An Inverter Architecture for ECC-GF(2 m ) Based on the Stein’s Algorithm

An Inverter Architecture for ECC-GF(2m)Based on the

Stein’s Algorithm

Objectives

To present the development of a modular inverter for elliptic curves, implemented by programmable circuit;

To show the viability to implement this inverter by combinatorial circuit;

To talk about the difficulties found during the development of the inverter;

To explain the solutions found to allow the development of the inverter.

Justifications

The interest about digital circuits; The today importance of projects that work

with cryptography implemented by hardware;

The need to create a device in order to increase the performance of programs that work with asymmetric cryptography;

Challenges: speed X area;

combinatorial circuits X affine coordinates.

Summary

Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and

Point Addition; A Cryptosystem Implemented by Programmable

Circuits; Results; Conclusions.

Summary




Introduction

Introduction

Information; QS (symmetric cryptography); QP and k (asymmetric cryptography); Q = kP; 2P and +P: doubling and addition of P; +, *, x2, mod, x-1: finite field arithmetic.

Introduction

A Key-Exchange Example

cli – the client side of the communication; serv – the server side of the communication; P – an element previously chosen by cli and

serv; k – a private key; QP – a public key;

QS – a secret key;

Q and P are elements of the same type.

Introduction

Key-Exchange The cli generates at random an integer number

kcli; The serv generates at random an integer

number kserv; The cli calculates: QPcli = kcli P; The serv calculates: QPserv = kserv P; The cli sends QPcli to the serv; The serv sends QPserv to the cli; The cli calculates: QS = kcli QPserv;

The serv calculates: QS = kserv QPcli.

Summary




ECC-GF()

Elliptic Curves

They are represented by the equation:

y2 + xy = x3 + ax2 + b

for which: x and y represent the point coordinates; a and b define an elliptic curve over

GF(2m).

ECC-GF()

The Main Operation of the Elliptic Curve Algorithms

Q = kP

for which: k is an integer number; P is an elliptic curve point of coordinates x and y; Q is an elliptic curve point of coordinates x and y; P(Px,Py) and Q(Qx,Qy) are points represented

by affine coordinates and polynomial basis.

ECC-GF()

Double-and-Add Algorithm

Q = 10P

1010 => ((2P)2+P)2 => 10P

Q = 17P

10001 => (((2P)2)2)2+P => 17P

ECC-GF()

Point Doubling

S = PX + ((P’Y) / (P’X)) mod p

QX = (S2 + S + a) mod p

QY = (S(PX + QX) + PY + QX) mod p

ECC-GF()

Point Addition

S = ((PY + P’Y) / (PX + P’X)) mod p

QX = (S2 + S + PX + P’X + a) mod p


ECC-GF()

Comparison Between

Doublings . and Additions .

S = Px + (P’y / P’x) mod p. S = ((Py + P’y) / (Px + P’x)) mod p.

Qx = (S2 + S + a) mod p. Qx = (S2 + S + Px + P’x + a) mod p.

Qy = (S(Px + Qx) + Py + Qx) mod p. Qy = (S(Px + Qx) + Py + Qx) mod p.

ECC-GF()

Unification of the Equations

S = F + ((G + P’Y) / (H + P’X)) mod p

QX = (S2 + S + PX + P’X + a) mod p


ECC-GF()

Attribution of Values

Point Doubling:

F = PX;

G = 0; H = 0.

Point Addition:

F = 0; G = PY;

H = PX.

ECC-GF()

Finite Field Arithmetic

Sum; Multiplication; Module; Squaring; Modular Inversion.

ECC-GF()


S = F + ((G + P’Y) / (H + P’X)) mod p

QX = (S2 + S + PX + P’X + a) mod p


ECC-GF()

Optimization of the Equations

S = F + ((G + P’Y) * (H + P’X)-1) mod p

QX = (S2 + S + PX + P’X + a) mod p


Summary




A Combinatorial Circuit for Modular Inversion

Modular Division Methods

Gaussian Elimination;

Fermat’s Theorem;

MDC (Euclides or Stein).


The Stein’s Algorithm

(A, B, U, V) (P’x, p, 1, 0)while A != 0 and B != 1 if A0 = 1 if deg(A) >= deg(B) (A, B) (A + B, U + V) else (A, B, U, V) (A + B, A, U + V, U) endif endif (A, U) (A / 2, (U / 2) mod p)endwhile


The Stein’s Algorithm Optimized(A, B, U, V, DCC, Flag, slice) (P’x, p, 1, 0, 2, 1, 2m-1)while slice > 0 if A0 = 1 if Flag = 1 and DCC0 = 0 (A, B, U, V, Flag) (A + B, A, U + V, U, 0) else (A, B) (A + B, U + V) endif endif (A, U) (A / 2, (U / 2) mod p) if Flag = 0 and DCC0 = 0 DCC DCC / 2 else (DCC, Flag) ((DCC * 2), 1) endif slice slice -1endwhile


FLAG and AUX handling

FLAGout

AUX

FLAGinAin0

DCCin0

FLAGinDCCin0


DCC handling

DCCout[m..0]DCCL[m..0]

DCCR[m..0]

FLAGout

DCCL[m..1]DCCin[m-1..0]

DCCR[m-1..0]DCCin[m..1]

DCCL0GND

DCCRmGND


A handling

Aout[m..0]Bin[m+1..1]Ain[m+1..1]

Ain0

Ainm+1GND

Binm+1GND

A Combinational Circuit for Modular Inversion

U handling

U[m..0]Vin[m..0]Uin[m..0]

Ain0

Um+1GND

pm+1GND

Uout[m..0]U[m+1..1]

p[m+1..1]

A Combinational Circuit for Modular Inversion

B handling

Bout[m..0]

Ain[m..0]

Bin[m..0]

AUX


V handling

Vout[m..0]

Uin[m..0]

Vin[m..0]

AUX

Summary




A Combinatorial Circuit for Point Doubling and Point Addition

A combinatorial Circuit forPoint Doubling and Point Addition

P’x

P’y

Qx

Qy

P’xModularInversion

OtherOperations

A Combinatorial Circuit for Point Doubling and Point Addition


S = F + ((G + P’Y) * (H + P’X)-1) mod p

QX = (S2 + S + PX + P’X + a) mod p


Summary




A Cryptosystem Implemented by Programmable Circuits

The Cryptosystem

CPU

Key-Exchang

e Example

PC-board

P’yQy

P’xOther

OperationsModular Inversion

QxP’x P P

S

Temp.Reg.

Algorithm ofECC-GF(2m)RNG

k k

EP2S180F1020C4 EP2S90F1508C3

PC Bus

data flow control signal

CAPTION

Registers

Summary




Results

General Results

FiniteField

Number of

Pins

Number of

Slices

Number of

LUTs

CircuitDelay(ns)

CompilationTime

(dd:hh:mm:ss)

113 229 225 60,361 324 01:18:41:19

131 265 261 82,082 374 03:04:51:36

163 329 325 128,265 491 10:03:31:41

Results

Modular Inversion Time for Different Implementations

Implementations Modular Inversion Time (µs)

Ext. Euclides 2.509

Itho-Tsujii 0.760

Our Inverter 0.490

Results

Scalar Multiplication Time for Different Implementations

ImplementationSoftware orHardware

Finite Field PlataformQ = kP

(ms)

Montgomery [LD99] Software GF(2163) UltraSparc 64-bit 13,5

Almost Inv. [SOOS95] Software GF(2155) DEC Alpha 64-bit 7,8

ASIC Coprocessor [AMV93] Hardware GF(2155) VLSI3,9est.

FPGA Coprocessor [SES98] Hardware GF(2155) Xilinx FPGA XC4020XL18,4est.

ECP [OP00] Hardware GF(2167) Xilinx FPGA XCV400E 0,21

Montgomery [EGSG03] Software GF(2163) Sun FireTM280R Server 3,11

Cryptographic Processor [EGSG03] Hardware GF(2163) Xilinx FPGA Virtex-II XCV2000E-7 0,14

Our Cryptosystem Hardware GF(2163)Altera FPGAs Stratix II:EP2S180F1020C4 and

EP2S90F1508C30,1

Results

Results of Our Key-Exchange Example

Finite Field

Our Key-Exchange Example

Without our cryptosystem(s)

With our cryptosystem(µs)

113 1 125

131 2 161

163 5 244

Summary




Conclusions

Conclusions

The Objectives was successfully achieved; High performance to the detriment of a

small area; High-speed and high-density combinatorial

circuits; Our inverter and cryptosystem were made

valid; Our cryptosystem allows high frequency of

key exchange.

The End

Documents

An Inverter Architecture for ECC-GF(2 m ) Based on the Stein’s Algorithm