Results 1  10
of
584
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 184 (10 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Comparing elliptic curve cryptography and RSA on 8bit CPUs
 in Proc. of the Sixth Workshop on Crypto graphic Hardware and Embedded Systems (CHES’04
, 2004
"... Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF ..."
Abstract

Cited by 179 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF(p) and RSA1024 and RSA2048 on two 8bit microcontrollers. To accelerate multipleprecision multiplication, we propose a new algorithm to reduce the number of memory accesses. Implementation and analysis led to three observations: 1. Publickey cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160bit ECC point multiplication and 0.43s for a RSA1024 operation with exponent e = 216 +1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudoMersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.
TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks
"... Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to ..."
Abstract

Cited by 136 (1 self)
 Add to MetaCart
(Show Context)
Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to provide PKC support in sensor network applications so that the existing PKCbased solutions can be exploited. This paper presents the design, implementation, and evaluation of TinyECC, a configurable library for ECC operations in wireless sensor networks. The primary objective of TinyECC is to provide a readytouse, publicly available software package for ECCbased PKC operations that can be flexibly configured and integrated into sensor network applications. TinyECC provides a number of optimization switches, which can turn specific optimizations on or off based on developers ’ needs. Different combinations of the optimizations have different execution time and resource consumptions, giving developers great flexibility in integrating TinyECC into sensor network applications. This paper also reports the experimental evaluation of TinyECC on several common sensor platforms, including MICAz, Tmote Sky, and Imote2. The evaluation results show the impacts of individual optimizations on the execution time and resource consumptions, and give the most computationally efficient and the most storage efficient configuration of TinyECC.
Curve25519: new DiffieHellman speed records
 In Public Key Cryptography (PKC), SpringerVerlag LNCS 3958
, 2006
"... Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection) ..."
Abstract

Cited by 111 (24 self)
 Add to MetaCart
Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection), more than twice as fast as other authors ’ results at the same conjectured security level (with or without the side benefits). 1
A survey of security issues in wireless sensor networks
 IEEE Communications Surveys & Tutorials
"... Advances in wireless communication and electronics have enabled the development of lowcost, lowpower, multifunctional sensor nodes. These tiny sensor nodes, consisting of sensing, data processing, and communication components, make it possible to deploy Wireless Sensor Networks (WSNs), which repres ..."
Abstract

Cited by 95 (4 self)
 Add to MetaCart
(Show Context)
Advances in wireless communication and electronics have enabled the development of lowcost, lowpower, multifunctional sensor nodes. These tiny sensor nodes, consisting of sensing, data processing, and communication components, make it possible to deploy Wireless Sensor Networks (WSNs), which represent a significant improvement over traditional wired sensor networks. WSNs can greatly simplify system design and operation, as the environment being monitored does not require the communication or energy infrastructure associated with wired networks [1]. WSNs are expected to be solutions to many applications, such as detecting and tracking the passage of troops and tanks on a battlefield, monitoring environmental pollutants, measuring traffic flows on roads, and tracking the location of personnel in a building. Many sensor networks have missioncritical tasks and thus require that security be considered [2, 3]. Improper use of information or using forged information may cause unwanted information leakage and provide inaccurate results. While some aspects of WSNs are similar to traditional wireless ad hoc networks, important distinctions exist which greatly affect how security is achieved. The differences
Pairingbased Cryptography at High Security Levels
 Proceedings of Cryptography and Coding 2005, volume 3796 of LNCS
, 2005
"... Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the secur ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the security standards for public key cryptosystems are expected to increase, so that in the future they will be capable of providing security equivalent to 128, 192, or 256bit AES keys. In this paper we examine the implications of heightened security needs for pairingbased cryptosystems. We first describe three different reasons why highsecurity users might have concerns about the longterm viability of these systems. However, in our view none of the risks inherent in pairingbased systems are sufficiently serious to warrant pulling them from the shelves. We next discuss two families of elliptic curves E for use in pairingbased cryptosystems. The first has the property that the pairing takes values in the prime field Fp over which the curve is defined; the second family consists of supersingular curves with embedding degree k = 2. Finally, we examine the efficiency of the Weil pairing as opposed to the Tate pairing and compare a range of choices of embedding degree k, including k = 1 and k = 24. Let E be the elliptic curve 1.
Endomorphisms for Faster Elliptic Curve Cryptography on a
 Large Class of Curves, in A. Joux (ed.) EUROCRYPT 2009, Springer LNCS 5479
, 2009
"... Abstract. Efficiently computable homomorphisms allow elliptic curve point multiplication to be accelerated using the GallantLambertVanstone (GLV) method. Iijima, Matsuo, Chao and Tsujii gave such homomorphisms for a large class of elliptic curves by working over Fp2. We extend their results and d ..."
Abstract

Cited by 52 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Efficiently computable homomorphisms allow elliptic curve point multiplication to be accelerated using the GallantLambertVanstone (GLV) method. Iijima, Matsuo, Chao and Tsujii gave such homomorphisms for a large class of elliptic curves by working over Fp2. We extend their results and demonstrate that they can be applied to the GLV method. In general we expect our method to require about 0.75 the time of previous best methods (except for subfield curves, for which Frobenius expansions can be used). We give detailed implementation results which show that the method runs in between 0.70 and 0.83 the time of the previous best methods for elliptic curve point multiplication on general curves. This is the full version of a paper published at Eurocrypt 2009.
Efficient and secure elliptic curve point multiplication using doublebase chains
 In Advances in Cryptology  ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additio ..."
Abstract

Cited by 48 (10 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential sidechannel analysis by using sidechannel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speedups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1
T.: Exploiting the Power of GPUs for Asymmetric Cryptography
, 2008
"... Abstract. Modern Graphics Processing Units (GPU) have reached a dimension with respect to performance and gate count exceeding conventional Central Processing Units (CPU) by far. Many modern computer systems include – beside a CPU – such a powerful GPU which runs idle most of the time and might be u ..."
Abstract

Cited by 48 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Modern Graphics Processing Units (GPU) have reached a dimension with respect to performance and gate count exceeding conventional Central Processing Units (CPU) by far. Many modern computer systems include – beside a CPU – such a powerful GPU which runs idle most of the time and might be used as cheap and instantly available coprocessor for general purpose applications. In this contribution, we focus on the efficient realisation of the computationally expensive operations in asymmetric cryptosystems on such offtheshelf GPUs. More precisely, we present improved and novel implementations employing GPUs as accelerator for RSA and DSA cryptosystems as well as for Elliptic Curve Cryptography (ECC). Using a recent Nvidia 8800GTS graphics card, we are able to compute 813 modular exponentiations per second for RSA or DSAbased systems with 1024 bit integers. Moreover, our design for ECC over the prime field P224 even achieves the throughput of 1412 point multiplications per second.
NanoECC: Testing the limits of elliptic curve cryptography in sensor networks
 Proceedings of the 5th European conference on Wireless Sensor Networks, LNCS 4913
, 2008
"... Abstract. By using Elliptic Curve Cryptography (ECC), it has been recently shown that PublicKey Cryptography (PKC) is indeed feasible on resourceconstrained nodes. This feasibility, however, does not necessarily mean attractiveness, as the obtained results are still not satisfactory enough. In thi ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
(Show Context)
Abstract. By using Elliptic Curve Cryptography (ECC), it has been recently shown that PublicKey Cryptography (PKC) is indeed feasible on resourceconstrained nodes. This feasibility, however, does not necessarily mean attractiveness, as the obtained results are still not satisfactory enough. In this paper, we present results on implementing ECC, as well as the related emerging field of PairingBased Cryptography (PBC), on two of the most popular sensor nodes. By doing that, we show that PKC is not only viable, but in fact attractive for WSNs. As far as we know pairing computations presented in this paper are the most efficient results on the MICA2 (8bit/7.3828MHz ATmega128L) and Tmote Sky (16bit/8.192MHz MSP430) nodes.