based on a random m-ary receding algorithm. The proposed method requires an additional computational load compared to the standard m-ary method, yet the power consumption is independent of the secret key. Accordingly, since computational tracks using random window width can resist against SPA and DPA, the proposed countermeasure can improve the security for smart cards.

• Journal of the Korean Mathematical Society
• /
• v.58 no.3
• /
• pp.571-595
• /
• 2021

In this paper we study the algebraic structure of ℤ_pℤ_p[u]/k>-cyclic codes, where u^k = 0 and p is a prime. A ℤ_pℤ_p[u]/k>-linear code of length (r + s) is an R_k-submodule of ℤ^r_p × R^s_k with respect to a suitable scalar multiplication, where R_k = ℤ_p[u]/k>. Such a code can also be viewed as an R_k-submodule of ℤ_p[x]/r - 1> × R_k[x]/s - 1>. A new Gray map has been defined on ℤ_p[u]/k>. We have considered two cases for studying the algebraic structure of ℤ_pℤ_p[u]/k>-cyclic codes, and determined the generator polynomials and minimal spanning sets of these codes in both the cases. In the first case, we have considered (r, p) = 1 and (s, p) ≠ 1, and in the second case we consider (r, p) = 1 and (s, p) = 1. We have established the MacWilliams identity for complete weight enumerators of ℤ_pℤ_p[u]/k>-linear codes. Examples have been given to construct ℤ_pℤ_p[u]/k>-cyclic codes, through which we get codes over ℤ_p using the Gray map. Some optimal p-ary codes have been obtained in this way. An example has also been given to illustrate the use of MacWilliams identity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.125-134
• /
• 2004

When cryptosystem designers implement devices that computing power or memory is limited such as smart cards, PDAs and so on, not only he/she has to be careful side channel attacks(SCA) but also the cryptographic algorithms within the device has to be efficient using small memory. For this purpose, countermeasures such as Moiler's method, Okeya-Takagi's one and overlapping window method, based on window method to prevent SCA were proposed. However, Moiler's method and Okeya-Talngi's one require additional cost to prevent other SCA such as DPA, Second-Order DPA, Address-DPA, and so on since they are immune to only SPA. Also, overlapping window method has a drawback that requires big memory. In this paper, we analyze existing countermeasures and propose an efficient and secure countermeasure that is immune to all existing SCA using advantages of each countermeasure. Moreover, the proposed countermeasure can enhance the efficiency using mixed coordinate systems.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.44 no.8
• /
• pp.30-37
• /
• 2007

An exponentiation in $GF(2^m)$ is a basic operation for several algorithms used in cryptography, digital signal processing, error-correction code and so on. Existing hardware implementations for the exponentiation operation organize by Right-to-Left method since a merit of parallel circuit. Our paper proposes a polynomial exponentiation structure with a trinomial that is organized by Left-to-Right method and that utilizes a weakly dual basis. The basic idea of our method is to decrease time delay using precomputation tables because one of two inputs in the Left-to-Right method is fixed. Since $T_{sqr}$ (squarer time delay) + $T_{mul}$(multiplier time delay) of ow method is smaller than $T_{mul}$ of existing methods, our method reduces time delays of existing Left-to-Right and Right-to-Left methods by each 17%, 10% for $x^m+x+1$ (irreducible polynomial), by each 21%, 9% $x^m+x^k+1(1, by each 15%, 1% for $x^m+x^{m/2}+1$.