An Efficient General Purpose Elliptic Curve Cryptography Module for - - PowerPoint PPT Presentation

an efficient general purpose elliptic curve cryptography
SMART_READER_LITE
LIVE PREVIEW

An Efficient General Purpose Elliptic Curve Cryptography Module for - - PowerPoint PPT Presentation

Aug 12, 2023 21 likes •158 views

An Efficient General Purpose Elliptic Curve Cryptography Module for Ubiquitous Sensor Networks Christof Paar, Axel Poschman, Leif Uhsadel Ruhr-Universitt Bochum, Germany

slide-1
SLIDE 1
  • An Efficient General Purpose

Elliptic Curve Cryptography Module for Ubiquitous Sensor Networks

Christof Paar, Axel Poschman, Leif Uhsadel Ruhr-Universität Bochum, Germany

slide-2
SLIDE 2

12.6.2007, Slide 2

Outline

  • Motivation
  • Platform
  • Bottlenecks I
  • Algorithmic Setup
  • Bottlenecks II
  • Implementation
  • Results
slide-3
SLIDE 3

12.6.2007, Slide 3

Why high speed?

past Mainframe (n : 1) Personal (1 : 1) Ubiquitous (1 : n) present future Ubiquitous = wireless + embedded + energy efficient = constrained in CPU, memory, battery

slide-4
SLIDE 4

12.6.2007, Slide 4

General Purpose Module

77% long term multiplication

slide-5
SLIDE 5

12.6.2007, Slide 5

Goal

SUN: Fast but not public

Goal:

  • Fast and free prime field for constrained devices
  • Main task: efficient 160-bit modular multiplication

TinyECC: Open source Asymmetric Cryptography is supposed to be too demanding for constrained devices Asymmetric Cryptography is quite usefull for key distribution

slide-6
SLIDE 6

12.6.2007, Slide 6

Platform

MicaZ

  • !

"## $%&$'#

" ## $%&

  • $'#

" () # *+*" , ("

  • $-

.

  • /001

2 " 3-

  • 1

" 3- 1

  • +

"

  • (

4

  • ATMega128L
slide-7
SLIDE 7

12.6.2007, Slide 7

Bottelneck SRAM access

Input 160 + 160 = 320 bit Registers 32*8= 256 bit Output 320 bit

  • SRAM operation: 2 clock cycles
  • 8-bit multiplication: 2 clock cycles
slide-8
SLIDE 8

12.6.2007, Slide 8

Algorithmic Setup

10 5 2 4

  • 2
  • 10
  • 5
  • Primefield based on a 160-bit Mersenne Prime

Standard curve secp160r1

  • Karatsuba Offman
  • trade 1 mul for 4 add
  • recursive nature
  • Hybrid Schoolbook
  • optimized for low SRAM access

Alternatives:

slide-9
SLIDE 9

12.6.2007, Slide 9

Implementation Why are carrys a bottleneck ..?

ai * bj ai * bj+1 ai * bj+2 ai * bj+3 Ck+5 Ck+4 Ck+3 Ck+2 Ck+1 Ck

  • Addition overwrites carry flag
  • Add with carry not possible
  • Carry must be buffered

carrybuffer

  • Overhead per 8-bit multiplication:
  • More than 3 clock cycles
  • 400 8-bit multiplications are done
slide-10
SLIDE 10

12.6.2007, Slide 10

Implementation Handling carrys

ai * bj ai * bj+1 ai * bj+2 ai * bj+3 Ck+4 Ck+3 Ck+2 Ck+1 Ck ai * bj ai * bj+1 ai * bj+2 ai * bj+2

  • Overhead per 4 8-bit multiplication:
  • More than 4 clock cycles
  • More than 1 clock cycle per 8-bit multiplication
slide-11
SLIDE 11

12.6.2007, Slide 11

Results

sun this w

  • rk

assem bly assem bly 3106 clock cycles 2913 clock cycles 0.39 m s @ 8 M H z 0.36 m s @ 8 M H z 160-bit Integer M ultiplication sun this w

  • rk

assem bly C 0.81s 1.15s Binary EC m ultiplication

tinyecc (EC D SA sig) continued project hybrid C 1.9s 0.89s Sliding W indow (w =4) EC m ultiplication

slide-12
SLIDE 12

12.6.2007, Slide 12

  • Questions?
  • Comments?

uhsadel@crypto.rub.de