#### DMCA

## Hardware Implementation of Elliptic Curve Processor over GF(p) (2003)

### Cached

### Download Links

Venue: | International Journal of Embedded Systems |

Citations: | 36 - 6 self |

### Citations

3814 | A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
- Rivest, Shamir, et al.
- 1978
(Show Context)
Citation Context ...] in the 80’s. Since then a considerable amount of research has been performed on secure and efficient ECC implementations. The benefits of ECC, when compared with classical cryptosystems such as RSA =-=[19]-=-, include: higher speed, lower power consumption and smaller certificates, which are especially useful for wireless applications. The performance of an elliptic curve cryptosystem and of other public ... |

3249 | Handbook of applied cryptography
- MENEZES, OORSCHOT, et al.
- 1997
(Show Context)
Citation Context ...2T2 � aZ 4 9. � 1 T6 ← T 2 10. 2 T4 ← 2T1 Z3 ← 2T4 11. X3 ← T6 − T4 12. 13. T1 ← T1 − X3 T2 ← T2T1 aZ 4 14. Y3 ← T2 − T3 3 ← 2T5 Modular multiplicative inversion is done according to Fermat’s theorem =-=[8, 12]-=-, a −1 = a p−2 mod p, if gcd(a,p) = 1. Because the curves we are interested in are defined over GF(p), p is prime, we can use this theorem to find the multiplicative inverses modulo p. So multiplicati... |

1091 | B.: Differential power analysis
- Kocher, Jaffe, et al.
- 1999
(Show Context)
Citation Context ...ally for multiplication [14]. The original proposal of Montgomery had a conditional subtraction included at the end of the algorithm. For efficiency as well as resistance against side-channel attacks =-=[9, 10]-=- a bound for R is given as 4N < R to avoid this subtraction by Walter in [21]. This bound guarantees that for inputs X,Y < 2N the output is also bounded by T < 2N. We will take α = 1 for simplicity an... |

979 |
Elliptic curve cryptosystems
- Koblitz
- 1987
(Show Context)
Citation Context ...rmal representation conversion. Keywords: Elliptic Curve Cryptosystems, Modular Operations, FPGA 1 Introduction Elliptic Curve Cryptography (ECC) was proposed independently by Miller [13] and Koblitz =-=[7]-=- in the 80’s. Since then a considerable amount of research has been performed on secure and efficient ECC implementations. The benefits of ECC, when compared with classical cryptosystems such as RSA [... |

719 |
Use of Elliptic Curves in Cryptography
- Miller
- 1986
(Show Context)
Citation Context ... Montgomery to normal representation conversion. Keywords: Elliptic Curve Cryptosystems, Modular Operations, FPGA 1 Introduction Elliptic Curve Cryptography (ECC) was proposed independently by Miller =-=[13]-=- and Koblitz [7] in the 80’s. Since then a considerable amount of research has been performed on secure and efficient ECC implementations. The benefits of ECC, when compared with classical cryptosyste... |

640 | Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems
- Kocher
- 1996
(Show Context)
Citation Context ...ally for multiplication [14]. The original proposal of Montgomery had a conditional subtraction included at the end of the algorithm. For efficiency as well as resistance against side-channel attacks =-=[9, 10]-=- a bound for R is given as 4N < R to avoid this subtraction by Walter in [21]. This bound guarantees that for inputs X,Y < 2N the output is also bounded by T < 2N. We will take α = 1 for simplicity an... |

544 |
Modular multiplication without trial division
- Montgomery
- 1985
(Show Context)
Citation Context ...r finite field GF(p) is presented. The most critical operation for latency is modular multiplication. We use our systolic array multiplier based on Montgomery’s Modular Multiplication (MMM) algorithm =-=[14]-=- which is proposed in [16]; this multiplier is proven to be very efficient for modular exponentiation as the basic operation for RSA cryptosystems [1]. The processor consists of special operational bl... |

320 |
Computer Arithmetic: Algorithms and Hardware Designs
- Parhami
- 2009
(Show Context)
Citation Context ...hen 4: C = C ′′ 5: else 6: C = C ′ 7: end if The numbers are represented in two’s complement representation. In this representation, addition and subtraction can be realized by using the same circuit =-=[18]-=-. 4.10 Implementation Results of The Elliptic Curve Processor The proposed processor is implemented on Xilinx V1000E-BG-560-8 (Virtex E) FPGA by taking the bit length of EC parameters N and the bit le... |

181 | Efficient Elliptic Curve Exponentiation Using Mixed Coordinates
- COHEN, MIYAJI, et al.
- 1998
(Show Context)
Citation Context ... indicates the conversion is done and goes back to MtoN-IDLE state. 3.7 EC Point doubling, addition Cohen et al. propose a modified Jacobian coordinates in order to obtain faster EC point doubling in =-=[6]. They-=- represent internally the Jacobian coordinates as a quadruple � X, Y, Z, aZ4� . This representation is called modified Jacobian coordinate system and denoted by the authors as J m . Let P = � X1... |

164 |
The Designer’s Guide to VHDL
- Ashenden
- 2004
(Show Context)
Citation Context ...ubstraction circuit (ASC) All blocks were designed as an separate circuit with own finite state machine and data path for simplicity. So all the blocks can be improved and tested themselves. The VHDL =-=[1]-=- code was written by describing the bit-length, N, of coordinates x and y of P and the bit-length, l of k as parameters. So this design is suitable for any N and l. In the following sections we have d... |

75 |
Hardware implementation of Montgomery’s modular multiplication algorithm
- Eldridge, Walter
- 1993
(Show Context)
Citation Context ...tion, both in software and hardware. In this paper we look at a hardware implementation. Efficient implementation of Montgomery modular multiplication (MMM) in hardware was considered by many authors =-=[7, 13, 33, 22, 17, 24, 34, 27, 14, 25, 28]-=-.sA systolic array architecture is one possibility for implementations of public key cryptography in hardware. Various solutions for systolic arrays were proposed, for example [8, 12, 11, 32, 13, 15, ... |

59 | An Energy-Efficient Reconfigurable PublicKey Cryptogrphy Processor
- Goodman, Chandrakasan
- 2001
(Show Context)
Citation Context ...r claims that it requires just a little more hardware resources than for a pure GF(p) multiplier. Goodman and Chandrakasan proposed a domain-specific reconfigurable cryptographic processor (DSRCP) in =-=[6]-=-. The instruction set definition of the DSRCP was dictated by the IEEE 1363 Public Key Cryptography Standard document. A list of the arithmetic functions required to implement the various primitives d... |

47 |
Simplifying quotient determination in high-radix modular multiplication
- Orup
- 1995
(Show Context)
Citation Context ...ughput from the multiplier. The expected latency was not considered. Their multiplier is also based on the MMM algorithm but it is a generalized version with quotient pipelining introduced by Orup in =-=[17]-=-. We use the basic MMM algorithm from which we only exclude the modular reduction as a result of the bound adjustment. In this way no pre-computation is required which results substantial memory savin... |

43 | High-radix Montgomery modular exponentiation on reconfigurable hardware
- Blum, Paar
- 2001
(Show Context)
Citation Context ... 24, 34, 27, 14, 25, 28].sA systolic array architecture is one possibility for implementations of public key cryptography in hardware. Various solutions for systolic arrays were proposed, for example =-=[8, 12, 11, 32, 13, 15, 29, 35, 26, 3, 9, 31, 36, 4, 30, 2]-=-. In this work we combine a systolic array architecture, which is assumed to be the best choice for hardware on current integrated circuits (ICs), with a MMM in Field Programmable Gate Array (FPGA). S... |

31 | A scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware
- Orlando, Paar
- 2001
(Show Context)
Citation Context ... are omitted due to space limitation. Section 5 concludes the paper. 2 Previous Work To the best of our knowledge, the first documented ECC processor over fields GF(p) is proposed by Orlando and Paar =-=[15]-=-. The Elliptic Curve Processor (ECP) is scalable in terms of area and speed and especially suited for FPGAs. The authors estimate that it would take 3 ms to compute one 192-bit point multiplication. H... |

30 | RSA hardware implementation
- Koç
- 1995
(Show Context)
Citation Context ... cycles for completing one modular Montgomery multiplication equals 3l + 4 . 3.10 Modular Addition, Substraction Modular addition and subtraction are executed according to Algorithm 7 and Algorithm 8 =-=[5]-=- given below, respectively.sIDLE counter 0 MMM=1 X register X input Y register Y input N register X input T register 0 MUL1 T register output of systolic array MUL2 OUT START 1 right shift X counter=c... |

30 | Hardware architectures for public key cryptography
- Batina, Örs, et al.
- 2003
(Show Context)
Citation Context ...tgomery’s Modular Multiplication (MMM) algorithm [14] which is proposed in [16]; this multiplier is proven to be very efficient for modular exponentiation as the basic operation for RSA cryptosystems =-=[1]-=-. The processor consists of special operational blocks for MMM, modular addition/subtraction (MAS), EC point doubling/addition, modular multiplicative inversion, EC point multiplier, projective to aff... |

29 |
Montgomery’s multiplication technique: How to make it smaller and faster
- Walter
(Show Context)
Citation Context ...hed. 4.8 Montgomery Modular Multiplication Circuit The i-th iteration of Step 2 in Algorithm 2 computes the temporary results Ti = 2 −1 (Ti−1 + xi × Y + mi × N), i = 0, · · · ,l + 1 (3) where T−1 = 0 =-=[20]-=-. The j-th digit of Ti is obtained using the recurrence relation 2 2 × c1i,j + 2 × c0i,j + ti,j = ti−1,j+1 + xi × yj + mi × nj + 2 × c1i,j−1 + c0i,j−1 (4) i = 0, · · · ,l + 1, j = 0, · · · ,l + 1,c1i,... |

25 |
Logic and computer design fundamentals
- Mano, Kime
- 1997
(Show Context)
Citation Context ...table for any N and l. In the following sections we have described the system using a top-down approach. 4.1 Main Controller MC includes a FSM with 5 states. The algorithmic state machine (ASM) chart =-=[11]-=- of MC is shown in Fig. 2.(a). The START signal is the instruction signal from host. MC instructs, NtoM to start conversion from normal to Montgomery representation, EPM to start point multiplication,... |

21 | Modular exponentiation on reconfigurable hardware
- Blum
- 1999
(Show Context)
Citation Context ... 24, 34, 27, 14, 25, 28].sA systolic array architecture is one possibility for implementations of public key cryptography in hardware. Various solutions for systolic arrays were proposed, for example =-=[8, 12, 11, 32, 13, 15, 29, 35, 26, 3, 9, 31, 36, 4, 30, 2]-=-. In this work we combine a systolic array architecture, which is assumed to be the best choice for hardware on current integrated circuits (ICs), with a MMM in Field Programmable Gate Array (FPGA). S... |

14 |
A course in number theory and cryptography, volume 114 of Graduate texts in mathematics
- Koblitz
- 1987
(Show Context)
Citation Context ...2T2 � aZ 4 9. � 1 T6 ← T 2 10. 2 T4 ← 2T1 Z3 ← 2T4 11. X3 ← T6 − T4 12. 13. T1 ← T1 − X3 T2 ← T2T1 aZ 4 14. Y3 ← T2 − T3 3 ← 2T5 Modular multiplicative inversion is done according to Fermat’s theorem =-=[8, 12]-=-, a −1 = a p−2 mod p, if gcd(a,p) = 1. Because the curves we are interested in are defined over GF(p), p is prime, we can use this theorem to find the multiplicative inverses modulo p. So multiplicati... |

14 |
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli
- Walter
- 2002
(Show Context)
Citation Context ...nal subtraction included at the end of the algorithm. For efficiency as well as resistance against side-channel attacks [9, 10] a bound for R is given as 4N < R to avoid this subtraction by Walter in =-=[21]-=-. This bound guarantees that for inputs X,Y < 2N the output is also bounded by T < 2N. We will take α = 1 for simplicity and make the iteration starting from Step 2 execute l+2 times instead of l time... |

13 | Fast exponentiation with precomputation: algorithms and lower bounds
- Brickell, Gordon, et al.
- 1995
(Show Context)
Citation Context ...lts in an important flexibility which is unrelated to any specific parameter choice. Orlando and Paar also used an adaptation of a fixed base exponentiation method as introduced by Brickell et al. in =-=[3]-=-. This algorithm is assumed to be 4 times faster than standard double-and-add algorithm which is used here. However, it involves a known point calculation which is a limiting factor with respect to va... |

10 |
Montgomery in practice: How to do it more efficiently in hardware
- Batina, Muurling
(Show Context)
Citation Context ... 24, 34, 27, 14, 25, 28].sA systolic array architecture is one possibility for implementations of public key cryptography in hardware. Various solutions for systolic arrays were proposed, for example =-=[8, 12, 11, 32, 13, 15, 29, 35, 26, 3, 9, 31, 36, 4, 30, 2]-=-. In this work we combine a systolic array architecture, which is assumed to be the best choice for hardware on current integrated circuits (ICs), with a MMM in Field Programmable Gate Array (FPGA). S... |

9 |
Systolic modular multiplication
- Even
- 1990
(Show Context)
Citation Context |

8 | Hardware implementation of a montgomery modular multiplier in a systolic array
- Ors, Batina, et al.
- 2003
(Show Context)
Citation Context ...esented. The most critical operation for latency is modular multiplication. We use our systolic array multiplier based on Montgomery’s Modular Multiplication (MMM) algorithm [14] which is proposed in =-=[16]-=-; this multiplier is proven to be very efficient for modular exponentiation as the basic operation for RSA cryptosystems [1]. The processor consists of special operational blocks for MMM, modular addi... |

1 |
Dual-field arithmetic unit for GF(p) and GF(2 m
- Wolkerstorfer
(Show Context)
Citation Context ...ng factor with respect to various applications of ECC. Wolkerstorfer proposes a dual-field arithmetic unit that offers all instructions required for both types of finite fields: GF(p) and GF(2 m ) in =-=[22]-=-. He uses a redundant number representation and a special multiplication with interleaved modular reduction. Inversion is performed by the Extended Euclidean Algorithm. This is a low-power architectur... |