Abstract
Although cryptographic software implementation is often performed by expert programmers, the range of performance and security driven options, as well as more mundane software engineering issues, still make it a challenge. The use of domain specific language and compiler techniques to assist in description and optimisation of cryptographic software is an interesting research challenge. In this paper we investigate two aspects of such techniques, focusing on Elliptic Curve Cryptography (ECC) in particular. Our constructive results show that a suitable language allows description of ECC based software in a manner close to the original mathematics; the corresponding compiler allows automatic production of an executable whose performance is competitive with that of a hand-optimised implementation. In contrast, we study the worrying potential for naïve compiler driven optimisation to render cryptographic software insecure. Both aspects of our work are set within the context of CACE, an ongoing EU funded project on this general topic.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
D. Agrawal, B. Archambeault, J.R. Rao, P. Rohatgi, The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems (CHES), LNCS 2523, 29–45, 2002.
B. Alpern, C.R. Attanasio, J.J. Barton, M.G. Burke, P. Cheng, J.-D. Choi, A. Cocchi, S.J. Fink, D. Grove, M. Hind, S.F. Hummel, D. Lieber, V. Litvinov, M.F. Mergen, T. Ngo, J.R. Russell, V. Sarkar, M.J. Serrano, J.C. Shepherd, S.E. Smith, V.C. Sreedhar, H. Srinivasan, J. Whaley, The Jalapeño Virtual Machine. In IBM System Journal, 39(1), 2000.
ARM Limited. Jazelle White Paper. Available from: http://www.arm.com/documentation/.
ARM Limited. ARM946E-S Technical Reference Manual. Available from: http://www.arm.com/documentation/.
M. Arnold, S.J. Fink, D. Grove, M. Hind, P.F. Sweeney, Adaptive Optimization in the Jalapeño JVM. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 2000.
R.M. Avanzi, Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. In Cryptographic Hardware and Embedded Systems (CHES), LNCS 3156, 148–162, 2004.
P.D. Barrett, Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In Advances in Cryptology (CRYPTO), LNCS 263, 311–323, 1986.
M. Barbosa, D. Page, On the Automatic Construction of Indistinguishable Operations. In Cryptology ePrint Archive, Report 2005/174, 2005.
I.F. Blake, G. Seroussi, N.P. Smart, Elliptic Curves in Cryptography. Cambridge University Press, Cambridge, 1999.
I.F. Blake, G. Seroussi, N.P. Smart, Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge, 2004.
D. Boneh, D. Brumley, Remote Timing Attacks Are Practical. Available from: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf.
D.J. Bernstein, Cache-timing Attacks on AES. Available from: http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
É. Brier, M. Joye, Weierstraß Elliptic Curves and Side-channel Attacks. In Public Key Cryptography (PKC), LNCS 2274, 335–345, 2002.
J. Camenisch, M. Rohe, A.-R. Sadeghi, Sokrates – A Compiler Framework for Zero-Knowledge Protocols. In Western European Workshop on Research in Cryptology (WEWoRC), 2005.
B. Chevallier-Mames, M. Ciet, M. Joye, Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. In IEEE Transactions on Computers, 53(6), 760–768, 2004.
J.-S. Coron, Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In Cryptographic Hardware and Embedded Systems (CHES), LNCS 1717, 292–302, 1999.
Computational Algebra Group, University of Sydney. Magma Computational Algebra System. Available from: http://magma.maths.usyd.edu.au/magma/.
C. Consel, L. Hornof, R. Marlet, G. Muller, S. Thibault, E.-N. Volanschi, J. Lawall, J. Noyá, Tempo: Specializing Systems Applications and Beyond. In ACM Computing Surveys, 30 (3), 1998.
P. Crescenzi, V. Kann, A Compendium of NP Optimization Problems. Available from: http://www.nada.kth.se/~viggo/problemlist/.
G. Dueck, T. Scheuer, Threshold Accepting: A General Purpose Optimization Algorithm Appearing Superior to Simulated Annealing. In Journal of Computational Physics, 90(1), 161–175, 1990.
P. Gaudry, E. Thomé, The mp \({\mathbb{F}}_{q}\) Library and Implementing Curve-based Key Exchanges. In Software Performance Enhancement for Encryption and Decryption (SPEED), 49–64, 2007.
D. Gupta, B. Malloy, A. McRae, The Complexity of Scheduling for Data Cache Optimization. In Information Sciences, 100 (1–4), 1997.
D. Hankerson, A. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography. Springer-Verlag, New York, 2004.
J.L. Hennessy, D.A. Patterson, Computer Architecture: A Quantitative Approach. Morgan Kaufmann, Los Altos, 2006.
M. Joye, J.-J. Quisquater, Hessian Elliptic Curves and Side-Channel Attacks. In Cryptographic Hardware and Embedded Systems (CHES), LNCS 2162, 402–410, 2001.
D. Knuth, The Art of Computer Programming, Volume 2: Seminumerical Algorithms. Addison-Wesley, Reading, 1999.
N. Koblitz, Elliptic Curve Cryptosystems. In Mathematics of Computation, 48, 203–209, 1987.
N. Koblitz, Hyperelliptic Cryptosystems. Journal of Cryptology, 1(3), 139–150, 1989.
P.C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology (CRYPTO), LNCS 1109, 104–113, 1996.
P.C. Kocher, J. Jaffe, B. Jun, Differential Power Analysis. In Advances in Cryptology (CRYPTO), LNCS 1666, 388–397, 1999.
M. Kowarschik, C. Wei, An Overview of Cache Optimization Techniques and Cache-Aware Numerical Algorithms. In Algorithms for Memory Hierarchies, LNCS 2625, 213–232, 2003.
J.R. Lewis, B. Martin, Cryptol: High Assurance, Retargetable Crypto Development and Validation. In Military Communications Conference, 2, 820–825, 2003.
P.-Y. Liardet, N.P. Smart, Preventing SPA/DPA in ECC Systems Using the Jacobi Form. In Cryptographic Hardware and Embedded Systems (CHES), LNCS 2162, 391–401, 2001.
S. Lucks, N. Schmoigl, E.I. Tatli, The Idea and the Architecture of a Cryptographic Compiler. In Western European Workshop on Research in Cryptology (WEWoRC), 2005.
S. Micali, L. Reyzin, Physically Observable Cryptography (Extended Abstract). In Theory of Cryptography, LNCS 2951, 278–296, 2004.
V. Miller, Uses of Elliptic Curves in Cryptography. In Advances in Cryptology (CRYPTO), LNCS 218, 417–426, 1985.
P.L. Montgomery, Modular Multiplication Without Trial Division. Mathematics of Computation, 44, 519–521, 1985.
S.S. Muchnick, Advanced Compiler Design and Implementation. Morgan Kaufmann, Los Altos, 1997.
J.D. Nielsen, M.I. Schwartzbach, A Domain-Specific Programming Language for Secure Multiparty Computation. In Programming Languages and Analysis for Security (PLAS), 2007.
D. Page, CAO : A Cryptography Aware Language and Compiler. Available from: http://www.cs.bris.ac.uk/home/page/research/cao.html.
J. Sermulins, W. Thies, R. Rabbah, S. Amarasinghe, Cache Aware Optimization of Stream Programs. In ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems, 2005.
Standards for Efficient Cryptography Group (SECG). SEC 2: Recommended Elliptic Curve Domain Parameters, 2000. Available from: http://www.secg.org.
V. Shoup, NTL: A Library for doing Number Theory. Available from: http://www.shoup.net/ntl/.
J.A. Solinas, Generalized Mersenne Numbers. Technical Report CORR 99-39, University of Waterloo, 1999.
E. Trichina, A. Bellezza, Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks. In Cryptographic Hardware and Embedded Systems (CHES), LNCS 2523, 98–113, 2002.
C.D. Walter, Montgomery Exponentiation Needs No Final Subtractions. Electronics Letters, 35, 1831–1832, 1999.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Barbosa, M., Moss, A. & Page, D. Constructive and Destructive Use of Compilers in Elliptic Curve Cryptography. J Cryptol 22, 259–281 (2009). https://doi.org/10.1007/s00145-008-9023-0
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-008-9023-0