An Inverter Architecture for ECC-GF(2 m ) Based on the Stein’s Algorithm
description
Transcript of An Inverter Architecture for ECC-GF(2 m ) Based on the Stein’s Algorithm
An Inverter Architecture for ECC-GF(2m)Based on the
Stein’s Algorithm
Objectives
To present the development of a modular inverter for elliptic curves, implemented by programmable circuit;
To show the viability to implement this inverter by combinatorial circuit;
To talk about the difficulties found during the development of the inverter;
To explain the solutions found to allow the development of the inverter.
Justifications
The interest about digital circuits; The today importance of projects that work
with cryptography implemented by hardware;
The need to create a device in order to increase the performance of programs that work with asymmetric cryptography;
Challenges: speed X area;
combinatorial circuits X affine coordinates.
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
Introduction
Introduction
Information; QS (symmetric cryptography); QP and k (asymmetric cryptography); Q = kP; 2P and +P: doubling and addition of P; +, *, x2, mod, x-1: finite field arithmetic.
Introduction
A Key-Exchange Example
cli – the client side of the communication; serv – the server side of the communication; P – an element previously chosen by cli and
serv; k – a private key; QP – a public key;
QS – a secret key;
Q and P are elements of the same type.
Introduction
Key-Exchange The cli generates at random an integer number
kcli; The serv generates at random an integer
number kserv; The cli calculates: QPcli = kcli P; The serv calculates: QPserv = kserv P; The cli sends QPcli to the serv; The serv sends QPserv to the cli; The cli calculates: QS = kcli QPserv;
The serv calculates: QS = kserv QPcli.
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
ECC-GF()
Elliptic Curves
They are represented by the equation:
y2 + xy = x3 + ax2 + b
for which: x and y represent the point coordinates; a and b define an elliptic curve over
GF(2m).
ECC-GF()
The Main Operation of the Elliptic Curve Algorithms
Q = kP
for which: k is an integer number; P is an elliptic curve point of coordinates x and y; Q is an elliptic curve point of coordinates x and y; P(Px,Py) and Q(Qx,Qy) are points represented
by affine coordinates and polynomial basis.
ECC-GF()
Double-and-Add Algorithm
Q = 10P
1010 => ((2P)2+P)2 => 10P
Q = 17P
10001 => (((2P)2)2)2+P => 17P
ECC-GF()
Point Doubling
S = PX + ((P’Y) / (P’X)) mod p
QX = (S2 + S + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
ECC-GF()
Point Addition
S = ((PY + P’Y) / (PX + P’X)) mod p
QX = (S2 + S + PX + P’X + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
ECC-GF()
Comparison Between
Doublings . and Additions .
S = Px + (P’y / P’x) mod p. S = ((Py + P’y) / (Px + P’x)) mod p.
Qx = (S2 + S + a) mod p. Qx = (S2 + S + Px + P’x + a) mod p.
Qy = (S(Px + Qx) + Py + Qx) mod p. Qy = (S(Px + Qx) + Py + Qx) mod p.
ECC-GF()
Unification of the Equations
S = F + ((G + P’Y) / (H + P’X)) mod p
QX = (S2 + S + PX + P’X + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
ECC-GF()
Attribution of Values
Point Doubling:
F = PX;
G = 0; H = 0.
Point Addition:
F = 0; G = PY;
H = PX.
ECC-GF()
Finite Field Arithmetic
Sum; Multiplication; Module; Squaring; Modular Inversion.
ECC-GF()
Unification of the Equations
S = F + ((G + P’Y) / (H + P’X)) mod p
QX = (S2 + S + PX + P’X + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
ECC-GF()
Optimization of the Equations
S = F + ((G + P’Y) * (H + P’X)-1) mod p
QX = (S2 + S + PX + P’X + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
A Combinatorial Circuit for Modular Inversion
Modular Division Methods
Gaussian Elimination;
Fermat’s Theorem;
MDC (Euclides or Stein).
A Combinatorial Circuit for Modular Inversion
The Stein’s Algorithm
(A, B, U, V) (P’x, p, 1, 0)while A != 0 and B != 1 if A0 = 1 if deg(A) >= deg(B) (A, B) (A + B, U + V) else (A, B, U, V) (A + B, A, U + V, U) endif endif (A, U) (A / 2, (U / 2) mod p)endwhile
A Combinatorial Circuit for Modular Inversion
The Stein’s Algorithm Optimized(A, B, U, V, DCC, Flag, slice) (P’x, p, 1, 0, 2, 1, 2m-1)while slice > 0 if A0 = 1 if Flag = 1 and DCC0 = 0 (A, B, U, V, Flag) (A + B, A, U + V, U, 0) else (A, B) (A + B, U + V) endif endif (A, U) (A / 2, (U / 2) mod p) if Flag = 0 and DCC0 = 0 DCC DCC / 2 else (DCC, Flag) ((DCC * 2), 1) endif slice slice -1endwhile
A Combinatorial Circuit for Modular Inversion
FLAG and AUX handling
FLAGout
AUX
FLAGinAin0
DCCin0
FLAGinDCCin0
A Combinatorial Circuit for Modular Inversion
DCC handling
DCCout[m..0]DCCL[m..0]
DCCR[m..0]
FLAGout
DCCL[m..1]DCCin[m-1..0]
DCCR[m-1..0]DCCin[m..1]
DCCL0GND
DCCRmGND
A Combinatorial Circuit for Modular Inversion
A handling
Aout[m..0]Bin[m+1..1]Ain[m+1..1]
Ain0
Ainm+1GND
Binm+1GND
A Combinational Circuit for Modular Inversion
U handling
U[m..0]Vin[m..0]Uin[m..0]
Ain0
Um+1GND
pm+1GND
Uout[m..0]U[m+1..1]
p[m+1..1]
A Combinational Circuit for Modular Inversion
B handling
Bout[m..0]
Ain[m..0]
Bin[m..0]
AUX
A Combinatorial Circuit for Modular Inversion
V handling
Vout[m..0]
Uin[m..0]
Vin[m..0]
AUX
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
A Combinatorial Circuit for Point Doubling and Point Addition
A combinatorial Circuit forPoint Doubling and Point Addition
P’x
P’y
Qx
Qy
P’xModularInversion
OtherOperations
A Combinatorial Circuit for Point Doubling and Point Addition
Unification of the Equations
S = F + ((G + P’Y) * (H + P’X)-1) mod p
QX = (S2 + S + PX + P’X + a) mod p
QY = (S(PX + QX) + PY + QX) mod p
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
A Cryptosystem Implemented by Programmable Circuits
The Cryptosystem
CPU
Key-Exchang
e Example
PC-board
P’yQy
P’xOther
OperationsModular Inversion
QxP’x P P
S
Temp.Reg.
Algorithm ofECC-GF(2m)RNG
k k
EP2S180F1020C4 EP2S90F1508C3
PC Bus
data flow control signal
CAPTION
Registers
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
Results
General Results
FiniteField
Number of
Pins
Number of
Slices
Number of
LUTs
CircuitDelay(ns)
CompilationTime
(dd:hh:mm:ss)
113 229 225 60,361 324 01:18:41:19
131 265 261 82,082 374 03:04:51:36
163 329 325 128,265 491 10:03:31:41
Results
Modular Inversion Time for Different Implementations
Implementations Modular Inversion Time (µs)
Ext. Euclides 2.509
Itho-Tsujii 0.760
Our Inverter 0.490
Results
Scalar Multiplication Time for Different Implementations
ImplementationSoftware orHardware
Finite Field PlataformQ = kP
(ms)
Montgomery [LD99] Software GF(2163) UltraSparc 64-bit 13,5
Almost Inv. [SOOS95] Software GF(2155) DEC Alpha 64-bit 7,8
ASIC Coprocessor [AMV93] Hardware GF(2155) VLSI3,9est.
FPGA Coprocessor [SES98] Hardware GF(2155) Xilinx FPGA XC4020XL18,4est.
ECP [OP00] Hardware GF(2167) Xilinx FPGA XCV400E 0,21
Montgomery [EGSG03] Software GF(2163) Sun FireTM280R Server 3,11
Cryptographic Processor [EGSG03] Hardware GF(2163) Xilinx FPGA Virtex-II XCV2000E-7 0,14
Our Cryptosystem Hardware GF(2163)Altera FPGAs Stratix II:EP2S180F1020C4 and
EP2S90F1508C30,1
Results
Results of Our Key-Exchange Example
Finite Field
Our Key-Exchange Example
Without our cryptosystem(s)
With our cryptosystem(µs)
113 1 125
131 2 161
163 5 244
Summary
Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and
Point Addition; A Cryptosystem Implemented by Programmable
Circuits; Results; Conclusions.
Conclusions
Conclusions
The Objectives was successfully achieved; High performance to the detriment of a
small area; High-speed and high-density combinatorial
circuits; Our inverter and cryptosystem were made
valid; Our cryptosystem allows high frequency of
key exchange.
The End