elliptic curve cryptography
play

Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK Graz - PowerPoint PPT Presentation

Nov 12, 2022 •247 likes •471 views

Institute for Applied Information Processing and Communications (IAIK) Evaluating 16-bit Processors for Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK Graz University of Technology Erich.Wenger@iaik.tugraz.at

  1. Institute for Applied Information Processing and Communications (IAIK) Evaluating 16-bit Processors for Elliptic Curve Cryptography Erich Wenger and Mario Werner IAIK – Graz University of Technology Erich.Wenger@iaik.tugraz.at www.iaik.tugraz.at http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS CARDIS 1 1

  2. Institute for Applied Information Processing and Communications (IAIK) Overview • Motivation • Algorithms • Processors • Results http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 2

  3. Institute for Applied Information Processing and Communications (IAIK) Motivation We want to: • Investigate current CPUs for ECC • Find their limitations • Save energy • Improve performance http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 3

  4. Institute for Applied Information Processing and Communications (IAIK) Point Multiplication Algorithm • Montgomery Ladder [Hutter] • 7 registers • Point Verification [Ebeid] • Randomized Projective Coordinates [Coron] http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 4

  5. Institute for Applied Information Processing and Communications (IAIK) Multi-Precision Multiplication • Operand Scanning http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 5

  6. Institute for Applied Information Processing and Communications (IAIK) MSP430 • Manufacturer: Texas Instruments • Low-Power RISC Processor • 16 Registers (12 useable) • 27 Instructions • Memory Mapped Multiplier http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 6

  7. Institute for Applied Information Processing and Communications (IAIK) MSP430 – Operand Scanning outer_loop: MOV.W @R12+, & MPY inner_loop: MOV.W @R13+, & OP2 ADD.W & RESLO , R6 ADDC.W & RESHI , R7 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 7

  8. Institute for Applied Information Processing and Communications (IAIK) MSP430 – Product Scanning inner_loop: MOV.W @R12+, & MAC MOV.W @R13 , & OP2 DECD R13 ADD.W & SUMEXT , R11 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 8

  9. Institute for Applied Information Processing and Communications (IAIK) PIC24 vs. dsPIC Both Processors: dsPIC: • • 16-bit RISC Digital Signal Processing Engine • 24-bit Instruction • Multiply-Accumulate Word • Two Address • 16 registers (14 Generation Units useable) • Loop Instructions • Used for: • DO • Motor Control • REPEAT • Signal Processing http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 9

  10. Institute for Applied Information Processing and Communications (IAIK) dsPIC – Product Scanning • 16-bit Multiplication • 32-bit Addition (plus Overflow) 𝐵𝐷𝐷 ← 𝐵𝐷𝐷 + 𝐵 𝑗 ∙ 𝐶 𝑘 • Load A[i] and B[j] Memory Addressing ( 𝑗 ← 𝑗 + 1 , 𝑘 ← 𝑘 − 1 ) • REPEAT W4 MAC W5*W6, A, [W8]+=2, W5, [W10]-=2, W6 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 10

  11. Institute for Applied Information Processing and Communications (IAIK) dsPIC – Unrolled Product Scanning MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MAC W5*W6, A, [W9]-=2, W5, [W11]+=2, W6 MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MAC W5*W6, A, [W9], W5, [W11]+=2, W6 MAC W5*W6, A, [W9]+=2, W5, [W11], W6 MAC W5*W6, A, [W9]+=2, W5, [W11]-=2, W6 MAC W5*W6, A, [W9]-=2, W5, [W11]+=2, W6 MOV [W7],[W2++] MOV [W7],[W2++] SFTAC A, #16 SFTAC A, #16 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 11

  12. ǁ Institute for Applied Information Processing and Communications (IAIK) dsPIC – Montgomery Multiplication 𝑆 = 2 𝑋𝑂 > 𝑞 NIST Reduction … 𝑏 ≡ 𝑏𝑆 (𝑛𝑝𝑒 𝑞) ෤ ෨ 𝑐 ≡ 𝑐𝑆 𝑛𝑝𝑒 𝑞 𝑏෨ 𝑑 ≡ 𝑁𝑝𝑜𝑢 ෤ 𝑐 𝑐𝑆 𝑆 −1 ≡ 𝑏𝑆 ≡ 𝑏𝑐𝑆 ≡ 𝑑𝑆 𝑛𝑝𝑒 𝑞 𝑏 ≡ 𝑁𝑝𝑜𝑢 𝑏, 𝑆 2 ෤ ≡ 𝑏𝑆 2 𝑆 −1 ≡ 𝑏𝑆 𝑑 ≡ 𝑁𝑝𝑜𝑢( ǁ 𝑑, 1) ≡ (𝑑𝑆)𝑆 −1 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 12

  13. Institute for Applied Information Processing and Communications (IAIK) Results • SECG: • secp160r1 removed in 2010 • NIST: • P-192 • P-224 • P-256 • IAR Embedded Workbench 5.20 • Microchip MPLAB C30 v3.25 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 13

  14. Institute for Applied Information Processing and Communications (IAIK) Results: MSP430 3,50 3,00 2,50 Speedup 2,00 1,50 Multiplication Field Multiplication 1,00 Point Multiplication 0,50 0,00 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 14

  15. Institute for Applied Information Processing and Communications (IAIK) Results: PIC24, dsPIC 10 9 8 7 6 Speedup 5 4 Multiplication 3 Field Multiplication 2 Point Multiplication 1 0 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 15

  16. Institute for Applied Information Processing and Communications (IAIK) Results: Point Multiplication 3,5 3 2,5 2 Speedup secp160r1 1,5 P-192 P-224 1 P-256 0,5 0 op. sc. hybrid op. sc. op. sc. pr. sc. Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 16

  17. Institute for Applied Information Processing and Communications (IAIK) Results: Point Multiplication 15 10 Speedup secp160r1 P-192 P-224 5 P-256 0 op. sc. hybrid op. sc. op. sc. pr. sc. Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 17

  18. Institute for Applied Information Processing and Communications (IAIK) Results: Point Multiplication 6 5 4 Speedup 3 secp160r1 P-192 P-224 2 P-256 1 0 op. sc. hybrid op. sc. op. sc. pr. sc. Mont. C ASM C ASM ASM + DSP ASM + DSP MSP430 MSP430 PIC24 PIC24 dsPIC dsPIC http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 18

  19. Institute for Applied Information Processing and Communications (IAIK) Results: Related Work 3000 2500 2000 Runtime [kCycles] secp160r1 1500 P-192 P-224 1000 500 0 ASM + DSP Yan 2009 Kern 2010 Wenger 2010 Hutter 2010 dsPIC C6416 ASIC ASIC ASIC http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 19

  20. Institute for Applied Information Processing and Communications (IAIK) Thank you … This work has been supported by the Austrian Government through the research program FIT-IT Trust in IT Systems under the project number 825743 (project PIT). http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 20

  21. Institute for Applied Information Processing and Communications (IAIK) Results http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 21

  22. Institute for Applied Information Processing and Communications (IAIK) Results http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/SEnSE/Erich Wenger CARDIS 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic Implementations group: eindhoven.cr.yp.to working closely with the Coding Theory and Cryptology group: www.win.tue.nl/cc/ Next-generation elliptic-curve

456 views • 18 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

992 views • 52 slides
Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May 19, 2017 university-logo-isi Rana Barua Introduction to Elliptic Curve Cryptography ElGamal Public Key Cryptosystem, 1984 Key Generation: Choose

417 views • 16 slides
elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A gentle introduction to elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 11, 2018 ibenik , Croatia Part 1: Motivation Part 2: Elliptic Curves Part 3: Elliptic Curve Cryptography Part 4:

1.38k views • 48 slides
= Z r T E ( Q ) rank torsion Rank < , hard to compute!

= Z r T E ( Q ) rank torsion Rank < , hard to compute!

A F AMILY OF R ANK S IX E LLIPTIC C URVES OVER N UMBER F IELDS David Mehrle & Tomer Reiter Carnegie Mellon University August 22, 2014 E LLIPTIC C URVES E : y 2 = x 3 + ax 2 + bx + c Elliptic curve Adding points on E makes group

724 views • 19 slides
PROTECTING ECC AGAINST FAULT ATTACKS Marc Joye NutMiC 2019 Paris, June 2427, 2019

PROTECTING ECC AGAINST FAULT ATTACKS Marc Joye NutMiC 2019 Paris, June 2427, 2019

Innovation Centre PROTECTING ECC AGAINST FAULT ATTACKS Marc Joye NutMiC 2019 Paris, June 2427, 2019 September 26, 1996 Bellcores Researchers Break Smart Cards BELLCORE ATTACK (1/2) Computation of a signature S = ( m ) d mod N

503 views • 24 slides
Auxiliary structures in number theory Kiran S. Kedlaya Department of Mathematics University of

Auxiliary structures in number theory Kiran S. Kedlaya Department of Mathematics University of

Auxiliary structures in number theory Kiran S. Kedlaya Department of Mathematics University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org/slides/ Symposium for Undergraduates in the Mathematical Sciences Brown University

1.37k views • 57 slides
Algorithms for finite field arithmetic ric Schost (joint with Luca De Feo & Javad

Algorithms for finite field arithmetic ric Schost (joint with Luca De Feo & Javad

Algorithms for finite field arithmetic ric Schost (joint with Luca De Feo & Javad Doliskani) Western University University of Waterloo July 9, 2015 Basics 2 / 30 Finite fields Definition A finite field is a field (a set with

750 views • 45 slides
Email Etiquette English for Academic Purposes Workshop Series Professional Development at Notre

Email Etiquette English for Academic Purposes Workshop Series Professional Development at Notre

Email Etiquette English for Academic Purposes Workshop Series Professional Development at Notre Dame Check out the list of upcoming workshops on the Graduate Schools website: www.nd.edu Introductions What challenges do you

693 views • 33 slides
Advanced Email il/Notes for Microsoft Dynamics 365 ActivityTools Goal: Simplify activity

Advanced Email il/Notes for Microsoft Dynamics 365 ActivityTools Goal: Simplify activity

Feature Outline Advanced Email il/Notes for Microsoft Dynamics 365 ActivityTools Goal: Simplify activity handling of notes inside Dynamics 365 Why would I use it? Reduce clicks when handling attachments and notes & rich emails!

56 views • 4 slides
MTA Signatures Proposal Brief Overview Proposal details available at:

MTA Signatures Proposal Brief Overview Proposal details available at:

60th IETF August 2004 - San Diego, CA Message Authentication and Signature Standards (MOSS) BOF MTA Signatures Proposal Brief Overview Proposal details available at: http://www.elan.net/~william/asrg/mta_signatures.htm Presentation and

335 views • 8 slides
1. http://pivot.cos.com 2. 3. 4. 5. Go to your email and click the confirmation link 5. 6.

1. http://pivot.cos.com 2. 3. 4. 5. Go to your email and click the confirmation link 5. 6.

1. http://pivot.cos.com 2. 3. 4. 5. Go to your email and click the confirmation link 5. 6. 7. 8. Claim Profile 9. 1. 2. 3.

211 views • 3 slides

More recommend