high performance elliptic curve cryptography by using the
play

High-performance Elliptic Curve Cryptography by Using the CIOS - PowerPoint PPT Presentation

Mar 24, 2023 •472 likes •920 views

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A mine Mrabet , Nadia El-Mrabet, Ronan Lashermes , Jean-Baptiste Rigaud, Belgacem Bouallegue, Sihem Mesnager and Mohsen Machhout September 2016

  1. High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A mine Mrabet , Nadia El-Mrabet, Ronan Lashermes , Jean-Baptiste Rigaud, Belgacem Bouallegue, Sihem Mesnager and Mohsen Machhout September 2016 Efficient MMM for ECC Mrabet et al. September 2016 1/37

  2. Arithmetic Our architecture Results Introduction Public key cryptography is still costly (computing resources). Elliptic Curve Cryptography has a better cost/security trade-off w.r.t. RSA. We can still reduce the cost with better hardware architectures . Efficient MMM for ECC Mrabet et al. September 2016 2/37

  3. Arithmetic Our architecture Results Arithmetic 1 ECC Montgomery Modular Multiplication Our architecture 2 Basics PEs Scheduling Resources Results 3 Results Conclusion Efficient MMM for ECC Mrabet et al. September 2016 3/37

  4. Arithmetic Our architecture Results ECC Elliptic Curve Cryptography (ECC) Why? Elliptic curves allow to define groups with a hard Discrete Logarithm Problem. In the general case, cracking methods are far less efficient than for RSA. Efficient MMM for ECC Mrabet et al. September 2016 4/37

  5. Arithmetic Our architecture Results ECC Elliptic Curve Cryptography (ECC) Why? Elliptic curves allow to define groups with a hard Discrete Logarithm Problem. In the general case, cracking methods are far less efficient than for RSA. How? (simplified) Let p > 3 a big prime, E ( F p ) is the (short Weierstrass) elliptic curve E ( F p ) : y 2 = x 3 + ax + b , where x , y , a , b ∈ F p with 4 a 3 + 27 b 2 � = 0. Efficient MMM for ECC Mrabet et al. September 2016 4/37

  6. Arithmetic Our architecture Results ECC EC Group The points ( x , y ) on the curve define an abelian group together with the point at infinity 0 ∞ , the neutral element for addition. Efficient MMM for ECC Mrabet et al. September 2016 5/37

  7. Arithmetic Our architecture Results ECC EC Group The points ( x , y ) on the curve define an abelian group together with the point at infinity 0 ∞ , the neutral element for addition. Jacobian coordinates The triple ( x : y : z ) can be mapped to ( x / z 2 , y / z 3 ) if z � = 0. If z = 0 it is 0 ∞ . The curve becomes: y 2 = x 3 + axz 4 + bz 6 . Efficient MMM for ECC Mrabet et al. September 2016 5/37

  8. Arithmetic Our architecture Results ECC Operations in Jacobian coordinates ( a = 0, points � = 0 ∞ ) Doubling (7S+5M+13A) T ( X T : Y T : Z T ) = 2 · Q ( X Q : Y Q : Z Q ) . X T = 9 X 4 Q − 8 X Q Y 2 Q , Y T = 3 X 2 Q ( 4 X Q Y Q − X T ) − 8 Y 4 Q , Z T = 2 Y Q Z Q . Efficient MMM for ECC Mrabet et al. September 2016 6/37

  9. Arithmetic Our architecture Results ECC Operations in Jacobian coordinates ( a = 0, points � = 0 ∞ ) Doubling (7S+5M+13A) T ( X T : Y T : Z T ) = 2 · Q ( X Q : Y Q : Z Q ) . X T = 9 X 4 Q − 8 X Q Y 2 Q , Y T = 3 X 2 Q ( 4 X Q Y Q − X T ) − 8 Y 4 Q , Z T = 2 Y Q Z Q . Addition (4S + 14M + 6A) R = T + Q . T − 2 Y T ) 2 − 4 ( X Q Z 2 T − X T ) 3 − 8 ( X Q Z 2 X R = ( 2 Y Q Z 3 T − X T ) 2 X T , Y R = ( 2 Y Q Z 3 T − 2 Y T )( 4 X T ( X Q Z 2 T − X T ) − X R ) − 8 Y T ( X Q Z 2 T − X T ) 3 , Z R = 2 Z T ( X Q Z 2 T − X T ) . Efficient MMM for ECC Mrabet et al. September 2016 6/37

  10. Arithmetic Our architecture Results Montgomery Modular Multiplication Montgomery Modular Multiplication (MMM) MMM MMM provides an efficient way for modular multiplication mod p (noted · ): there is no division by p . Efficient MMM for ECC Mrabet et al. September 2016 7/37

  11. Arithmetic Our architecture Results Montgomery Modular Multiplication Montgomery Modular Multiplication (MMM) MMM MMM provides an efficient way for modular multiplication mod p (noted · ): there is no division by p . Residue Let a , b , R ∈ F p where R is Montgomery’s residue. a ′ = aR mod p is said to be a in Montgomery’s form. a · b = abR − 1 mod p , as a consequence a ′ · b ′ = aRbRR − 1 mod p = abR mod p = ( ab ) ′ . Efficient MMM for ECC Mrabet et al. September 2016 7/37

  12. Arithmetic Our architecture Results Montgomery Modular Multiplication Montgomery Modular Multiplication (MMM) MMM MMM provides an efficient way for modular multiplication mod p (noted · ): there is no division by p . Residue Let a , b , R ∈ F p where R is Montgomery’s residue. a ′ = aR mod p is said to be a in Montgomery’s form. a · b = abR − 1 mod p , as a consequence a ′ · b ′ = aRbRR − 1 mod p = abR mod p = ( ab ) ′ . Conversion Field values are converted in Montgomery’s form at the beginning of the computation and back to normal at the end. Efficient MMM for ECC Mrabet et al. September 2016 7/37

  13. Arithmetic Our architecture Results Montgomery Modular Multiplication How to compute MMM? Koç’s multiword CIOS algorithm Efficient MMM for ECC Mrabet et al. September 2016 8/37

  14. Arithmetic Our architecture Results Montgomery Modular Multiplication CIOS details Efficient MMM for ECC Mrabet et al. September 2016 9/37

  15. Arithmetic Our architecture Results Montgomery Modular Multiplication Benefits Low memory footprint, apart from some precomputations ( p ′ , R ...), easy to change p and operand sizes, neat structure, without divisions, easy to implement in hardware. Efficient MMM for ECC Mrabet et al. September 2016 10/37

  16. Arithmetic Our architecture Results Basics Basics Here, each operation takes 1 unit of time. Let’s compute r = a · b + b + c . Sequential Time · + Operations 1 x t 1 = a · b 2 x t 2 = b + c 3 x r = t 1 + t 2 Efficient MMM for ECC Mrabet et al. September 2016 11/37

  17. Arithmetic Our architecture Results Basics Basics Here, each operation takes 1 unit of time. Let’s compute r = a · b + b + c . Sequential Time · + Operations 1 x t 1 = a · b 2 x t 2 = b + c 3 x r = t 1 + t 2 Parallel Time · + Operations 1 x x t 1 = a · b , t 2 = b + c 2 x r = t 1 + t 2 Efficient MMM for ECC Mrabet et al. September 2016 11/37

  18. Arithmetic Our architecture Results Basics Basics - 2 Here, each operation takes 1 unit of time. Let’s compute r = a · b + b + c . Atomic Latency Throughput + Operations · 2 0.5 1 2 r = a · b + b + c The choice of operations and how they are chained together is called scheduling . Efficient MMM for ECC Mrabet et al. September 2016 12/37

  19. Arithmetic Our architecture Results Basics Basics - 2 Here, each operation takes 1 unit of time. Let’s compute r = a · b + b + c . Atomic Latency Throughput + Operations · 2 0.5 1 2 r = a · b + b + c Pipelined Latency Throughput · + Operations 2 + ǫ 0 . 5 1 1 1 : t 1 = a · b , t 2 = b + c , 2 : r = t 1 + t 2 2 + ǫ 1 1 2 1 : t 1 = a · b , t 2 = b + c , 2 : r = t 1 + t 2 The choice of operations and how they are chained together is called scheduling . Efficient MMM for ECC Mrabet et al. September 2016 12/37

  20. Arithmetic Our architecture Results Basics Systolic arrays A systolic array is an architecture both parallel and pipelined. To create such an architecture, we have to identify small Processing Elements (PEs) (no control flow logic). Efficient MMM for ECC Mrabet et al. September 2016 13/37

  21. Arithmetic Our architecture Results PEs Where is Waldo the PE? Efficient MMM for ECC Mrabet et al. September 2016 14/37

  22. Arithmetic Our architecture Results PEs α Efficient MMM for ECC Mrabet et al. September 2016 15/37

  23. Arithmetic Our architecture Results PEs α f Efficient MMM for ECC Mrabet et al. September 2016 16/37

  24. Arithmetic Our architecture Results PEs β Efficient MMM for ECC Mrabet et al. September 2016 17/37

  25. Arithmetic Our architecture Results PEs γ Efficient MMM for ECC Mrabet et al. September 2016 18/37

  26. Arithmetic Our architecture Results PEs γ f Efficient MMM for ECC Mrabet et al. September 2016 19/37

  27. Arithmetic Our architecture Results Scheduling S=8, Time=1 Efficient MMM for ECC Mrabet et al. September 2016 20/37

  28. Arithmetic Our architecture Results Scheduling S=8, Time=2 Efficient MMM for ECC Mrabet et al. September 2016 21/37

  29. Arithmetic Our architecture Results Scheduling S=8, Time=3 Efficient MMM for ECC Mrabet et al. September 2016 22/37

  30. Arithmetic Our architecture Results Scheduling S=8, Time=4 Efficient MMM for ECC Mrabet et al. September 2016 23/37

  31. Arithmetic Our architecture Results Scheduling S=8, Time=10 Efficient MMM for ECC Mrabet et al. September 2016 24/37

  32. Arithmetic Our architecture Results Scheduling S=8, Time=10 Efficient MMM for ECC Mrabet et al. September 2016 25/37

  33. Arithmetic Our architecture Results Scheduling S=8, Time=13 Efficient MMM for ECC Mrabet et al. September 2016 26/37

  34. Arithmetic Our architecture Results Scheduling S=8, All Efficient MMM for ECC Mrabet et al. September 2016 27/37

  35. Arithmetic Our architecture Results Resources Alpha Efficient MMM for ECC Mrabet et al. September 2016 28/37

  36. Arithmetic Our architecture Results Resources Gamma Efficient MMM for ECC Mrabet et al. September 2016 29/37

  37. Arithmetic Our architecture Results Resources Resources Our architecture requires: 3 α , 3 γ , 1 β , 1 α f , 1 γ f . Efficient MMM for ECC Mrabet et al. September 2016 30/37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve :

High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve :

= 2 255 High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve : Z 0 1 by D. J. Bernstein th multiple coordinate of

606 views • 45 slides
High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma Skytt a Helsinki University of Technology Department of Signal

528 views • 36 slides
High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce elliptic-curve formulas cryptographic security levels or give up on cryptography. Daniel J. Bernstein University of Illinois at Chicago & Example 1

1.55k views • 138 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic Implementations group: eindhoven.cr.yp.to working closely with the Coding Theory and Cryptology group: www.win.tue.nl/cc/ Next-generation elliptic-curve

456 views • 18 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
Approximation-aware Dependency Parsing by Belief Propagation

Approximation-aware Dependency Parsing by Belief Propagation

Approximation-aware Dependency Parsing by Belief Propagation Matt Gormley Mark Dredze Jason Eisner September 19, 2015 TACL at EMNLP 1

833 views • 44 slides
methods methods to to Hos Host-gues guest t supr supramolecular amolecular chemistr

methods methods to to Hos Host-gues guest t supr supramolecular amolecular chemistr

Applica pplications tions of of molecular molecular modeling modeling methods methods to to Hos Host-gues guest t supr supramolecular amolecular chemistr hemistry y FakhrEldin O. Suliman College of Science, Department of Chemistry

1.05k views • 59 slides
Exam IV Results and Solu2ons High: 98 Low: 17 Average:

Exam IV Results and Solu2ons High: 98 Low: 17 Average:

Exam IV Results and Solu2ons High: 98 Low: 17 Average: 74 Answer: b Answer: c Answer: a Answer: c COOH Answer: c Answer: c

520 views • 35 slides
Catherine Faron Zucker & Fabien Gandon, Advisors Elena Cabrio, Supervisor 1 Headlines

Catherine Faron Zucker & Fabien Gandon, Advisors Elena Cabrio, Supervisor 1 Headlines

Amine Hallili, PhD student Catherine Faron Zucker & Fabien Gandon, Advisors Elena Cabrio, Supervisor 1 Headlines Introduction Motivations Research questions Chatbot Definition Categories Our Chatbot ? Ongoing

704 views • 34 slides
Earnings Summary Fourth Quarter 2018 Conference Call Tuesday, February 12, 2019 10:00 a.m. ET

Earnings Summary Fourth Quarter 2018 Conference Call Tuesday, February 12, 2019 10:00 a.m. ET

Earnings Summary Fourth Quarter 2018 Conference Call Tuesday, February 12, 2019 10:00 a.m. ET U.S. Participants: (888) 713 - 4213 International Participants: (617) 213 - 4865 Passcode: 485 932 39# Webcast: ir.huntsman.com General

582 views • 17 slides
Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 `

Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 `

Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 ` etique de lInformatique Math ematique Antoine Min e Ecole normale sup erieure 9 f evrier 2011 Perpignan 9/02/2011 Analyse

896 views • 70 slides
Counting Types for Massive JSON Datasets BDA 2017, Nancy ( prsent DBPL 2017)

Counting Types for Massive JSON Datasets BDA 2017, Nancy ( prsent DBPL 2017)

Counting Types for Massive JSON Datasets BDA 2017, Nancy ( prsent DBPL 2017) Mohamed-Amine Baazizi , Dario Colazzo, Giorgio Ghelli, Carlo Sartiani Counting types } Can types count? Type theory perspective } Should they? } How to

444 views • 18 slides
Graph- -based Learning based Learning Graph Larry Holder Larry Holder Computer Science and

Graph- -based Learning based Learning Graph Larry Holder Larry Holder Computer Science and

Graph- -based Learning based Learning Graph Larry Holder Larry Holder Computer Science and Engineering Computer Science and Engineering University of Texas at Arlington University of Texas at Arlington 1 1 Graph- -based Learning based

817 views • 39 slides

More recommend