Presentation is loading. Please wait.

Presentation is loading. Please wait.

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

Published byKendall Fowles Modified over 10 years ago

Similar presentations

Presentation on theme: "IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -"— Presentation transcript:

1 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Flexible Hardware Reduction for Elliptic Curve Cryptography in GF(2 m ) Steffen Peter, Peter Langendörfer and Krzysztof Piotrowski

2 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Flexibility for ECC implementations = possibility to compute with other key sizes Why? - To communicate with peers that use other key sizes - Change field in case the implemented field has a cryptoanalytical weakness What is the problem? Addition, Multiplication, Registers? - NO (padding zeros) Control program? – NO (it is software) Reduction!

3 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Modular Reduction Corresponds to classic modular division - In GF(11) = {0,1,2,…,9,10} - Example: 5 · 8 = 40 > 10  5 · 8 mod 11 = 40 mod 11 = 7 In GF(2 m ) it is a polynomial division by the irreducible polynomial r(x)

4 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Classic School Division -reduce each bit starting from the left by XORing r until overlapping part C1 is zero -r(x) is the given irreducible of the field

5 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Repeated Multiplication Reduction (RMR) Reduce more bits per iteration by multiplying overlappping part C1 with the irreducible polynomial r C ≡ (C – i · r) mod r for each i  C ≡ C – C1 · r

6 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Reduction Polynomials [NIST] fieldIrreducible polynomial 163 Bitx 163 +x 7 +x 6 +x 3 +1 233 Bitx 233 +x 74 +1 283 Bitx 283 +x 12 +x 7 +x 5 +1 409 Bitx 409 +x 87 +1 571 Bitx 571 +x 10 +x 5 +x 2 +1 Are either trinomials or pentanomials Second highest set position is smaller m/2

7 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Hard-Wired Reduction  Direct mapping from C to C0‘‘ with few XOR operations -Very efficient combinatoric circuit - Reduction in GF(2 233 ) needs 0.03mm² (0.25um CMOS ) NOT FLEXIBLE! C1’∙r (∙x 233 ) (∙x 74 ) (∙x 0 ) (∙x 233 ) (∙x 74 ) (∙x 0 ) C1∙r r=(x 233 +x 74 +x 0 )

8 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Multiple Hard-Wired Reduction Blocks Fast, small Limited flexibility C MUX C‘‘ sel Configurationmm² 163+233+2830,18 163+233+283+409+5710,44 Red163Red233Red283

9 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Reduction Polynomials Are either trinomials or pentanomials Second highest set position is smaller m/2 Have structure x m + … + 1  Exploiting these properties is the basis for the Flexible Shift Reduction fieldIrreducible polynomial 163 Bitx 163 +x 7 +x 6 +x 3 +1 233 Bitx 233 +x 74 +1 283 Bitx 283 +x 12 +x 7 +x 5 +1 409 Bitx 409 +x 87 +1 571 Bitx 571 +x 10 +x 5 +x 2 +1

10 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved C = 2∙283 bit multiplication result Flexible Shift Reduction C0C1 C0’C1’ C0’’ XOR >>283-12 >>283-7 >>283-5 >>283 XOR >>283-12 >>283-7 >>283-5 >>283 Example: Hardware=283 bit, m = 283 bit, r(x) = x 283 +x 12 +x 7 +x 5 +1

11 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Flexible Shift Reduction C0C1 C0’C1’ C0’’ XOR >>163-7 >>163-6 >>163-3 >>163 XOR >>163-7 >>163-6 >>163-3 >>163 Example: Hardware=283 bit, m = 163 bit, r(x) = x 163 +x 7 +x 6 +x 3 +1 2∙283 bit reduction logic C = 2∙163 bit multiplication result

12 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Flexible Shift Reduction - Design

13 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Comparison of complete ECC designs Time and energy for one Elliptic Curve Point Multiplication

14 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Conclusions Reduction is bottleneck of flexible ECC hardware accelerators More flexiblity implies: –Less speed –More silicon area –More energy consumption Multiple hard-wired reduction blocks (MHWR) is the best choice if supported field sizes are known –A design that support all 5 recommended NIST curves (163-571 bit) needs merely 10% more silicon area than a 571 bit single curve design. Flexible Shift Reduction (FSR) provides more flexibility – in comparison to software (MIPS 33 MHz) it is 500 times faster Requires less than 1% of the energy ECC-FSR is the fastest known implementation with such degree of flexibility

15 IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved Thank You Questions? peter@ihp-microelectronics.com

Download ppt "IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -"

Similar presentations

International Graduate School Cottbus / IHP microelectronics Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt.

International Graduate School Cottbus / IHP microelectronics Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt.
Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2006 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2003 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,

1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
Cryptography and Network Security

Cryptography and Network Security
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

Similar presentations

Ads by Google