. This work proposes a processor architecture for elliptic curves cryptosystems over fields GF(2 m ). This is a scalable architecture in terms of area and speed that exploits the abilities of reconfigurable hardware to deliver optimized circuitry for different elliptic curves and finite fields. The main features of this architecture are the use of an optimized bitparallel squarer, a digit-serial multiplier, and two programmable processors. Through reconfiguration, the squarer and the multiplier architectures can be optimized for any field order or field polynomial. The multiplier performance can also be scaled according to system's needs. Our results show that implementations of this architecture executing the projective coordinates version of the Montgomery scalar multiplication algorithm can compute elliptic curve scalar multiplications with arbitrary points in 0.21 msec in the field GF(2 167 ). A result that is at least 19 times faster than documented hardware imple...

Since its proposal by Victor Miller [17] and Neal Koblitz [15] in the mid 1980s, Elliptic Curve Cryptography (ECC) has evolved into a mature public-key cryptosystem. Offering the smallest key size and the highest strength per bit, its computational efficiency can benefit both client devices and server machines. We have designed a programmable hardware accelerator to speed up point multiplication for elliptic curves over binary polynomial fields GF (2^m). The accelerator is based on a scalable architecture capable of handling curves of arbitrary field degrees up to m = 255. In addition, it delivers optimized performance for a set of commonly used curves through hard-wired reduction logic. A prototype implementation running in a Xilinx XCV2000E FPGA at 66.4 MHz shows a performance of 6987 point multiplications per second for GF(2^163). We have integrated ECC into OpenSSL, today's dominant implementation of the secure Internet protocol SSL, and tested it with the Apache web server and open-source web browsers.

We describe a cryptographic processor for Elliptic Curve Cryptography (ECC). ECC is evolving as an attractive alternative to other public-key cryptosystems such as the Rivest-Shamir-Adleman algorithm (RSA) by offering the smallest key size and the highest strength per bit. The cryptographic processor performs point multiplication for elliptic curves over binary polynomial fields GF(2 m). In contrast to other designs that only support one curve at a time, our processor is capable of handling arbitrary curves without requiring reconfiguration. More specifically, it can handle both named curves as standardized by the National Institute for Standards and Technology (NIST) as well as any other generic curves up to a field degree of 255. Efficient support for arbitrary curves is particularly important for the targeted server applications that need to handle requests for secure connections generated by a multitude of heterogeneous client devices. Such requests may specify curves which are infrequently used or not even known at implementation time. We have implemented the cryptographic processor in a field-programmable gate array (FPGA) running at a clock frequency of 66.4 MHz. Its performance is 6955 point multiplications per

Abstract. Hyperelliptic curve cryptography with genus larger than one has not been seriously considered for cryptographic purposes because many existing implementations are significantly slower than elliptic curve versions with the same level of security. In this paper, the first ever complete hardware implementation of a hyperelliptic curve coprocessor is described. This coprocessor is designed for genus two curves over F 2 113. Additionally, a modification to the Extended Euclidean Algorithm is presented for the GCD calculation required by Cantor’s algorithm. On average, this new method computes the GCD in one-fourth the time required by the Extended Euclidean Algorithm. 1

Abstract. RFID-tags are a new generation of bar-codes with added functionality. They are becoming very popular tools for identification of products in various applications like e.g. supply-chain management. An emerging application is the use of RFID-tags for anti-counterfeiting by embedding them into a product. However, there is a risk related to naively using those tags for several applications. In particular, if no appropriate cryptographic measures are taken, the privacy of a user carrying tagged items can be severely damaged. In order to enable these applications and at the same time minimize the risks, public-key cryptography (PKC) offers attractive solutions. Whether a public-key cryptosystem can be implemented on an RFID tag or not remains an open problem. In this paper, we focus on the problem of anti-counterfeiting measures that can be provided by RFID-tags. More precisely, we investigate which PKC-based identification protocols are useful for this application. We discuss the feasibility of identification protocols based on Elliptic Curve Cryptography (ECC) and show that it is feasible on RFID tags.

RFID-Tags are small devices used for identification purposes in many applications nowadays.

Recently, there has been a lot of interest on cryptographic applications based on fields OF(p"), for p > 2. This contribution presents OF(p TM) multipliers architectures, where p is odd. We present designs which trade area for performance based on the number of coefficients that the multiplier processes at one time. Families of irreducible polynomials are introduced to reduce the complexity of the modulo reduction operation and, thus, improved the efficiency of the multiplier. We, then, specialize to fields OF(3 TM) and provide the first cubing architecture pre- sented in the literature. We synthesize our architectures for the special case of OF(397) on the XCV1000-8-FG1156 and XC2VP20-7-FF1156 FPGAs and provide area/performance numbers and comparisons to previous OF(3 TM) and OF(2 TM) implementations. Finally, we provide tables of irreducible polynomials over OF(3) of degree m with 2 _< m _< 255.

Abstract. Pervasive networks with low-cost embedded 8-bit processors are set to change our day-to-day life. Public-key cryptography provides crucial functionality to assure security which is often an important requirement in pervasive applications. However, it has been the hardest to implement on constraint platforms due to its very high computational requirements. This contribution describes a proof-of-concept implementation for an extremely low-cost instruction set extension using reconfigurable logic, which enables an 8-bit micro-controller to provide full size elliptic curve cryptography (ECC) capabilities. Introducing full size public-key security mechanisms on such small embedded devices will allow new pervasive applications. We show that a standard compliant 163-bit point multiplication can be computed in 0.113 sec on an 8-bit AVR micro-controller running at 4 Mhz with minimal extra hardware, a typical representative for a low-cost pervasive processor. Our design not only accelerates the computation by a factor of more than 30 compared to a software-only solution, it also reduces the code-size, data-RAM and power requirements. 1

Abstract. Cryptographic algorithms are used in a large variety of different applications to ensure security services. It is, thus, very interesting to investigate various implementation platforms. Hyperelliptic curve schemes are cryptographic primitives to which a lot of attention was recently given due to the short operand size compared to other algorithms. They are specifically interesting for special-purpose hardware. This paper provides a comprehensive investigation of high-efficient HEC architectures. We propose a genus-2 hyperelliptic curve cryptographic coprocessor using affine coordinates. We implemented a special class of hyperelliptic curves, namely using the parameter h(x) = x and f = x 5 + f1x + f0 and the base field GF(2 89). In addition, we only consider the most frequent case in our implementation and assume that the other cases are handled, e.g. by the protocol. We provide three different implementations ranging from high speed to moderate area. Hence, we provide a solution for a variety of applications. Our high performance HECC coprocessor is 78.5 % faster than the best previous implementation and our low area implementation utilizes only 22.7 % of the area that the smallest published design uses. Taking into account both area and latency, our coprocessor is an order of magnitude more efficient than previous implementations. We hope that the work at hand provides a step towards introducing HEC systems in practical applications.

Abstract. Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we first study an accelerator for the ηT pairing over F3[x]/(x 97 + x 12 + 2). Our architecture is based on a unified arithmetic operator which performs addition, multiplication, and cubing over F 3 97. This design methodology allows us to design a compact coprocessor (1888 slices on a Virtex-II Pro 4 FPGA) which compares favorably with other solutions described in the open literature. We then describe ways to extend our approach to any characteristic and any extension field.