Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University."— Presentation transcript:

1 A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University Advisor : Prof. Cheng-Wen Wu Student : San-Yang Lin Advisor : Prof. Cheng-Wen Wu Student : San-Yang Lin

2 Laboratory for Reliable Computing (LaRC),2004 2 OutlineOutline  Introduction  Cryptosystem  Mathematical Background  Introduction to Elliptic Curves  The Elliptic Scalar Multiplication  Elliptic Curve Crypto-Processor Design  Experimental Results  Conclusions

3 Laboratory for Reliable Computing (LaRC),2004 3 IntroductionIntroduction  Demand of Security - E-commerce - Electronic Banking  Software vs. Hardware Implementation - The Energy/computation Inefficiencies of Software - An Open Untrustworthy environment at Software  Public Key Cryptosystem - ECC vs. RSA

4 Laboratory for Reliable Computing (LaRC),2004 4 Cryptosystem (1/2)  Symmetric Key Cryptosystem

5 Laboratory for Reliable Computing (LaRC),2004 5 Cryptosystem (2/2)  Asymmetric Key Cryptosystem

6 Laboratory for Reliable Computing (LaRC),2004 6 Mathematical Background (1/2)  Galois Fields - Contain a Finite Number of Element - GF(p) Prime Field - GF(2 m ) Binary Field  Modular Arithmetic - a = b (mod) m - c = a ± b (mod) m - c = a × b (mod) m - 1 = a × a -1 (mod) m

7 Laboratory for Reliable Computing (LaRC),2004 7 Mathematical Background (2/2)  Polynomial Basic Polynomial Addition and Substraction -(0110) + (0101) = (0011) -(0110) – (0101) = (0011) Polynomial Multiplication Irreducible Polynomial : f(x) = x 4 + x + 1 (1101)(1001) = (x 3 + x 2 + 1)(x 3 + 1) (mod f(x)) = x 6 + x 5 + 2x 3 + x 2 + 1 (mod f(x)) = x 6 + x 5 + x 2 + 1 (mod f(x)) = (x 4 + x + 1)(x 2 + x) + (x 3 + x 2 + x + 1)(mod f(x)) = x 3 + x 2 + x + 1 = (1111)

8 Laboratory for Reliable Computing (LaRC),2004 8 Introduction to Elliptic Curves  Elliptic Curve Equation: y 2 = x 3 + ax + b in prime field y 2 + xy = x 3 + ax 2 + b in binary field

9 Laboratory for Reliable Computing (LaRC),2004 9 Elliptic Curve Addition (1/2)  P + Q = R P + -P = 0

10 Laboratory for Reliable Computing (LaRC),2004 10 Elliptic Curve Addition (1/2)  P + P = 2P = R

11 Laboratory for Reliable Computing (LaRC),2004 11 Example of an Elliptic Curve Group over F p  Elliptic Curve Equation: y 2 = x 3 + x at F 23 The point (9,5) satisfies this equation: y 2 (mod p) = x 3 + x (mod p) 25 (mod 23) = 729 + 9 (mod 23) 25 (mod 23) = 738 (mod 23) 2 = 2

12 Laboratory for Reliable Computing (LaRC),2004 12 A Crypto Example for Elliptic Curve (1/2)

13 Laboratory for Reliable Computing (LaRC),2004 13 A Crypto Example for Elliptic Curve (2/2)  Suppose B = (2,7) and Bob chooses a=7  Bob ’ s public key = 7B = (7,2)  Alice wishes to send M=(10,9) to Bob. Randomly select k = 3 then, [ kB, M + k(aB) ] = [ (8,3), (10,9) + 3(7,2) ] = [ (8,3), (10,9) + (3,5) ] = [ (8,3), (10,2) ]  Bob receives pair and multiplies a by kB  7(8,3) and subtracts from M + k(aB) to obtain: M + k(aB) – a(kB) = (10,2) – 7(8,3) = (10,2) – (3,5) = (10,2) + (3,6) = (10,9)

14 Laboratory for Reliable Computing (LaRC),2004 14 The Elliptic Scalar Multiplication  The Scalar Multiplication Algorithm ComplexityMontgomery Form Double and Add (projective) Double and Add (affine) Add and Subtract (projective) Add and Subtract (affine) #Square5log 2 k + 37.5(log 2 k – 1)1.5(log 2 k - 1)5.33(log 2 k –1)1.33(log 2 k-1) #Mult6log 2 k + 1012.5(log 2 k –1)3(log 2 k – 1)10(log 2 k – 1)2.33(log 2 k–1) #Inverse121.5(log 2 k – 1)21.33(log 2 k-1)

15 Laboratory for Reliable Computing (LaRC),2004 15 Multiplication in GF(p)  Multiply-then Divide vs. Montgomery multiplier  Montgomery multiplier: MM(A,B,M) = AB2 -n mod M AB mod M = MM(AB2 -n modM,2 2n modM,M)

16 Laboratory for Reliable Computing (LaRC),2004 16 Multiplication in GF(2 n )  Parallel vs. Serial algorithm  Serial Algorithm:

17 Laboratory for Reliable Computing (LaRC),2004 17 Inversion in GF(2 n )  Extended Euclidean Algorithm :

18 Laboratory for Reliable Computing (LaRC),2004 18 Elliptic Curve Crypto-Processor Design

19 Laboratory for Reliable Computing (LaRC),2004 19 The Instruction Set of the ECC processor

20 Laboratory for Reliable Computing (LaRC),2004 20 IO Interface

21 Laboratory for Reliable Computing (LaRC),2004 21 ControllerController

22 Laboratory for Reliable Computing (LaRC),2004 22 2D Gated Clock Design clk_r0clk_r0 clk_r1clk_r1 clk_r2clk_r2 clk_r3clk_r3 clk_r4clk_r4 enableenable

23 Laboratory for Reliable Computing (LaRC),2004 23 Arithmetic Unit

24 Laboratory for Reliable Computing (LaRC),2004 24 Register File

25 Laboratory for Reliable Computing (LaRC),2004 25 Comparator Unit

26 Laboratory for Reliable Computing (LaRC),2004 26 Adder Unit

27 Laboratory for Reliable Computing (LaRC),2004 27 Multi-Arithmetic Unit

28 Laboratory for Reliable Computing (LaRC),2004 28 Simulation Flow DefineSpecificationDefineSpecification Behavior Model Establishment HDL Design FunctionSimulationFunctionSimulation SynthesisSynthesis Pre-layoutSimulationPre-layoutSimulation MatchMatch MatchMatch MismatchMismatch MismatchMismatch

29 Laboratory for Reliable Computing (LaRC),2004 29 Experimental Results  Maximum Frequency : 384 MHz using UMC 0.18 CMOS Process Binary FieldPrime Field EC Scalar Multiplication (cycles) (m – 1 )(6m + 94) +16m + 160 (m – 1)(32m + 196) + 964

30 Laboratory for Reliable Computing (LaRC),2004 30 Circuit Size Functional blockCircuit size (gated)Circuit size (normal) MAU core (logic)2118421621 MAU core (local registers)6780446912 Register File8320095273 Adder97157728 Compare63357956 IO interface30433950 Controller1952216049 Total210804199491

31 Laboratory for Reliable Computing (LaRC),2004 31 Power Results  Gated Clock Design: 128bit160bit192bit224bit256bit Power143mW151mW163mW183mW205mW

32 Laboratory for Reliable Computing (LaRC),2004 32 Compare (1/2) ReferenceFieldPlatform Maximum Frequency EC mult time Notes This workGF(2 163 )0.18um CMOS ASIC 384MHz0.46msdual field multiplier and inversion: logic size: 21184 gates Eberle(03) GF(2 163 ) Xilinx xcv2000E-7 66MHz0.30ms256*64bit Binary multiplier (estimated:460k gates) Eberle(03) GF(2 163 ) Xilinx xcv2000E-7 66MHz0.14msOptimal for named curve Satoh(03)GF(2 163 )0.13um CMOS ASIC 510.2MHz0.36ms64*64bit dual field multiplier logic size: 96224 gates Orlando (00) GF(2 167 )Xilinx xcv400E 76.7MHz0.21ms167*16bit binary multiplier and 167*167bit squarer for P(x) = x 167 +x 6 +1 (estimated:140k gates)

33 Laboratory for Reliable Computing (LaRC),2004 33 Compare (2/2) ReferenceFieldPlatform Maximum Frequency EC mult time Notes This work GF(p) 192bit 0.18um CMOS ASIC 384MHz3.1 ms dual field multiplier and inversion: logic size: 21184 gates Satoh(03)GF(p) 192bit 0.13um CMOS ASIC 137.7MHz2.66 ms 64*64bit dual field multiplier logic size: 96224 gates Orlando (00) GF(2 192 - 2 64 -1) Xilinx xcv1000E-8 40MHz3ms192 * 8 bit multiplier

34 Laboratory for Reliable Computing (LaRC),2004 34 ConclusionConclusion  Support Dual Field Arithmetic  Merge Different Arithmetic Operation to One Unit  Smallest Product of Area × EC Mult. Time  Power Efficiency Design

Download ppt "A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University."

Similar presentations

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.

The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.

A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.

An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.
CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.

CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
CSE 246: Computer Arithmetic Algorithms and Hardware Design Numbers: RNS, DBNS, Montgomory Prof Chung-Kuan Cheng Lecture 3.

CSE 246: Computer Arithmetic Algorithms and Hardware Design Numbers: RNS, DBNS, Montgomory Prof Chung-Kuan Cheng Lecture 3.

Similar presentations

Ads by Google