FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

More documents

Recommendations

Info

v E k Input: v Y Ø moxµBÙ 3 ( _ c Output: 2.2. FINITE FIELD ARITHMETIC 11 Algorithm 4 Finite Field Inversion Ø rx~yÚm v whileØ ³ I do st ṕ´ Ø // right shift byØ bits spmo( st Ø r9xKy for¯ fromc toKs ṕ´ cS do qm _ œqBr;Pst=zq // perform Û3 square operations end for qpmonpn _ wr9xKyKst Ø rxKyX@gq ifs is odd then yœm‚npn npn _ #qkr;PstPKyg yœm Ø r9xKyœm npn _ wr9xKyKyX@ v else st Ø r9xKyœmoy end if st m Ø _ c Ø end while Ø rx~yÚmonpn _ #qkr9;=stPKst Ø r9xKyg returnst Ø rx~y st v 3CÝ Y Í‰Ï4Ð v Y cƒÜ v 3CÝ 3 Í‰Ï4Ð (2.7) Ü Inversion can therefore be simply computed by repeated FF-Square and FF-Mult operations like it is shown in Alg. 4. The algorithm in particular benefits from the fact in that squaring is much cheaper than multiplication. The total number multiplications¢K(b of required for one FF inversion is given by 6]ÞKßÏà 3 K( _ cSºá)?¬bK( _ cS _ c#\ ½K(b 2.2.8 Polynomial Reduction As mentioned above, the basic arithmetic operations take place in-hÁ5ÃÂ . In case of multiplication and squaring the resulting polynomial has to be reduced. According to Eqn. 2.5 the maximum degree of the multiplication result} 6 v | withv @ |¤E isk( _ . The subsequent polynomial reduction of} modulo is based on the equivalence Ü P Y Ì ±–ÇÉ®â ±~5 ± Í‰Ï4Ð \ (2.8) 5
Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì Ì 2.2. FINITE FIELD ARITHMETIC 12 Hardware implementations of the polynomial reduction can especially benefit from hard-coded prime polynomials with low Hamming weight such as trinomials or pentanomials. Such polynomials are typical for cryptographic and exist for all interesting EC parameter sets. Given a prime trinomial 6 5 )‡59ãä)Oc the reduction process can be performed efficiently by using the identities: Ü 5 ã )²c Í‰Ï4Ð 5 ª Y Ü 5 ãª Y ),5 Í7Ï4Ð 5 . This leads to 5 3 Ü 5 ãª ) binary XOR operations for one polynomial reduction. Reduction of pentanomials can be performed similar leading to some additional XOR operations. The particular terms (1...5) of the final equation are structured according to Fig. 2.3 in order to perform the reduction. With respect to the implementation a single( -bit register is sufficient to store the resulting bit string. åYºæ å3 æ å8 æ å$Aæ åèç æ ¢ £h¤ ¥ ¢ £¤ ¥ ¢ £¤ ¥ ¢ £h¤ ¥ ¢ £¤ ¥ ) = Y ã ) ã Y ) ã Y ) = Y ±ÈÇÉ® Ò ±K5 ± ±ÈÇÉ® Ò ±ª 5 ãª ± ±–ÇÉ® Ò 3 = ãª ±5 ãª ± ±ÈÇÉ® Ò 3 P ãª ±5 ± ±ÈÇÉ® Ò ª ±K5 ± n−1 0 (1) 2n−1 2n−b−1 n 2n−1 2n−b (2) (4) 2n−1 (5) 2n−b (3) Result Register (n bit) Figure 2.3: Structure of the polynomial reduction n
Page 1 and 2: Fachbereich Informatik Integrierte
Page 3 and 4: Contents List of Figures iv 1 Intro
Page 5 and 6: List of Figures c)! #"%$ d)& #"'$ 2
Page 7 and 8: 1.2. PREVIOUS WORK 2 of dividing a
Page 9 and 10: Chapter 2 Mathematical Background T
Page 11 and 12: Ymonpn _ #qkr9;=stPuiY[ v l _ wr9xK
Page 13 and 14: 2.2. FINITE FIELD ARITHMETIC 8 k P
Page 15: 2.2.4 Addition in-·‰¸º¹ » 2
Page 19 and 20: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 21 and 22: 6 v |!6 v 3 5 3 î 8 ¾ v Yg5 î 8
Page 23 and 24: 2.3. SEQUENTIAL MULTIPLICATION SCHE
Page 25 and 26: 3.2. REGISTER FILE 20 3.2 Register
Page 27 and 28: 3.4. FINITE FIELD ARITHMETIC 22 3.4
Page 29 and 30: Ì Ì Ì Ì Ì 3.4. FINITE FIELD AR
Page 31 and 32: 3.6. EVALUATION SOFTWARE 26 used fo
Page 33 and 34: 4.2. XILINX XCV405E 28 implementati
Page 35 and 36: Chapter 5 Conclusions and Outlook 5
Page 37 and 38: Bibliography [1] National Institute
Page 39 and 40: Ô Ô bY©®v @ | ò 6 6 Y©® v
Page 41: 3 m°e'Ỹ %jijY l Y Ym°5 l l $ƒm

FPGA based Hardware Accleration for Elliptic Curve Cryptography ...

Create successful ePaper yourself

Delete template?

Save as template?