FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

More documents

Recommendations

Info

Ymonpn _ #qkr9;=stPKe'Y[ l l monpn _ #qkr9;=stPuiY[ 3 3 monpn _ #qkr9;=stPl 3 l l monpn _ 2rxKyhl 3 @A> Y 3 monpn _ #qkr9;=stPzf Y l l monpn _ vƒ{={ l 3 @ l Y l Ymonpn _ 2rxKyhz;9@Xi 3 l Ymonpn _ vƒ{={ l YS@ l 3 8 l Ymonpn _ 2rxKyhl YZ@Ce 8 2.1. ELLIPTIC CURVE ARITHMETIC 7 Algorithm 2 EC-Double Input: 6 KeNYS@gfDYh@XijY[ E -k Output:Q)< 6 ¦ E ¦. 8 monpn _ 2rx~yl YZ@ l 3 e i m‚npn _ œqBr;Pst=l YX 8 e 8 m‚npn _ v-{P{ Ke 8 @ l Y f 8 monpn _ 2rxKyhl Y @Xi 8 8 monpn _ vƒ{={ zf 8 @ l Y[ returnKe f @gf 8 @Xi 8 8 cations, 8 additions and 4 square operations. The computation of (4 EC-Double ) requires multiplications, 4 additions and 5 squares. All these operations have to be done in the underlying finite field. 2.1.3 EC point multiplication (žbŸ¡ ) Since the points on an elliptic curve/ form an additive group, there is no inner group operation like the multiplication. Even so repeated point additions such as §Z 6 U 6 Ë / and E'©ª , are usually considered as the operation called EC point multiplication. Based on this operation, a discrete logarithm problem for elliptic curves can be formulated. A problem, that is considered to be a secure cryptographic function. A secure cryptographic function in this terms with@gU means, the ofU calculation of and out can be performed quite efficient while it is hardly possible compute to only andU if known. are is called the discrete ofU logarithm to base the . The level of security, ECC provides directly follows from the bitwidth the numbers in the underlying finite field. Currently bitwidths ranging from 113 bit (for low security applications) up to about 409 bit (for very high security applications) are utilized. The hierarchy of arithmetics for an EC point multiplication is depicted in Fig. 2.2. The level top algorithm is performed by repeated EC-Add and EC-Double operations. The EC operations in turn are composed of basic operations in the underlying field. The proposed finite field arithmetic is capable to compute the FF-Add and FF-Square operations within one clock cycle. The operation FF-Mult is more costly. The number of clock cycles for its computation depends on the number of segments used in the FF multiplier (see Sec. 2.3.3 for details). ¦ times ¢ £h¤ ¥ d),d)o\\\)
2.2. FINITE FIELD ARITHMETIC 8 k P EC-Double EC-Add FF-Mult FF-Add FF-Square Figure 2.2: EC arithmetic hierarchy By exploiting the previously detailed projective coordinates during the computation of a operation all but one field inversion can be circumvented. This inversion, that takes place at the end of a operation, converts the result that is given in projective coordinates back to the affine representation. Compared to the number of cycles a complete operation takes, the time for this single inversion is negligible. Therefore it can be computed using a simple algorithm based on the existing field operations FF-Square, FF-Mult and FF-Add (see Sec. 2.2.6). Depending on different constraints one can chose from a lot of different algorithms on all level of arithmetic. For the operations, this work applies the Double-And-Add algorithm given in Alg. 3. The algorithm simply scans bit-by-bit. If the current bit is set ( 6 c ), the intermediate result is doubled and the base point is added one time. If the bit is not set ( 6«I ), only the EC-Double operation is performed. Using precomputated values would allow to scan multiple bits at one time and by that would lead to an improved performance. Due to space limitations the additional registers that would be needed to store these precomputated values were the main reason not to implement such an algorithm. Using Alg. 3 each multiplication requires( EC-Double and¬ EC-Add operations. As EC-Double is cheaper in terms of FF multiplication as EC-Add, the performance of the algorithm benefits from a key with low Hamming weight¬ . 2.2 Finite Field Arithmetic The finite field- is the underlying field on which elliptic curves are based throughout this work. It can be viewed as a vector space of dimension( over the field . In hardware field elements can be easily implemented as a bit vector, which makes this kind of finite fields especially interesting for hardware implementations. As already mentioned, the representation treated in this paper is a polynomial basis only.
Page 1 and 2: Fachbereich Informatik Integrierte
Page 3 and 4: Contents List of Figures iv 1 Intro
Page 5 and 6: List of Figures c)! #"%$ d)& #"'$ 2
Page 7 and 8: 1.2. PREVIOUS WORK 2 of dividing a
Page 9 and 10: Chapter 2 Mathematical Background T
Page 11: Ymonpn _ #qkr9;=stPuiY[ v l _ wr9xK
Page 15 and 16: 2.2.4 Addition in-·‰¸º¹ » 2
Page 17 and 18: Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì
Page 19 and 20: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 21 and 22: 6 v |!6 v 3 5 3 î 8 ¾ v Yg5 î 8
Page 23 and 24: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 25 and 26: 3.2. REGISTER FILE 20 3.2 Register
Page 27 and 28: 3.4. FINITE FIELD ARITHMETIC 22 3.4
Page 29 and 30: Ì Ì Ì Ì Ì 3.4. FINITE FIELD AR
Page 31 and 32: 3.6. EVALUATION SOFTWARE 26 used fo
Page 33 and 34: 4.2. XILINX XCV405E 28 implementati
Page 35 and 36: Chapter 5 Conclusions and Outlook 5
Page 37 and 38: Bibliography [1] National Institute
Page 39 and 40: Ô Ô bY©®v @ | ò 6 6 Y©® v
Page 41: 3 m°e'Ỹ %jijY l Y Ym°5 l l $ƒm

FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?