New Regular Radix-8 Scheme for Elliptic Curve Scalar Multiplication without Pre-Computation
Pages 438 - 451
Abstract
The recent advances in mobile technologies have increased the demand for high performance parallel computing schemes. In this paper, we present a new algorithm for evaluating elliptic curve scalar multiplication that can be used on any abelian group. We show that the properties of the proposed algorithm enhance parallelism at both the point arithmetic and the field arithmetic levels. Then, we employ this algorithm in proposing a new hardware design for the implementation of an elliptic curve scalar multiplication on a prime extended twisted Edwards curve incorporating eight parallel operations. We further show that in comparison to the other simple side-channel attack protected schemes over prime fields, the proposed design of the extended twisted Edwards curve is the fastest scalar multiplication scheme reported in the literature.
References
[1]
W. Diffie and M. E. Hellman, “New directions in cryptography”, in IEEE Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, Nov. 1976.
[2]
M. Abdelguerfi, B. S. Kaliski Jr, and W. Patterson, “Public-Key security systems”, in IEEE Micro, vol. 16, no. 3, pp. 10–13, Jun. 1996.
[3]
L. Batina, S. B. Örs, B. Preneel, and J. Vandewalle, “Hardware architectures for public key cryptography”, in Integr. VLSI J., vol. 34, no. 1, pp. 1–64, May 2003.
[4]
R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, in Commun. ACM, vol. 21, no. 2, pp. 120–126, Feb. 1978.
[5]
T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, in IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, Jul. 1985.
[6]
D. Boneh, “Twenty years of attacks on the RSA cryptosystem”, in Notices Amer. Math. Soc., vol. 46, no. 2, pp. 203–213, Feb. 1999.
[7]
Y. Y. Song, Cryptanalytic Attacks on RSA, New York, NY: Springer-Verlag, 2008.
[8]
D. R. Hankerson, A. J. Menezes, and S. A. Vanstone, Guide to Elliptic Curve Cryptography, New York, NY: Springer-Verlag, 2004.
[9]
V. S. Miller, “Use of elliptic curves in cryptography,” in Proc. Adv. Cryptology (CRYPTO’85), Aug. 1985, pp. 417–426.
[10]
N. Koblitz, “Elliptic curve cryptosystems”, in Math. Comput., vol. 48, no. 177, pp. 203–209, Jan. 1987.
[11]
A. K. Lenstra and E. R. Verheul, “Selecting cryptographic key sizes”, in J. Cryptology, vol. 14, no. 4, pp. 255–293, Aug. 2001.
[12]
J. Tolunay, Parallel gaming related algorithms for an embedded media processor, Master's thesis, Linköping Univ., Linköping, Sweden: 2012.
[13]
A. J. Menezes, I. F. Blake, X. Gao, R. C. Mullin, S. A. Vanstone, and T. Yaghoobian, Applications of Finite Fields, Boston, MA: Kluwer, 1993.
[14]
“IEE Standard Specifications for Password-Based Public-Key Cryptographic Techniques,” IEEE Std. 13632-2008, Jan. 2009.
[15]
E. W. Knudsen, “Elliptic scalar multiplication using point halving,” in Proc. Int. Conf. Theory Appl. Cryptology Inf. Security: Adv. Cryptology (ASIACRYPT’99), Nov. 1999, pp. 135–149.
[16]
V. Dimitrov, L. Imbert, and P. K. Mishra, “Efficient and secure elliptic curve point multiplication using double-base chains,” in Proc. Int. Conf. Theory Appl. Cryptology Inf. Security: Adv. Cryptology (ASIACRYPT’05), Dec. 2005, pp. 59–78.
[17]
M. Ciet, M. Joye, K. Lauter, and P. L. Montgomery, “Trading inversions for multiplications in elliptic curve cryptography”, in Des. Codes Cryptography, vol. 39, no. 2, pp. 189–206, May 2006.
[18]
P. Longa and A. Miri, “New composite operations and precomputation scheme for elliptic curve cryptosystems over prime fields,” in Proc. Int. Workshop Practice Theory Public-Key Cryptography (PKC’08), Mar. 2008, pp. 229–247.
[19]
G. W. Reitwiesner Binary arithmetic Advances in Computers, New York, NY: Academic Education Press, 1960, vol. 1, pp. 231–308.
[20]
S. Arno and F. S. Wheeler, “Signed digit representations of minimal hamming weight”, in IEEE Trans. Comput., vol. 42, no. 8, pp. 1007–1010, Aug. 1993.
[21]
J. A. Solinas, “Efficient arithmetic on Koblitz curves”, in Des. Codes Cryptography, vol. 19, no. 2–3, pp. 195–249, Mar. 2000.
[22]
K. Okeya and T. Takagi, “The width-$w$ NAF method provides small memory and fast elliptic scalar multiplications secure against side channel attacks,” in Proc. Cryptographers Track RSA Conf.: Topics Cryptology (CT-RSA’03), Apr. 2003, pp. 328–343.
[23]
N. Koblitz, “CM-Curves with good cryptographic properties,” in Proc. Adv. Cryptology (CRYPTO’91), Aug. 1991, pp. 279–287.
[24]
P. Longa and A. Miri, “Fast and flexible elliptic curve point arithmetic over prime fields”, in IEEE Trans. Comput., vol. 57, no. 3, pp. 289–302, Mar. 2008.
[25]
H. Hisil, K. K.-H. Wong, G. Carter, and E. Dawson, “Twisted Edwards curves revisited,” in Proc. Int. Conf. Theory Appl. Cryptology Inf. Security: Adv. Cryptology (ASIACRYPT‘08), Dec. 2008, pp. 326–343.
[26]
T. Izu and T. Takagi, “Fast elliptic curve multiplications with SIMD operations,” in Proc. Int. Conf.: Inf. Commun. Security (ICICS’02), Dec. 2002, pp. 217–230.
[27]
W. Fischer, C. Giraud, E. W. Knudsen, and J.-P. Seifert, “Parallel scalar multiplication on general elliptic curves over ${\BBF_p}$ hedged against non-differential side-channel attacks,” IACR, Cryptology ePrint Archive, 2002/007, [Online]. Available: http://eprint.iacr.org/2002/007.
[28]
K. Aoki, F. Hoshino, T. Kobayashi, and H. Oguro, “Elliptic curve arithmetic using SIMD,” in Proc. Int. Conf.: Inf. Security (ISC’01), Oct. 2001, pp. 235–247.
[29]
N. P. Smart, “The Hessian form of an elliptic curve,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’01), May 2001, pp. 118–125.
[30]
P. K. Mishra, “Pipelined computation of scalar multiplication in elliptic curve cryptosystems (extended version)”, in IEEE Trans. Comput., vol. 55, no. 8, pp. 1000–1010, Aug. 2006.
[31]
R. Azarderakhsh and A. Reyhani-Masoleh, “Efficient FPGA implementations of point multiplication on binary Edwards and generalized Hessian curves using Gaussian normal basis”, in IEEE Trans. VLSI Syst., vol. 20, no. 8, pp. 1453–1466, Aug. 2012.
[32]
P. C. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Proc. Int. Cryptology Conf.: Adv. Cryptology (CRYPTO’96), Aug. 1996, pp. 104–113.
[33]
J.-S. Coron, “Resistance against differential power analysis for elliptic curve cryptosystems,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’99), Aug. 1999, pp. 292–302.
[34]
S.-M. Yen and M. Joye, “Checking before output may not be enough against fault-based cryptanalysis”, in IEEE Trans. Comput., vol. 49, no. 9, pp. 967–970, Sept. 2000.
[35]
R. Avanzi, “Side channel attacks on implementations of curve-based cryptographic primitives,” IACR, Cryptology ePrint Archive, 2005/017, [Online]. Available: http://eprint.iacr.org/2005/017/.
[36]
J. López and R. Dahab, “Fast multiplication on elliptic curves over $GF$ (${2^m}$) without precomputation,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’99), Aug. 1999, pp. 316–327.
[37]
D. E. Knuth, The Art of Computer Programming: Seminumerical Algorithms, 1st ed., Reading, MA: Addison Wesley, May 1969, vol. 2.
[38]
I. F. Blake, G. Seroussi, and N. P. Smart, Elliptic Curves in Cryptography, Cambridge, MA: Cambridge Univ. Press, Jul. 1999.
[39]
A. D. Booth, “A signed binary multiplication technique”, in Q. J. Mech. Appl. Math., vol. 4, no. 2, pp. 236–240, Aug. 1951.
[40]
K. Okeya, K. Schmidt-Samoa, C. Spahn, and T. Takagi, “Signed binary representations revisited,” in Proc. Int. Cryptology Conf.: Adv. Cryptology (CRYPTO’04), Aug. 2004, pp. 123–139.
[41]
Y. Sung-Ming, S. Kim, S. Lim, and S. Moon, “A countermeasure against one physical cryptanalysis may benefit another attack,” in Proc. Int. Conf.: Inf. Security Cryptology (ICISC’01), Dec. 2001, pp. 414–427.
[42]
C. Clavier and M. Joye, “Universal exponentiation algorithm: A first step towards provable SPA-resistance,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’01), May 2001, pp. 300–308.
[43]
B. Möller, “Securing elliptic curve point multiplication against side-channel attacks,” in Proc. Int. Conf.: Inf. Security (ISC’01), Oct. 2001, pp. 324–334.
[44]
P. L. Montgomery, “Speeding the Pollard and elliptic curve methods of factorization”, in Math. Comput., vol. 48, no. 177, pp. 243–264, Jan. 1987.
[45]
K. Okeya, H. Kurumatani, and K. Sakurai, “Elliptic curves with the montgomery-form and their cryptographic applications,” in Proc. Int. Workshop Practice Theory Public Key Cryptosystems (PKC’00), Jan. 2000, pp. 238–257.
[46]
M. Joye and S.-M. Yen, “The montgomery powering ladder,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’02), Aug. 2002, pp. 291–302.
[47]
M. Joye, “Highly regular right-to-left algorithms for scalar multiplication,” in Proc. Int. Workshop Cryptographic Hardware Embedded Syst. (CHES’07), Sep. 2007, pp. 135–147.
[48]
C. Vuillaume and K. Okeya, “Flexible exponentiation with resistance to side channel attacks,” in Proc. Int. Conf.: Appl. Cryptography Netw. Security (ACNS’06), Jun. 2006, pp. 268–283.
[49]
B. Parhami, Computer Arithmetic Algorithms and Hardware Designs, 2nd ed., London, U.K.: Oxford Univ. Press, 2000.
[50]
A. Kargl and G. Wiesend, “On randomized addition-subtraction chains to counteract differential power attacks,” in Proc. Int. Conf.: Inf. Commun. Security (ICICS’04), Oct. 2004, pp. 278–290.
[51]
N. Thériault, “SPA resistant left-to-right integer recordings,” in Proc. Int. Workshop: Select. Areas Cryptography (SAC’05), Aug. 2005, pp. 345–358.
[52]
D.-G. Han and T. Takagi, “Some analysis of radix-$r$ representations,” IACR, Cryptology ePrint Archive, 2005/402, [Online]. Available: http://eprint.iacr.org/2005/402, 2005.
[53]
C. Giraud and V. Verneuil, “Atomicity improvement for elliptic curve scalar multiplication,” in Proc. IFIP WG 8.8/11.2 Int. Conf.: Smart Card Res. Adv. Appl. (CARDIS’10), Apr. 2010, pp. 80–101.
[54]
K. Järvinen, “Optimized FPGA-based elliptic curve cryptography processor for high-speed applications”, in Integr. VLSI J., vol. 44, no. 4, pp. 270–279, Sep. 2011.
[55]
D. J. Bernstein and T. Lange, “Explicit-Formulas database,” Joint Work by D. J. Bernstein, and T. Lange, Building on Work by Many Authors, [Online]. Available: http://www.hyperelliptic.org/EFD/, 2012.
[56]
D. J. Bernstein and T. Lange, “Faster addition and doubling on elliptic curves,” in Proc. Int. Conf. Theory Appl. Cryptology Inf. Security: Adv. Cryptology (ASIACRYPT’07), Dec. 2007, pp. 29–50.
[57]
H. Cohen, A. Miyaji, and T. Ono, “Efficient elliptic curve exponentiation using mixed coordinates,” in Proc. Int. Conf. Theory Appl. Cryptology Inf. Security: Adv. Cryptology (ASIACRYPT’98), Oct. 1998, pp. 51–65.
[58]
D. J. Bernstein, P. Birkner, M. Joye, T. Lange, and C. Peters, “Twisted Edwards curves,” in Proc. Int. Conf. Cryptology Africa: Progress Cryptology (AFRICACRYPT’08), Jun. 2008, pp. 389–405.
[59]
W. B. Joppe, On the cryptanalysis of public-key cryptography, PhD dissertation, Univ. École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland: 2012.
[60]
Digital Signature Standard (DSS) Fed. Inf. Processing Standard, Nat'l Inst. Standards and Technology Std,. FIPS PUB 186-3, Jun. 2009.
[61]
M. Kistler, M. Perrone, and F. Petrini, “Cell multiprocessor communication network: Built for speed”, in IEEE Micro, vol. 26, no. 3, pp. 10–23, May 2006.
Index Terms
- New Regular Radix-8 Scheme for Elliptic Curve Scalar Multiplication without Pre-Computation
Index terms have been assigned to the content through auto-classification.
Recommendations
Symmetric digit sets for elliptic curve scalar multiplication without precomputation
We describe a method to perform scalar multiplication on two classes of ordinary elliptic curves, namely E:y^2=x^3+Ax in prime characteristic p=1mod4, and E:y^2=x^3+B in prime characteristic p=1mod3. On these curves, the 4-th and 6-th roots of unity act ...
Optimizing Elliptic Curve Scalar Multiplication with Near-Factorization
ICETE 2014: Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4Elliptic curve scalar multiplication ( [k]P where k is an integer and P is a point on the elliptic curve) is widely used in encryption and signature generation. In this paper, we explore a factorization-based approach called Near-Factorization that can ...
Pipelined Computation of Scalar Multiplication in Elliptic Curve Cryptosystems (Extended Version)
In the current work, we propose a pipelining scheme for implementing Elliptic Curve Cryptosystems (ECC). The scalar multiplication is the dominant operation in ECC. It is computed by a series of point additions and doublings. The pipelining scheme is ...
Comments
Information & Contributors
Information
Published In
Copyright © 2013.
Publisher
IEEE Computer Society
United States
Publication History
Published: 01 February 2015
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 11 Aug 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in