dan zhang,guoqiang bai

DOI: https://doi.org/10.1109/edssc.2015.7285166

2015-01-01

Abstract:In this paper, we propose a high-performance implementation of elliptic curve cryptography over SCA-256 prime field by introducing an all-new isochronous architecture, which can also resist power-analysis attack. By modifying Montgomery ladder-based scalar multiplication, point addition (PA) and point double (PD) can operate synchronously, resisting simple power analysis (SPA) and double attack with minimum time-cost. Then PA and PD are designed to be strictly isochronous units by matching our configurable modular multiplication unit of pipelined stage. Both algorithm and hardware schedule are optimized from bottom to up, random cycles are also inserted to resist differential power analysis (DPA). In the hardware evaluation using CMOS standard cell library of 0.13 mu m, our ECC processor achieves 211 mu s and 8.5 mu J for one scalar multiplication with 208k gate counts. Compared to other related designs, our architecture offers not only 2 similar to 6 times better area-time product but also great power analysis resistance.

Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Zhenwei Zhao,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2014.27

2014-01-01

Abstract:In this paper, we present a high-performance elliptic curve cryptographic architecture over SCA-256 prime field by introducing a one-cycle full-precision multiplier. Based on the multiplier, we give a thorough bottom-up optimization in algorithm level. The performance of the architecture is boosted by the use of a two-stage pipeline scheme, and our pipeline utilization reaches 100%. It takes only 8 cycles to perform point doubling and 12 cycles to perform point addition. Using NAF recoding of scalar k, it takes about 3333 cycles to complete the point multiplication operation. In the hardware evaluation using a 0.13 mum CMOS standard cell library, our high-performance SM2 architecture executes one point multiplication operation in 20.36 mus, which translates into more than 49000 point multiplications per second. To the best of our knowledge, our architecture offers the highest single-core performance over prime fields reported in literature up to now.

Dan Zhang,Guoqiang Bai

DOI: https://doi.org/10.1109/iccsn.2016.7586618

2016-01-01

Abstract:This brief presents an FPGA-based ultra-high performance ECC implementation over SM2 prime field which can resist SPA. This processor is designed with bottom-up optimization focused on SM2 and make the best of advantages of modern FPGA. To counteract SPA more efficiently and reduce time cost, traditional MPL algorithm is modified to be the main algorithm which can execute point addition (PA) and point double (PD) in parallel. Then PA and PD are designed to be full-isochronous modules invoked by main algorithm to maximize the efficiency. Finite field operations adopt DSP blocks to increase frequency. Spliced multipliers are matched with same-frequency adders in the introduced pipeline structure, which improve hardware utilization to more than 95 percent. Run on Altera StratixII EP2S30F672 FPGA, this SM2 processor whose frequency reaches 62.3 MHz can be performed at a rate of about 1.3k point multiplications per second, and it only costs 8 DSPs and 4742 ALMs. Compared with other related works, our architecture offers not only ultra-high performance but also deep research about the FPGA-based implementation of SM2.

Kai Liao,Xiaoxin Cui,Nan Liao,Tian Wang,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/tie.2016.2610402

IF: 7.7

2016-01-01

IEEE Transactions on Industrial Electronics

Abstract:Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researches. In this paper, we propose a low-area-time-product ECC coprocessor for GF(2(m)) with the ability to resist most of the existing noninvasive SCAs. The basic countermeasures are relied on the underlying finite field arithmetics in randomized Montgomery domain, which can blind the intermediate value in the iterations of scalar multiplication to prevent the adversaries from cracking the private key by statistical methods. Meanwhile, we optimize the modular division and modular multiplication algorithms to fix the operating time to resist some certain timing attacks, and the Montgomery Ladder algorithm makes the coprocessor immune against simple SCAs. To efficiently implement our coprocessor, we present a hybrid operation sequence which merely needs one multiplication module and one division module to complete the entire operations. The synthesis results indicate that our design is superior to other related works in area-time product (ATP) and the extra overhead paid for the countermeasures is less than 5%.

JianWei Liu,DongXu Cheng,ZhenYu Guan,Ziyu Wang

DOI: https://doi.org/10.1109/iisr.2018.8535680

2018-01-01

Abstract:With the rapid development of cloud computing, e-commerce, authentication among multi-robot systems, the highspeed implementation of Elliptic Curve Cryptography (ECC) is in widespread use. The performance of ECC is decided by the design of scalar point multiplier, which is one of the most time-consuming component. This paper presents a full set of methods to achieve an ultra high-speed scalar point multiplier, its Scalar Point Multiplication (SPM) is optimized comprehensively in terms of speed-first design approach by concurrently implementing the Point-add (PA) and Point-double (PD) algorithms, improving large integer modular inversion algorithm and large integer modular multiplication algorithm. Finally, Montgomery domain operation and Non-Adjacent Form (NAF) encoding theory are applied to enhance the speed of scalar point multiplier. In the VLSI design, a high-speed $\pmb{256\times 256}$ -bit scalar point multiplier is achieved based on SMIC's 65nm process. It can complete single calculation of SPM within 12.5us on average, in other word, 80,000 times of SPM can be computed in one second. Compared to the scalar point multiplier realized by other publications based on VLSI, the reports for circuits synthesis show that our multiplier is optimal in terms of $AT^{2}$ and ultrafast in terms of speed.

Yingchao Cui,Qing Liu,Yingbiao Yao,Xiaorong Xu,Wei Wu,Xin Xu

DOI: https://doi.org/10.1016/j.micpro.2023.104944

IF: 3.503

2023-10-18

Microprocessors and Microsystems

Abstract:For the elliptic curve cryptography (ECC) over prime field, this paper presents an area-efficient and low-latency elliptic curve scalar multiplication (ECSM) accelerator, which supports to process any prime number p ≤ 256 bits. The proposed accelerator is based on a parallel hardware implementation of iterative digit-digit Montgomery multiplication and an optimized data flow architecture for elliptic curve point operations. The proposed design is implemented in Xilinx Virtex-7 FPGA. The experimental results show that the proposed architecture occupies 23.7k look-up tables (LUTs) and performs single 256-bit scalar multiplication in 0.56 ms. The area-time product of the proposed architecture is only 13.36. Compared with other state-of-the-art ECSM implementations, the proposed architecture has obvious advantage in terms of the area-time product.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiang Feng,Shuguo Li

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.245

2017-01-01

Abstract:In this paper, we propose a novel high-speed and SPA-resistant architecture for elliptic curve cryptography (ECC) point multiplication. A new Karatsuba-Ofman based pipelined multiplier is proposed to lower the latency, and an improved comb point multiplication method is employed to reduce the clock cycles and to resist simple power analysis (SPA). The proposed ECC architecture has been implemented on Altera's Stratix II FPGA platform. Implementation results show that our processor can perform 256-bit ECC point multiplication in 0.16 ms at the cost of 14.2k ALMS. Compared with the previous implementations, our implementation achieves a speed up factor of no less than 4 times without compromising the SPA-resistance.

Xiaowei Han,Beibei Wang,Liji Wu,An Wang

DOI: https://doi.org/10.1587/elex.12.20150470

2015-01-01

IEICE Electronics Express

Abstract:This paper presents a design of an elliptic curve coprocessor over GF(p) with side-channel analysis countermeasures and fast implementation schemes, which can be used for all elliptic curve cryptographic algorithms, such as ECC and SM2. The proposed coprocessor can resist side channel analysis and is implemented basing on the C*Core-C0 platform. Using SMIC 0.13-mu m CMOS technology, synthesis results show that our coprocessor can perform one 256-bit elliptic curve scalar multiplication over the prime field in 8.35 ms at 50 MHz with only 1.98 mW and 17.7K gates. The proposed coprocessor outperforms other coprocessors in terms of the overall performance of area, power, speed and security, which is quite suitable for smart IC card.

Wei Li,Xiaoyang Zeng,Xiao Feng,Zibin Dai

DOI: https://doi.org/10.1109/uic-atc-scalcom-cbdcom-iop.2015.114

2015-01-01

Abstract:In this paper, a mixture of VLIW and vector architecture of ECC processor is proposed to perform either prime field GF(p) operations or binary field GF(2(m)) operations for arbitrary prime numbers and irreducible polynomials. Besides, an application specific instruction set for ECC is presented to support parallel processing with VLIW instruction structure features and vector register addressing modes. Moreover, a new randomized clock cycle's insertion technique in regular calculation is designed against SPA and DPA attacks with 3% area and 4% power overhead. After implemented in 65-nm CMOS process, our proposed 521-bit dual field elliptic curve cryptographic processor can perform scalar multiplication in 1.3 ms over GF(p(521)) and 0.94 ms over GF(2(521)). Our ECC processor chip is advantageous not only in terms of functionality, scalability, and performance but also in protection against power-analysis attacks.

Tianyi XIE,Kai HUANG,Siwen XIU,Congxue TANG,Xiaolang YAN

DOI: https://doi.org/10.3778/j.issn.1002-8331.1410-0277

2016-01-01

Abstract:The software efficiency of Elliptic Curve Cryptography(ECC)algorithm over GF ( p) is analyzed. Against the disadvantages of the software implementation, the partition between software and hardware is given. A kind of hardware accelerator suitable for Sytem-on-Chip(SoC)is proposed, and the SoC architecture is designed. Hardware acceleration for both filed multiplication and Miller-Rabin primality test is implemented, which largely improves the performance of ECC at the expense of a little cost of area. The SM2 public key cryptographic algorithm is implemented on chip. Based on the HJTC 0.11μm eFlash standard cell-library, the area of the accelerator is about 0.6 mm2 . The accelerator can execute 167 operations per second for 192 bit unknown-point multiplication and 94 operations per second for 256 bit in 50 MHz. Experimental results show that the performance per unit area of the accelerator is higher than other approaches.

Yong-xiang HAN,Guo-qiang BAI,Hong-yi CHEN

DOI: https://doi.org/10.3969/j.issn.1000-7180.2007.12.001

2007-01-01

Abstract:Through a compound hardware-design method of combining mathematical reasoning and circuit technology, this paper presents a VLSI implementation of ECC processor over GF(2m). Targeting low cost, we finish the optimal design of squaring, reduction, multiplication, inversion in Arithmetic logic module. According to different operation hierarchies, we designed different controlling circuits to match. The ECC processor has been synthesized on SMIC 0.18μm CMOS technology and has an area reduction of 48% comparing to international relevant research, with really fast speed at the same time.

Xiaopeng Zhang,Shuguo Li

DOI: https://doi.org/10.1109/idt.2007.4437455

2007-01-01

Abstract:In this paper, a high-performance ASIC based elliptic curve cryptographic (ECC) processor is proposed to implement six elliptic curve schemes: key generation, key agreement, digital signature, digital verification, elgamal encryption and elgamal decryption. The processor supports reconfigurable elliptic curves over GF(p) with sizes ranging from 192 to 256 bits and reaches a high performance of 10526 scalar multiplications, 8333 digital signatures and 4761 digital verifications per second respectively in typical case. To the best of our knowledge, this work is the first practice to implement an ASIC based ECC processor over GF(p).

Xiang Feng,Shuguo Li

DOI: https://doi.org/10.1587/transfun.e98.a.863

2015-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Field Programmable Gate Array (FPGA) implementation of Elliptic Curve Cryptography (ECC) over GF(p) is commonly not fast enough to meet the request of high-performance applications. There are three critical factors to determine the performance of ECC processor over GF(p): multiplication structure, modular multiplication algorithm, and scalar point multiplication scheduling. This work proposes a novel multiplication structure which is a two-stage pipeline on the basis of Karatsuba-Ofman algorithm. With the proposed multiplication structure, we design a 256-bit modular multiplier based on Improved Barret Modular Multiplication algorithm. Upon the modular multiplier, we finish the scalar point multiplication scheduling and implement a high-performance ECC processor on FPGA. Compared with the previous modular multipliers, our modular multiplier reduces the 256-bit modular multiplication time by 28% at least. Synthesis result on Altera Stratix II shows that our ECC processor can complete a 256-bit ECC scalar point multiplication in 0.51ms, which is at least 1.3 times faster than the currently reported FPGA ECC processors over GF(p).

Zhanzhan Chen,Liji Wu,Zhenhui Zhang,Dehang Xiao,Xiangmin Zhang,Yan Liu

DOI: https://doi.org/10.1109/asid56930.2022.9995777

2022-01-01

Abstract:SM2 algorithm is widely used in financial IC cards. It has the advantages of fast operation speed and short signature, but it may also contain security vulnerabilities. Attackers can crack the secret key via Simple Power Analysis (SPA), which is the inexpensive and extremely effective method, causing a great threat to the security of SM2 algorithm. In order to improve the safety of SM2 algorithm, this paper introduces atomic algorithm to implement point addition and point doubling operation, and proposes precomputed Non Adjacent Form (NAF) random window algorithm to achieve scalar multiplication. Based on experimental analysis with SAKURA-G FPGA board, the improved SM2 algorithm can resist successfully SPA. Compared with the original algorithm, the time of computation is reduced by 67.5%, and the number of slice registers has increased by less than 5%. The security and speed of SM2 algorithm has been significantly improved.

Jinnan Ding,Shuguo Li

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.353

2017-01-01

Abstract:Elliptic curve cryptography (ECC) is widely used in the field of cyber security such as TLS protocol. Compared with symmetric cryptography, the computation of ECC is much slower. In this paper, a reconfigurable high-speed processor supporting all currently used NIST primes on FPGA platform is constructed. The modular addition and substraction is eliminated in our design by applying lazy reduction strategy. Throughput of modular multiplication is improved significantly with Karatsuba algorithm and compact pipeline schedule. The latency of modular inverse is tactfully avoided by pipeline coverage at the level of scalar multiplication. Furthermore, Montgomery-ladder algorithm and base-point randomization is applied to resist side-channel and timing attacks. Most of these techniques can also be used in software designs. Compared with previous works, our FPGA design outperforms times of others in term of scalar multiplication performance, while the hardware cost remains moderate, which makes it suitable for computation-intensive applications.

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Md Mainul Islam,Md Selim Hossain,Moh Khalid Hasan,Md Shahjalal,Yeong Min Jang

DOI: https://doi.org/10.3390/s20185148

2020-09-10

Abstract:With the swift evolution of wireless technologies, the demand for the Internet of Things (IoT) security is rising immensely. Elliptic curve cryptography (ECC) provides an attractive solution to fulfill this demand. In recent years, Edwards curves have gained widespread acceptance in digital signatures and ECC due to their faster group operations and higher resistance against side-channel attacks (SCAs) than that of the Weierstrass form of elliptic curves. In this paper, we propose a high-speed, low-area, simple power analysis (SPA)-resistant field-programmable gate array (FPGA) implementation of ECC processor with unified point addition on a twisted Edwards curve, namely Edwards25519. Efficient hardware architectures for modular multiplication, modular inversion, unified point addition, and elliptic curve point multiplication (ECPM) are proposed. To reduce the computational complexity of ECPM, the ECPM scheme is designed in projective coordinates instead of affine coordinates. The proposed ECC processor performs 256-bit point multiplication over a prime field in 198,715 clock cycles and takes 1.9 ms with a throughput of 134.5 kbps, occupying only 6543 slices on Xilinx Virtex-7 FPGA platform. It supports high-speed public-key generation using fewer hardware resources without compromising the security level, which is a challenging requirement for IoT security.

Gang Chen,Guoqiang Bai,Hongyi Chen

DOI: https://doi.org/10.1109/ISCAS.2008.4542163

2008-01-01

Abstract:We proposed a high-performance ECC architecture for generic curves over prime fields based on a systolic arithmetic unit, in [1]. This paper is on an extension and a realization of that architecture. We extend the architecture to support binary fields, and realize the extended architecture, developing a dual-field ECC processor. Further, the processor is implemented by an ASIC. The results on the layouted processor show a high performance, confirming the efficiency of the architecture.

Qingfu Cao,Shuguo Li

DOI: https://doi.org/10.1109/ASICON.2009.5351572

2009-01-01

Abstract:This paper proposes a high-throughput cost-effective implementation of AES supporting encryption and decryption with 128-, 192-, and 256-bit cipher key. Optimum irreducible polynomial coefficients are selected to construct the composite field GF(((2(2))(2))(2)) on standard and normal base in order to minimize the gate count in SubBytes/InvSubBytes transformation. In addition, MixCoulmn/InvMixColumn transformations are optimized and the gate count is the least as we know. And then, a novel on-the-fly key expansion structure is applied to improve the throughput. The performance is evaluated on SMIC 0.18 mu m CMOS technology and the design has been verified on FPGA. The throughput can achieve at 1.16Gbps with the cost of only 19476 equivalent NAND2 gates, which outperforms prior works with respect to the parameter throughput per kilo gates with the same process(1).