Results 1 
8 of
8
Hardware Architectures for Public Key Cryptography
, 2002
"... This paper presents an overview of hardware implementations for the two commonly used types of Public Key Cryptography, i.e. RSA and Elliptic Curve Cryptography (ECC), both based on modular arithmetic. We first discuss the mathematical background and the algorithms to implement these cryptosystems. ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
This paper presents an overview of hardware implementations for the two commonly used types of Public Key Cryptography, i.e. RSA and Elliptic Curve Cryptography (ECC), both based on modular arithmetic. We first discuss the mathematical background and the algorithms to implement these cryptosystems. Next an overview is given of the different hardware architectures which have been proposed in the literature.
Information Leakage Attacks Against Smart Card
 in EUROSMART Security Conference
, 2000
"... Abstract. Every practical implementation of a cryptographic algorithm represents a physical device possessing potential side channels not covered by the security models of theoretical cryptography. Hence, even provable secure cryptographic algorithms may be attacked due to leakage of information. Sm ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. Every practical implementation of a cryptographic algorithm represents a physical device possessing potential side channels not covered by the security models of theoretical cryptography. Hence, even provable secure cryptographic algorithms may be attacked due to leakage of information. Smart cards and security ICs are often used as tamperproof security devices. To prevent an attacker from exploiting easily accessible information like power consumption, running time, inputoutput behavior under malfunctions caused, i. e., by irregular clocking, radiation, power peaks, special precautions have to be taken. Commonly used countermeasures against information leakage are the reduction of the signaltonoise ratio using special implementation techniques for hardware and software and the decorrelation of secret internal data from the channels observable by an attacker. In this contribution we survey the basic concepts of known attacks based on information leakage, i. e., timing attack, differential fault analysis, SPA, and DPA, and the countermeasures proposed in the literature. These methods comprise hardware design techniques and the design and implementation of modifications of cryptographic algorithms. 1
Montgomery Exponentiation with no Final Subtractions: Improved Results
 In Cryptographic Hardware and Embedded Systems  CHES 2000, LNCS 1965
"... . The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Coli ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
. The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Colin D. Walter proposed a constant time implementation of this algorithm [17, 18]. In this paper, we propose an improved (faster) version of this implementation. We also provide figures about the overhead of these versions relatively to a speed optimised version (theoretically and experimentally). Keywords. Montgomery multiplication, modular exponentiation, smart cards, timing attacks, power attacks 1 Introduction In RSA based cryptosystems, modular exponentiations are often computed with Montgomery multiplications [14].The optimisation of this algorithm is consequently very important. Several fast implementations of this algorithm were proposed both in hardware (e.g. [18]) and softwar...
Flexible Hardware Design for RSA and Elliptic Curve Cryptosystems
 Proceedings of Topics in Cryptology  CTRSA 2004. Lecture Note in Computer Science
, 2004
"... Abstract. This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting w ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting wireless applications, up to a very big design (more than 100 Kgates) used for network security. In latter option it can include a few dedicated large number arithmetic units each of which is a systolic array performing the Montgomery Modular Multiplication (MMM). The bound on the Montgomery parameter has been optimized to facilitate more secure ECC point operations. Furthermore, we present a new possibility for CRT scheme which is less vulnerable to sidechannel attacks.
AN FPGA IMPLEMENTATION OF RIJNDAEL: TRADEOFFS FOR SIDECHANNEL SECURITY
"... Abstract: This work proposes a complete and sidechannel proof solution for an ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract: This work proposes a complete and sidechannel proof solution for an
unknown title
, 809
"... Sidechannel attacks are efficient attacks against cryptographic devices. They use only quantities observable from outside, such as the duration and the power consumption. Attacks against synchronous devices using electric observations are facilitated by the fact that all transitions occur simultane ..."
Abstract
 Add to MetaCart
(Show Context)
Sidechannel attacks are efficient attacks against cryptographic devices. They use only quantities observable from outside, such as the duration and the power consumption. Attacks against synchronous devices using electric observations are facilitated by the fact that all transitions occur simultaneously with some global clock signal. Asynchronous control remove this synchronization and therefore makes it more difficult for the attacker to insulate interesting intervals. In addition the coding of data in an asynchronous circuit is inherently more difficult to attack. This article describes the Programmable Logic Block of an asynchronous FPGA resistant against sidechannel attacks. Additionally it can implement different styles of asynchronous control and of data representation. 1
On Using Fast Exponentiation Algorithm in PDAs (or: How Secure is the Discrete Logarithm Problem Assumption in PDAs?) (Extended Abstract)
"... Personal Digital Assistants (PDAs) are the miniature of normal size PCs, with a very limited computational power. In this paper, we investigate the security of PDAs when they are used to perform some cryptographic applications. In our context, we investigate the computation y = g x (mod p), for a pr ..."
Abstract
 Add to MetaCart
(Show Context)
Personal Digital Assistants (PDAs) are the miniature of normal size PCs, with a very limited computational power. In this paper, we investigate the security of PDAs when they are used to perform some cryptographic applications. In our context, we investigate the computation y = g x (mod p), for a prime p, which is believed to be secure in the sense of the Discrete Logarithm Problem (DLP) assumption. To be more precise, knowing only p, g and y, it is hard to derive x. We note that this computation is the most important operation in most cryptographic algorithms. However, due to the limited computational power of PDAs, such computation requires some amount of time (and battery life). We show that by observing one of these parameters, we can reduce the hard problem of DLP to be predictable, and hence it is not secure. We also show how to securely generate these kind of computations with PDAs by employing some different techniques, so that they will not reveal any additional information to a passive eavesdropper. In contrast to previous works, we do not assume that the attacker can take the full control of the PDA. This assumption is only applicable to a smart card whenever it is used in a malicious smart card reader.