Results 1  10
of
36
Poweranalysis attacks on an FPGA — first experimental results
 Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 2003), Lecture Notes in Computer Science Volume 2779
, 2003
"... Abstract. Field Programmable Gate Arrays (FPGAs) are becoming increasingly popular, especially for rapid prototyping. For implementations of cryptographic algorithms, not only the speed and the size of the circuit are important, but also their security against implementation attacks such as sidecha ..."
Abstract

Cited by 39 (3 self)
 Add to MetaCart
Abstract. Field Programmable Gate Arrays (FPGAs) are becoming increasingly popular, especially for rapid prototyping. For implementations of cryptographic algorithms, not only the speed and the size of the circuit are important, but also their security against implementation attacks such as sidechannel attacks. Poweranalysis attacks are typical examples of sidechannel attacks, that have been demonstrated to be effective against implementations without special countermeasures. The flexibility of FPGAs is an important advantage in real applications but also in lab environments. It is therefore natural to use FPGAs to assess the vulnerability of hardware implementations to poweranalysis attacks. To our knowledge, this paper is the first to describe a setup to conduct poweranalysis attacks on FPGAs. We discuss the design of our handmade FPGAboard and we provide a first characterization of the power consumption of a Virtex 800 FPGA. Finally we provide strong evidence that implementations of elliptic curve cryptosystems without specific countermeasures are indeed vulnerable to simple poweranalysis attacks.
Customizable elliptic curve cryptosystems
 IEEE Transactions on Very Large Scale Integration (VLSI) Systems
, 2005
"... Abstract—This paper presents a method for producing hardware designs for elliptic curve cryptography (ECC) systems over the finite field qp@P A, using the optimal normal basis for the representation of numbers. Our field multiplier design is based on a parallel architecture containing multiplebit s ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Abstract—This paper presents a method for producing hardware designs for elliptic curve cryptography (ECC) systems over the finite field qp@P A, using the optimal normal basis for the representation of numbers. Our field multiplier design is based on a parallel architecture containing multiplebit serial multipliers; by changing the number of such serial multipliers, designers can obtain implementations with different tradeoffs in speed, size and level of security. A design generator has been developed which can automatically produce a customised ECC hardware design that meets userdefined requirements. To facilitate performance characterization, we have developed a parametric model for estimating the number of cycles for our generic ECC architecture. The resulting hardware implementations are among the fastest reported: for a key size of 270 bits, a point multiplication in a Xilinx XC2V6000 FPGA at 35 MHz can run over 1000 times faster
PublicKey Cryptographic Processor for RSA and ECC
 Columbia University
, 2004
"... We describe a generalpurpose processor architecture for accelerating publickey computations on server systems that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients that are likely to be limited in the set of cryptographic algorit ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
We describe a generalpurpose processor architecture for accelerating publickey computations on server systems that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients that are likely to be limited in the set of cryptographic algorithms supported. Flexibility is achieved in that the processor supports multiple publickey cryptosystems, namely RSA, DSA, DH, and ECC, arbitrary key sizes and, in the case of ECC, arbitrary curves over fields GF (p) and GF (2 m). At the core of the processor is a novel dualfield multiplier based on a modified carrysave adder (CSA) tree that supports both GF (p) and GF (2 m). In the case of a 64bit integer multiplier, the necessary modifications increase its size by a mere 5%. To efficiently schedule the multiplier, we implemented a multiplyaccumulate instruction that combines several steps of a multipleprecision multiplication in a single operation: multiplication, carry propagation, and partial product accumulation. We have developed a hardware prototype of the cryptographic processor in FPGA technology. If implemented in current 1.5 GHz processor technology, the processor executes 5,265 RSA1024 op/s and 25,756 ECC163 op/s the given key sizes offer comparable security strength. Looking at future security levels, performance is 786 op/s for RSA2048 and 9,576 op/s for ECC233. 1
Designing an ASIP for Cryptographic Pairings over BarretoNaehrig Curves
, 2009
"... This paper presents a designspace exploration of an applicationspecific instructionset processor (ASIP) for the computation of various cryptographic pairings over BarretoNaehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
This paper presents a designspace exploration of an applicationspecific instructionset processor (ASIP) for the computation of various cryptographic pairings over BarretoNaehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a field Fp of large prime order p. Efficient arithmetic in these fields is crucial for fast computation of pairings. Moreover, computation of cryptographic pairings is much more complex than ellipticcurve cryptography (ECC) in general. Therefore, we facilitate programming of the proposed ASIP by providing a C compiler. In order to speed up Fp arithmetic, a RISC core is extended with additional scalable functional units. Because the resulting speedup can be limited by the memory throughput, utilization of multiple datamemory banks is proposed. The presented design needs 15.8 ms for the computation of the OptimalAte pairing over a 256bit BN curve at 338 MHz implemented with a 130 nm standard cell library. The processor core consumes 97 kGates making it suitable for the use in embedded systems.
Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem
 In EUROCON: Proceedings of the International Conference on “Computer as a tool
, 2005
"... Abstract — This paper presents simple (SEMA) and differential (DEMA) electromagnetic analysis attacks on an FPGA implementation of an elliptic curve processor. Elliptic curve cryptography is a public key cryptosystem that is becoming increasingly popular. Implementations of cryptographic algorithms ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Abstract — This paper presents simple (SEMA) and differential (DEMA) electromagnetic analysis attacks on an FPGA implementation of an elliptic curve processor. Elliptic curve cryptography is a public key cryptosystem that is becoming increasingly popular. Implementations of cryptographic algorithms should not only be fast, compact and power efficient, but they should also resist side channel attacks. One of the side channels is the electromagnetic radiation out of an integrated circuit. Hence it is very important to assess the vulnerability of implementations of cryptosystems against these attacks. A SEMA attack on an unprotected implementation can find all the key bits with only one measurement. We also describe a DEMA attack on an improved implementation and demonstrate that a correlation analysis requires 1000 measurements to find the key bits.
Hardware Implementation of a Montgomery Modular Multiplier in a Systolic Array
"... This paper describes a hardware architecture for modular multiplication operation which is efficient for bitlengths suitable for both commonly used types of Public Key Cryptography (PKC) i.e. ECC and RSA Cryptosystems. The challenge of current PKC implementations is to deal with long numbers (1602 ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
This paper describes a hardware architecture for modular multiplication operation which is efficient for bitlengths suitable for both commonly used types of Public Key Cryptography (PKC) i.e. ECC and RSA Cryptosystems. The challenge of current PKC implementations is to deal with long numbers (1602048 bits) in order to achieve system's efficiency, as well as security. RSA, still the most popular PKC, has at its root the modular exponentiation operation. Modular exponentiation consists of repeated modular multiplications, which is also the basic operation for ECC protocols. The solution proposed in this work uses a systolic array implementation and can be used for arbitrary precisions. We also present modular exponentiation based on the Montgomery's Multiplication Method (MMM).
Efficient ellipticcurve cryptography using Curve25519 on reconfigurable devices
 in ARC, 2014
"... Abstract. Elliptic curve cryptography (ECC) has become the predominant asymmetric cryptosystem found in most devices during the last years. Despite significant progress in efficient implementations, computations over standardized elliptic curves still come with enormous complexity, in particular ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Elliptic curve cryptography (ECC) has become the predominant asymmetric cryptosystem found in most devices during the last years. Despite significant progress in efficient implementations, computations over standardized elliptic curves still come with enormous complexity, in particular when implemented on small, embedded devices. In this context, Bernstein proposed the highly efficient ECC instance Curve25519 that was shown to achieve new ECC speed records in software providing a high security level comparable to AES with 128bit key. These very tempting results from the software domain have led to adoption of Curve25519 by several securityrelated applications, such as the NaCl cryptographic library or in anonymous routing networks (nTor). In this work we demonstrate that even better efficiency of Curve25519 can be realized on reconfigurable hardware, in particular by employing their Digital Signal Processor blocks (DSP). In a first proposal, we present a DSPbased singlecore architecture that provides highperformance despite moderate resource requirements. As a second proposal, we show that an extended architecture with dedicated inverter stage can achieve a performance of more than 32,000 point multiplications per second on a (small) Xilinx Zynq 7020 FPGA. This clearly outperforms speed results of any softwarebased and most hardwarebased implementations known so far, making our design suitable for cheap deployment in many future security applications.
on the security of elliptic curve cryptosystems against attacks with specialpurpose hardware
 In ”Specialpurpose Hardware for Attacking Cryptographic Systems — SHARCS’06
"... Since their invention in the mid 1980s, Elliptic Curve Cryptosystems (ECC) have become an alternative to common PublicKey (PK) cryptosystems such as, e.g., RSA. The utilization of Elliptic Curves (EC) in cryptography is very promising because of their resistance against powerful indexcalculus atta ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Since their invention in the mid 1980s, Elliptic Curve Cryptosystems (ECC) have become an alternative to common PublicKey (PK) cryptosystems such as, e.g., RSA. The utilization of Elliptic Curves (EC) in cryptography is very promising because of their resistance against powerful indexcalculus attacks. For a similar level of security, ECC allows for efficient implementation due to a significantly smaller bit size of the operands. It is widely accepted that the only feasible way to attack actual cryptosystems is the application of dedicated hardware. In times of continuous technological improvements and increasing computing power, the question of the security of ECC against attacks based on specialpurpose hardware arises. This work presents an architecture and the corresponding FPGA implementation of an attack against ECC over prime fields. We describe an FPGAbased multiprocessing hardware architecture for the PollardRho method which is, to our knowledge, currently the most efficient attack against ECC. The implementation is running on a contemporary lowcost FPGA which allows for a much better costperformance ratio than conventional CPUs. With the implementation at hand, a fairly accurate estimate about the cost of an FPGAbased attack can be given. We will project the results on actual ECC key lengths (160 bit and above) and estimate the expected runtimes for a successful attack. Since FPGAbased attacks are out of reach for actual key lengths, we provide estimates for an ASIC design. As a result, we consider ECC over over prime fields to be far more secure than commonly believed. We show that the security of ECC163 against hardware attacks is several orders of magnitude harder than that of RSA1024. As a consequence, currently used elliptic curve cryptosystems are infeasible to break with available computational and financial resources. Keywords: discrete logarithm, elliptic curve cryptosystem, cryptanalysis, Pollard’s Rho, hardware, publickey, field programmable gate array.
HW/SW codesign for accelerating publickey cryptosystems over GF(p) on the 8051 µcontroller
 In Proc. World Automation Congress (WAC’06), Special Session on Information Security and Hardware Implementations
, 2006
"... Implementing large wordlength public key algorithms on small 8bit μcontrollers is a challenge. This paper presents a hardware/software codesign solution of RSA and Elliptic Curve Cryptography (ECC) over GF(p) on a 12 MHz 8bit 8051 μcontroller. The hardware coprocessor has a modular arithmetic ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Implementing large wordlength public key algorithms on small 8bit μcontrollers is a challenge. This paper presents a hardware/software codesign solution of RSA and Elliptic Curve Cryptography (ECC) over GF(p) on a 12 MHz 8bit 8051 μcontroller. The hardware coprocessor has a modular arithmetic logic unit (MALU) of which the digit size (d) is variable. It can be adapted to the speed and bandwidth of the μcontroller to which it is connected. The HW/SW codesign space exploration is based on the GEZEL systemlevel design environment. It allows the designer to find the best performancearea combination for the digit size. A case study of an FPGA implementation for a 160bit ECC over GF(p) (ECC160p) shows that one point multiplication can be computed 40 times faster than an optimized SW implementation with the optimized digit size, d=4. KEYWORDS: HW/SW codesign, RSA, ECC, FPGA implementation, GF(p) operations 1.
Design of a Reconfigurable Processor for Elliptic Curve Cryptography over NIST Prime Fields
 M.SC.THESIS
, 2006
"... Exchange of information must integrate a means of protecting data against unauthorized access. Cryptography plays an important role in achieving information security. It is used for (1) encrypting or signing data at the source before transmission, and then (2) decrypting or validating the signature ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Exchange of information must integrate a means of protecting data against unauthorized access. Cryptography plays an important role in achieving information security. It is used for (1) encrypting or signing data at the source before transmission, and then (2) decrypting or validating the signature of the received message at the destination. This thesis focuses on the study of the hardware implementation of a reconfigurable processor supporting elliptic curve cryptography (ECC) over prime fields GF(p). The proposed processor can be reconfigured to work with any of the five prime fields recommended by NIST (192 to 521 bits). Our processor can be programmed to execute any sequence of basic modular operations (add, subtract, multiply, invert) used in higher level ECC arithmetic. The architecture has been prototyped on a Xilinx FPGA. Its performance is competitive with existing hardware implementation, despite the overhead needed to support datapath reconfigurations for different prime sizes.