Dan Zhang,Guoqiang Bai

DOI: https://doi.org/10.1007/978-3-319-29814-6_17

2015-01-01

Abstract:To ensure secure information exchange, demand for hardware implementation of elliptic curve cryptography (ECC) is increasing rapidly in recent years. In this paper, we propose an ASIC design for ECC over SCA-256 prime field, delivering both high performance and great SPA resistance. For algorithm selection, we integrate calculation simplification into the classic algorithm, Montgomery Powering Ladder (MPL). Based on the deduction of Fast NIST Reduction, we innovatively achieve the configurable modular multiplication module and then the isochronous point addition and double units. Pipeline architecture, execution order optimization and modular design are all applied to improved performance. Evaluated by CMOS standard cell library of 0.13 (upmu )m, this ECC processor costs only 208 (upmu )s and 6.8 (upmu )J for one scalar multiplication and runs at high frequency of 228 MHz with area of 156 k gates. Compared to related works, it is much more advantageous in not only area-time product but also SPA resistant protection.

Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Zhenwei Zhao,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2014.27

2014-01-01

Abstract:In this paper, we present a high-performance elliptic curve cryptographic architecture over SCA-256 prime field by introducing a one-cycle full-precision multiplier. Based on the multiplier, we give a thorough bottom-up optimization in algorithm level. The performance of the architecture is boosted by the use of a two-stage pipeline scheme, and our pipeline utilization reaches 100%. It takes only 8 cycles to perform point doubling and 12 cycles to perform point addition. Using NAF recoding of scalar k, it takes about 3333 cycles to complete the point multiplication operation. In the hardware evaluation using a 0.13 mum CMOS standard cell library, our high-performance SM2 architecture executes one point multiplication operation in 20.36 mus, which translates into more than 49000 point multiplications per second. To the best of our knowledge, our architecture offers the highest single-core performance over prime fields reported in literature up to now.

Zoya Dyka,Dan Kreiser,Ievgen Kabin,Peter Langendoerfer

DOI: https://doi.org/10.1109/RECONFIG.2018.8641730

2022-01-06

Abstract:In this paper we describe our flexible ECDSA design for elliptic curve over binary extended fields GF(2l). We investigated its resistance against Horizontal Collision Correlation Attacks (HCCA). Due to the fact that our design is based on the Montgomery kP algorithm using Lopez-Dahab projective coordinates the scalar k cannot be successful revealed using HCCA, but this kind of attacks can be helpful to divide the measured traces into parts that correspond to processing of a single bit of the scalar k. The most important contribution of this paper is that our flexible field multiplier is resistant against horizontal attacks. This inherent resistance makes it a valuable building block for designing unified field multipliers.

Cryptography and Security

Kai Liao,Xiaoxin Cui,Nan Liao,Tian Wang,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/tie.2016.2610402

IF: 7.7

2016-01-01

IEEE Transactions on Industrial Electronics

Abstract:Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researches. In this paper, we propose a low-area-time-product ECC coprocessor for GF(2(m)) with the ability to resist most of the existing noninvasive SCAs. The basic countermeasures are relied on the underlying finite field arithmetics in randomized Montgomery domain, which can blind the intermediate value in the iterations of scalar multiplication to prevent the adversaries from cracking the private key by statistical methods. Meanwhile, we optimize the modular division and modular multiplication algorithms to fix the operating time to resist some certain timing attacks, and the Montgomery Ladder algorithm makes the coprocessor immune against simple SCAs. To efficiently implement our coprocessor, we present a hybrid operation sequence which merely needs one multiplication module and one division module to complete the entire operations. The synthesis results indicate that our design is superior to other related works in area-time product (ATP) and the extra overhead paid for the countermeasures is less than 5%.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Wei Li,Xiaoyang Zeng,Xiao Feng,Zibin Dai

DOI: https://doi.org/10.1109/uic-atc-scalcom-cbdcom-iop.2015.114

2015-01-01

Abstract:In this paper, a mixture of VLIW and vector architecture of ECC processor is proposed to perform either prime field GF(p) operations or binary field GF(2(m)) operations for arbitrary prime numbers and irreducible polynomials. Besides, an application specific instruction set for ECC is presented to support parallel processing with VLIW instruction structure features and vector register addressing modes. Moreover, a new randomized clock cycle's insertion technique in regular calculation is designed against SPA and DPA attacks with 3% area and 4% power overhead. After implemented in 65-nm CMOS process, our proposed 521-bit dual field elliptic curve cryptographic processor can perform scalar multiplication in 1.3 ms over GF(p(521)) and 0.94 ms over GF(2(521)). Our ECC processor chip is advantageous not only in terms of functionality, scalability, and performance but also in protection against power-analysis attacks.

Xiaowei Han,Beibei Wang,Liji Wu,An Wang

DOI: https://doi.org/10.1587/elex.12.20150470

2015-01-01

IEICE Electronics Express

Abstract:This paper presents a design of an elliptic curve coprocessor over GF(p) with side-channel analysis countermeasures and fast implementation schemes, which can be used for all elliptic curve cryptographic algorithms, such as ECC and SM2. The proposed coprocessor can resist side channel analysis and is implemented basing on the C*Core-C0 platform. Using SMIC 0.13-mu m CMOS technology, synthesis results show that our coprocessor can perform one 256-bit elliptic curve scalar multiplication over the prime field in 8.35 ms at 50 MHz with only 1.98 mW and 17.7K gates. The proposed coprocessor outperforms other coprocessors in terms of the overall performance of area, power, speed and security, which is quite suitable for smart IC card.

Dan Zhang,Guoqiang Bai

DOI: https://doi.org/10.1109/iccsn.2016.7586618

2016-01-01

Abstract:This brief presents an FPGA-based ultra-high performance ECC implementation over SM2 prime field which can resist SPA. This processor is designed with bottom-up optimization focused on SM2 and make the best of advantages of modern FPGA. To counteract SPA more efficiently and reduce time cost, traditional MPL algorithm is modified to be the main algorithm which can execute point addition (PA) and point double (PD) in parallel. Then PA and PD are designed to be full-isochronous modules invoked by main algorithm to maximize the efficiency. Finite field operations adopt DSP blocks to increase frequency. Spliced multipliers are matched with same-frequency adders in the introduced pipeline structure, which improve hardware utilization to more than 95 percent. Run on Altera StratixII EP2S30F672 FPGA, this SM2 processor whose frequency reaches 62.3 MHz can be performed at a rate of about 1.3k point multiplications per second, and it only costs 8 DSPs and 4742 ALMs. Compared with other related works, our architecture offers not only ultra-high performance but also deep research about the FPGA-based implementation of SM2.

Souhir Gabsi,Yassin Kortli,Vincent Beroulle,Yann Kieffer,Belgacem Hamdi

DOI: https://doi.org/10.1007/s11042-024-18368-9

IF: 2.577

2024-02-18

Multimedia Tools and Applications

Abstract:Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Yingchao Cui,Qing Liu,Yingbiao Yao,Xiaorong Xu,Wei Wu,Xin Xu

DOI: https://doi.org/10.1016/j.micpro.2023.104944

IF: 3.503

2023-10-18

Microprocessors and Microsystems

Abstract:For the elliptic curve cryptography (ECC) over prime field, this paper presents an area-efficient and low-latency elliptic curve scalar multiplication (ECSM) accelerator, which supports to process any prime number p ≤ 256 bits. The proposed accelerator is based on a parallel hardware implementation of iterative digit-digit Montgomery multiplication and an optimized data flow architecture for elliptic curve point operations. The proposed design is implemented in Xilinx Virtex-7 FPGA. The experimental results show that the proposed architecture occupies 23.7k look-up tables (LUTs) and performs single 256-bit scalar multiplication in 0.56 ms. The area-time product of the proposed architecture is only 13.36. Compared with other state-of-the-art ECSM implementations, the proposed architecture has obvious advantage in terms of the area-time product.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiaowei Han,Beibei Wang,An Wang,Liji Wu,Woogeun Rhee

DOI: https://doi.org/10.1109/CIS.2014.116

2014-01-01

Abstract:SM2 is a public-key cryptography algorithm which is based on elliptic curves. Since the side channel leakage of devices can be used to deduce the information of secret keys, algorithms to implement SM2 need to be improved. In this paper, we propose an initialized masking scalar multiplication algorithm (IMSM), a modified atomic point doubling and point addition algorithm (MADA), and a transformed formula countermeasure (TFCS). Analysis shows they can resist Simple Power Analysis (SPA), Differential Power Analysis and Template Attacks. IMSM and MADA have been verified to resist SPA on FPGA board successfully. Compared to Binary Expansion with RIP algorithm, 28.6% calculations can be saved when the scalar is divided into four parts, which is rather fast.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Junjie Jiang,Jing Chen,Jian Wang,Duncan S. Wong,Xiaotie Deng

2008-01-01

Abstract:We propose a new architecture for performing Elliptic Curve Scalar Multiplication (ECSM) on elliptic curves over GF (2). This architecture maximizes the parallelism that the proj ective version of the Montgomery ECSM algorithm can achieve. It completes one ECSM operation in about 2(m−1)(dm/De+4)+m cycles, and is at least three times the speed of the best known result currently available. When imp le ented on a Virtex-4 FPGA, it completes one ECSM operation overGF (2) in 12.5μs with the maximum achievable frequency of 222MHz. Two other i mplementation variants for less resource consumption are also proposed. O ur first variant reduces the resource consumption by almost 50% while still maintaining the utilization efficiency, whi ch is measured by a performance to resource consumption ratio. Our second variant achieves the best utilization effi ci ncy and in our actual implementation on an elliptic curve group overGF (2), it gives more than 30% reduction on resource consumption wh ile maintaining almost the same speed of computation as that of our original design. For achi eving this high performance, we also propose a modified finite field inversion algorithm which takes only m cycles to invert an element over GF (2), rather than2m cycles as the traditional Extended Euclid algorithm does, and this new design yields much better utilization of the cycle time.

JianWei Liu,DongXu Cheng,ZhenYu Guan,Ziyu Wang

DOI: https://doi.org/10.1109/iisr.2018.8535680

2018-01-01

Abstract:With the rapid development of cloud computing, e-commerce, authentication among multi-robot systems, the highspeed implementation of Elliptic Curve Cryptography (ECC) is in widespread use. The performance of ECC is decided by the design of scalar point multiplier, which is one of the most time-consuming component. This paper presents a full set of methods to achieve an ultra high-speed scalar point multiplier, its Scalar Point Multiplication (SPM) is optimized comprehensively in terms of speed-first design approach by concurrently implementing the Point-add (PA) and Point-double (PD) algorithms, improving large integer modular inversion algorithm and large integer modular multiplication algorithm. Finally, Montgomery domain operation and Non-Adjacent Form (NAF) encoding theory are applied to enhance the speed of scalar point multiplier. In the VLSI design, a high-speed $\pmb{256\times 256}$ -bit scalar point multiplier is achieved based on SMIC's 65nm process. It can complete single calculation of SPM within 12.5us on average, in other word, 80,000 times of SPM can be computed in one second. Compared to the scalar point multiplier realized by other publications based on VLSI, the reports for circuits synthesis show that our multiplier is optimal in terms of $AT^{2}$ and ultrafast in terms of speed.

ZHAO Yan-guang,BAI Guo-qiang,CHEN Hong-yi

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.12.023

2006-01-01

Abstract:This paper describes a differential power analysis(DPA)against an implementation of elliptic curve cryptosystem(ECC)on an ASIC chip.In the chip,the method used for scalar multiplication of ECC is Montgomery Ladder which is a basic algorithm used to resist DPA.We perform a detailed MESD differential power analysis attack the ECC chip,the result shows that Montgomery Ladder is vulnerable to MESD.So,K.Itoh is wrong and the ECC chip with Montgomery Ladder is not secure enough,some other countermeasures must be adopted to enhance the ECC chip.

Xiang Feng,Shuguo Li

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.245

2017-01-01

Abstract:In this paper, we propose a novel high-speed and SPA-resistant architecture for elliptic curve cryptography (ECC) point multiplication. A new Karatsuba-Ofman based pipelined multiplier is proposed to lower the latency, and an improved comb point multiplication method is employed to reduce the clock cycles and to resist simple power analysis (SPA). The proposed ECC architecture has been implemented on Altera's Stratix II FPGA platform. Implementation results show that our processor can perform 256-bit ECC point multiplication in 0.16 ms at the cost of 14.2k ALMS. Compared with the previous implementations, our implementation achieves a speed up factor of no less than 4 times without compromising the SPA-resistance.

Xiaowei Han,Liji Wu,Beibei Wang,An Wang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150052

2016-01-01

Abstract:SM2 algorithms are commercial elliptic curve public‐key algorithms ,which are released by Chinese Cryptography Administration and similar to ECC . Traditional cryptographic algorithms always have security flaws .Attackers often attack on security weaknesses of algorithms and analyze the secret‐key ,which poses great threat to cryptographic systems and peoples’ property .There are various kinds of attacks ,such as power attack ,fault attack and electromagnetic attack .Among these attacks ,power attack is the most traditional one ,which has many advantages such as small secret‐key searching space and high analysis efficiency .Usually ,power attack utilizes the power leakage during operation processes of cryptographic algorithms ,acquires power waves and retrieves the secret key .In order to resist power attack and enhance the security of SM 2 algorithms , this article learns from elliptic curve cryptography algorithms ,applies the atomic concept into SM2 and proposes a novel atomic algorithm . According to theoretical comparison between the proposed algorithm and other former algorithms ,it show s that the proposed algorithm saves 27 .4% of computation in comparison to double‐and‐add always algorithm . Besides , it has less computation amount than other atomic algorithms .Furthermore ,implementation has been fulfilled on SAKURA‐G FPGA board .Simulation results demonstrate that the proposed algorithm can resist simple power attack successfully .

Zhanzhan Chen,Liji Wu,Zhenhui Zhang,Dehang Xiao,Xiangmin Zhang,Yan Liu

DOI: https://doi.org/10.1109/asid56930.2022.9995777

2022-01-01

Abstract:SM2 algorithm is widely used in financial IC cards. It has the advantages of fast operation speed and short signature, but it may also contain security vulnerabilities. Attackers can crack the secret key via Simple Power Analysis (SPA), which is the inexpensive and extremely effective method, causing a great threat to the security of SM2 algorithm. In order to improve the safety of SM2 algorithm, this paper introduces atomic algorithm to implement point addition and point doubling operation, and proposes precomputed Non Adjacent Form (NAF) random window algorithm to achieve scalar multiplication. Based on experimental analysis with SAKURA-G FPGA board, the improved SM2 algorithm can resist successfully SPA. Compared with the original algorithm, the time of computation is reduced by 67.5%, and the number of slice registers has increased by less than 5%. The security and speed of SM2 algorithm has been significantly improved.

Lihui Wang,Qing Li,Zhimin Zhang,Weijun Shan,David Wei Zhang

DOI: https://doi.org/10.2991/iset-15.2015.29

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices. However, simple power analysis (SPA) attacks may retrieve secret keys by exploiting the power consumption of ECC devices. To resist the SPA attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a refined simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the power consumption of different jump instructions if the implementation of ECC's countermeasure is not carefully designed. The experiments also demonstrate that the proposed countermeasure in this paper can resist this kind of SPA attack