Yi’er Jin,Haibin Shen,Huafeng Chen,Xiaolang Yan

DOI: https://doi.org/10.1007/s11767-006-0257-4

2008-01-01

Abstract:A new structure of bit-parallel Polynomial Basis (PB) multiplier is proposed, which is based on a fast modular reduction method. The method was recommended by the National Institute of Standards and Technology (NIST). It takes advantage of the characteristics of irreducible polynomial, i.e., the degree of the second item of irreducible polynomial is far less than the degree of the polynomial in the finite fields GF(2 m ). Deductions are made for a class of finite field in which trinomials are chosen as irreducible polynomials. Let the trinomial be x m + x h +1, where 1 ≤ k ≤ [m/1]. The proposed structure has shorter critical path than the best known one up to date, while the space requirement keeps the same. The structure is practical, especially in real time cryptographic applications.

Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Dongmei Xue,Xiaole Cui,Chung-Len Lee,Lifei Liu,Shijie Zhang

DOI: https://doi.org/10.1109/icsict.2014.7021566

2014-01-01

Abstract:Elliptic Curve Cryptography is a popular algorithm since it can achieve good security level with a small key size. However, the ECC hardware is suffering from some side channel attacks, such as Differential power-analysis (DPA), which can retrieve secret keys by analyzing power consumption of the attacked devices. In this paper, a countermeasure to secure the modular multiplication, an important operation of Elliptic Curve Cryptography, with randomization method is studied. The experiment results show that unprotected device reveal the secret key within 1000 power traces, while the protected one can defend DPA attack with 105 power traces, with only 8% additional area cost.

Ievgen Kabin,Zoya Dyka,Dan Kreiser,Peter Langendoerfer

DOI: https://doi.org/10.1007/978-3-319-89500-0_20

2022-01-07

Abstract:Side-channel analysis attacks, especially horizontal DPA and DEMA attacks, are significant threats for cryptographic designs. In this paper we investigate to which extend different multiplication formulae and randomization of the field multiplier increase the resistance of an ECC design against horizontal attacks. We implemented a randomized sequence of the calculation of partial products for the field multiplication in order to increase the security features of the field multiplier. Additionally, we use the partial polynomial multiplier itself as a kind of countermeasure against DPA attacks. We demonstrate that the implemented classical multiplication formula can increase the inherent resistance of the whole ECC design. We also investigate the impact of the combination of these two approaches. For the evaluation we synthesized all these designs for a 250 nm gate library technologies, and analysed the simulated power traces. All investigated protection means help to decrease the success rate of attacks significantly: the correctness of the revealed key was decreased from 99% to 69%.

Cryptography and Security

Kai Liao,Xiaoxin Cui,Nan Liao,Tian Wang,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/tie.2016.2610402

IF: 7.7

2016-01-01

IEEE Transactions on Industrial Electronics

Abstract:Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researches. In this paper, we propose a low-area-time-product ECC coprocessor for GF(2(m)) with the ability to resist most of the existing noninvasive SCAs. The basic countermeasures are relied on the underlying finite field arithmetics in randomized Montgomery domain, which can blind the intermediate value in the iterations of scalar multiplication to prevent the adversaries from cracking the private key by statistical methods. Meanwhile, we optimize the modular division and modular multiplication algorithms to fix the operating time to resist some certain timing attacks, and the Montgomery Ladder algorithm makes the coprocessor immune against simple SCAs. To efficiently implement our coprocessor, we present a hybrid operation sequence which merely needs one multiplication module and one division module to complete the entire operations. The synthesis results indicate that our design is superior to other related works in area-time product (ATP) and the extra overhead paid for the countermeasures is less than 5%.

L Qiang,T Dong,C Xu

DOI: https://doi.org/10.1109/ISCAS.2005.1464674

2005-01-01

Abstract:Global interconnect is a key potential bottleneck to the advancing performance of high-speed integrated circuits, especially for the large bit modular multiplier used in RSA systems. Architectural approaches to hardware implementation of RSA are presented. Specially, we extend the recently proposed distributed module cluster (DMC) micro-architecture to reduce the long latency calculating modular exponentiation. In the non-interleaving architecture, so-called NI-DMC, the bubble in the pipeline is eliminated by using longer processing cells and bringing forward certain critical signals. Experimental results show that the new approach significantly exceeds the DMC-based approach in performance, with a relatively small increase in area overhead.

Ievgen Kabin,Zoya Dyka,Dan Klann,Peter Langendoerfer

DOI: https://doi.org/10.48550/arXiv.2201.02866

2022-01-08

Cryptography and Security

Abstract:Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behavior of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA are the so called horizontal SCAs. Well known randomization based countermeasures are effective means against vertical DPA attacks but they are not effective against horizontal DPA attacks. In this paper we investigate how the formula used to implement the multiplication of $GF(2^n)$-elements influences the results of horizontal DPA attacks against a Montgomery kP implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly, but we also learned that its impact differs from technology to technology. Our analysis also reveals that the use of different multiplication formulae as the single countermeasure is not sufficient to protect cryptographic designs against horizontal DPA attacks.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Tao Wu,Shuguo Li,Litian Liu

DOI: https://doi.org/10.1109/iccsnt.2012.6525895

2012-01-01

Abstract:Due to complex hardware architecture and heavy computation, it is difficult to perform modular multiplications over large integers. In this paper, we propose a low-latency scalable modular multiplier for multi-precision modular multiplications. Unlike popular scalable architectures by Montgomery algorithm, the classic modular multiplication A · B mod M is directly implemented here. Low latency can be obtained by deferring the uses of most significant bits during the interleaving modular multiplications. Also, the critical path of processing elements is greatly reduced by carry-save additions. While the scalable modular multiplier obtains comparable performance with optimal scalable Montgomery modular multiplier, its area overhead increases since more registers and selection logics are employed. The proposed modular multiplier is convenient for variant operands and nonsuccessive modular multiplications, where it is more energy-efficient than popular scalable Montgomery modular multipliers.

Souhir Gabsi,Yassin Kortli,Vincent Beroulle,Yann Kieffer,Belgacem Hamdi

DOI: https://doi.org/10.1007/s11042-024-18368-9

IF: 2.577

2024-02-18

Multimedia Tools and Applications

Abstract:Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jingqi Zhang,Zhiming Chen,Xiang He,Kuanhao Liu,Yue Hao,Mingzhi Ma,Weijiang Wang,Hua Dang,Xiangnan Li

DOI: https://doi.org/10.3390/mi15040552

IF: 3.4

2024-04-22

Micromachines

Abstract:Physically unclonable functions (PUFs) are crucial for enhancing cybersecurity by providing unique, intrinsic identifiers for electronic devices, thus ensuring their authenticity and preventing unauthorized cloning. The SRAM-PUF, characterized by its simple structure and ease of implementation in various scenarios, has gained widespread usage. The soft-decision Reed–Muller (RM) code, an error correction code, is commonly employed in these designs. This paper introduces the design of an RM code soft-decision attack algorithm to reveal its potential security risks. To address this problem, we propose a soft-decision SRAM-PUF structure based on the elliptic curve digital signature algorithm (ECDSA). To improve the processing speed of the proposed secure SRAM-PUF, we propose a custom ECDSA scheme. Further, we also propose a universal architecture for the critical operations in ECDSA, elliptic curve scalar multiplication (ECSM), and elliptic curve double scalar multiplication (ECDSM) based on the differential addition chain (DAC). For ECSMs, iterations can be performed directly; for ECDSMs, a two-dimensional DAC is constructed through precomputation, followed by iterations. Moreover, due to the high similarity of ECSM and ECDSM data paths, this universal architecture saves hardware resources. Our design is implemented on a field-programmable gate array (FPGA) and an application-specific integrated circuit (ASIC) using a Xilinx Virtex-7 and an TSMC 40 nm process. Compared to existing research, our design exhibits a lower bit error rate (2.7×10−10) and better area–time performance (3902 slices, 6.615 μs ECDSM latency).

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Wei Li,Xiaoyang Zeng,Xiao Feng,Zibin Dai

DOI: https://doi.org/10.1109/uic-atc-scalcom-cbdcom-iop.2015.114

2015-01-01

Abstract:In this paper, a mixture of VLIW and vector architecture of ECC processor is proposed to perform either prime field GF(p) operations or binary field GF(2(m)) operations for arbitrary prime numbers and irreducible polynomials. Besides, an application specific instruction set for ECC is presented to support parallel processing with VLIW instruction structure features and vector register addressing modes. Moreover, a new randomized clock cycle's insertion technique in regular calculation is designed against SPA and DPA attacks with 3% area and 4% power overhead. After implemented in 65-nm CMOS process, our proposed 521-bit dual field elliptic curve cryptographic processor can perform scalar multiplication in 1.3 ms over GF(p(521)) and 0.94 ms over GF(2(521)). Our ECC processor chip is advantageous not only in terms of functionality, scalability, and performance but also in protection against power-analysis attacks.

Xiang He,Weijiang Wang,Jingqi Zhang,Zhantao Zhang,Jianlei Yang,Hua Dang,Guiyu Wang

DOI: https://doi.org/10.1109/access.2024.3390244

IF: 3.9

2024-04-27

IEEE Access

Abstract:In the 5G and beyond networks, low-latency digital signatures are essential to ensure the security, integrity, and non-repudiation of massive data in communication processes. The binary finite field-based elliptic curve digital signature algorithm (ECDSA) is particularly suitable for achieving low-latency digital signatures due to its carry-free characteristics. This paper proposes a low-latency and universal architecture for point multiplication (PM) and double point multiplication (DPM) based on the differential addition chain (DAC) designed for signing and verification in ECDSA. By employing the DAC, the area-time product of DPM can be decreased, and throughput efficiency can be increased. Besides, the execution pattern of the proposed architecture is uniform to resist simple power analysis and high-order power analysis. Based on the data dependency, two Karatsuba–Ofman multipliers and four non-pipeline squarers are utilized in the architecture to achieve a compact timing schedule without idle cycles for multipliers during the computation process. Consequently, the calculation latency of DPM is minimized to five clock cycles in each loop. The proposed architecture is implemented on Xilinx Virtex-7, performing DPM in 3.584, 5.656, and with 8135, 13372, and 17898 slices over GF(2163), GF(2233), GF(2283), respectively. In the existing designs that are resistant to high-order analysis, our architecture demonstrates throughput efficiency improvements of 36.7% over GF(2233) and 9.8% over GF(2283), respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qiang Liu,Xu Cheng

DOI: https://doi.org/10.1109/mwscas.2005.1594351

2005-01-01

Abstract:Our recently proposed distributed module cluster (DMC) micro-architecture, which is used for long-bit modular multipliers of RSA cryptosystems, is based on a systolic array in which the processing cells are all one-bit long. In the design space exploration of this DMC architecture with TSMC deep sub-micron CMOS standard-cell technology, various widths of processing cells are implemented in the systolic array. The result analysis shows that when the fully serial systolic architecture is used, in which one cell processes one bit, the DMC architecture achieves the highest frequency hence the best performance. If the time and area overhead is represented as time-area product, it is one of the most cost-efficient designs as well

Hongfei Ke,Hao Li,Peiyong Zhang

DOI: https://doi.org/10.1016/j.mejo.2023.106085

IF: 1.992

2023-01-01

Microelectronics Journal

Abstract:Modular multiplication plays a crucial role in modern cryptography. Montgomery modular multiplication(MMM), one of the most classic and practical modular multiplication algorithms, has been widely used in cryptographic algorithms such as RSA, Diffie–Hellman algorithm, and Elliptic Curve Cryptography. In this paper, we incorporate negative wrapped convolution (NWC) into the FFT-based Montgomery modular multiplication to avoid the issue of zero-padding and use carry-save arithmetics for parallel computation. By utilizing coefficient pairs (pos_part and neg_part), we reconstruct the final result and eliminate the restrictions imposed by nega-cyclic parts. Moreover, Karatsuba-like algorithm is introduced for building fine-grained large integer multipliers. We have modified the parameter specifications for our design to meet requirements from diverse application scenarios. We implement the design on Xilinx Virtex-7 FPGA under different conditions and compare the results with the state-of-the-art MMM designs. The comparisons confirm that our design has the following characteristics: low latency for process, competitive area-latency-product(ALP), efficient DSP usage, and constant delay, which enhances security against timing attacks.

HAN Jun,ZENG Xiao-yang,LU Rong-hua,ZHAO Jia,TANG Ting-ao

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.04.038

2007-01-01

Abstract:An attack-resisted RSA coprocessor integrating multiplication and inverse is presented in this paper. The exponent recoding and dual-bit scanning techniques can speed up computing are added into exponentiation algorithm. The data masking and randomly recoding methods are also adopted to resist DPA attack. The digit-serial architecture is used in Montgomery multiplication and inverse, so the scalable Montgomery multiplication algorithm corresponding to small data path is presented by us. In VLSI design, the hardware reuse technique is employed to save area costs. The verification of design's functions is fulfilled by FPGA based platform. The design is also synthesized with TSMC 0.25 technology and it costs 26K gates at 170MHZ. So the merits of our design are multiple functions, scalable, attack-resisted and low cost.

Yuxuan Zhang,Hua Guo,Chen Chen,Yewei Guan,Xiyong Zhang,Zhenyu Guan

2024-07-18

Abstract:Montgomery modular multiplication is widely-used in public key cryptosystems (PKC) and affects the efficiency of upper systems directly. However, modulus is getting larger due to the increasing demand of security, which results in a heavy computing cost. High-performance implementation of Montgomery modular multiplication is urgently required to ensure the highly-efficient operations in PKC. However, existing high-speed implementations still need a large amount redundant computing to simplify the intermediate result. Supports to the redundant representation is extremely limited on Montgomery modular multiplication. In this paper, we propose an efficient parallel variant of iterative Montgomery modular multiplication, called DRMMM, that allows the quotient can be computed in multiple iterations. In this variant, terms in intermediate result and the quotient in each iteration are computed in different radix such that computation of the quotient can be pipelined. Based on proposed variant, we also design high-performance hardware implementation architecture for faster operation. In the architecture, intermediate result in every iteration is denoted as three parts to free from redundant computations. Finally, to support FPGA-based systems, we design operators based on FPGA underlying architecture for better area-time performance. The result of implementation and experiment shows that our method reduces the output latency by 38.3\% than the fastest design on FPGA.

Cryptography and Security

R. Coliban

DOI: https://doi.org/10.1109/IDAACS53288.2021.9660847

2021-09-22

Abstract:Modular multiplication is the fundamental operation in Elliptic Curve Cryptography (ECC) and a multitude of hardware implementations have been developed so far. In this paper, a series of modifications to a high performance radix-2 interleaved modular multiplication architecture are proposed. The design was implemented on a Virtex-7 FPGA for five prime fields recommended for ECC by the National Institute of Standards and Technology (NIST), showing a significant improvement in area-time efficiency in comparison to the original architecture.

Engineering,Computer Science

Qiqi Tao,Liying Li,Junlong Zhou,Guitao Cao,Dan Meng

DOI: https://doi.org/10.1016/j.sysarc.2024.103142

IF: 5.836

2024-05-01

Journal of Systems Architecture

Abstract:Homomorphic encryption is an important technology for protecting data privacy, and the performance of modular multiplication directly affects the efficiency of homomorphic encryption. Currently, there are numerous FPGA-based acceleration techniques targeting modular multiplication. However, many of these implementations require substantial hardware resources or suffer from resource imbalance. This leads to a lower throughput. Therefore, we present a novel FPGA-based implementation of Montgomery Modular Multiplication aimed at addressing these challenges. Our design employs a suitable radix bit width and word size based on the digital signal processing (DSP) bit width rather than the conventional binary powers of two. We aim to instantiate more modular multipliers using limited resources while minimizing latency. We also introduce a novel DSP cascade structure, called parallel grouping cascade DSP, which reduces the number of clock cycles of internal multipliers. To balance the ratio of lookup table (LUT) and DSP usage, we also use multipliers implemented in the LUT to replace some DSPs. Our results, implemented on Xilinx Virtex-7 field-programmable gate array (FPGA), demonstrate more than 27% improvement in throughput on 1024-bit modular multiplication and more than 70% improvement on 2048-bit compared to the best previous state-of-the-art references.

computer science, software engineering, hardware & architecture

JianWei Liu,DongXu Cheng,ZhenYu Guan,Ziyu Wang

DOI: https://doi.org/10.1109/iisr.2018.8535680

2018-01-01

Abstract:With the rapid development of cloud computing, e-commerce, authentication among multi-robot systems, the highspeed implementation of Elliptic Curve Cryptography (ECC) is in widespread use. The performance of ECC is decided by the design of scalar point multiplier, which is one of the most time-consuming component. This paper presents a full set of methods to achieve an ultra high-speed scalar point multiplier, its Scalar Point Multiplication (SPM) is optimized comprehensively in terms of speed-first design approach by concurrently implementing the Point-add (PA) and Point-double (PD) algorithms, improving large integer modular inversion algorithm and large integer modular multiplication algorithm. Finally, Montgomery domain operation and Non-Adjacent Form (NAF) encoding theory are applied to enhance the speed of scalar point multiplier. In the VLSI design, a high-speed $\pmb{256\times 256}$ -bit scalar point multiplier is achieved based on SMIC's 65nm process. It can complete single calculation of SPM within 12.5us on average, in other word, 80,000 times of SPM can be computed in one second. Compared to the scalar point multiplier realized by other publications based on VLSI, the reports for circuits synthesis show that our multiplier is optimal in terms of $AT^{2}$ and ultrafast in terms of speed.