high speed define 19 prime elliptic curve cryptography
play

High-speed Define 19; prime. elliptic-curve cryptography Define - PowerPoint PPT Presentation

Oct 05, 2022 •154 likes •606 views

= 2 255 High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve : Z 0 1 by D. J. Bernstein th multiple coordinate of

  1. ✄ � ✂ ✂ ✁ � ✁ ☎ ✁ ✂ ✆ ✁ ✂ ✂ ✆ ☎ = 2 255 High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define ✁ 1 Curve : Z 0 1 by D. J. Bernstein ✄ th multiple coordinate of Thanks to: ✂ ) on the elliptic curve of (2 2 = ✆ 3 + ✆ 2 + University of Illinois at Chicago over F ✝ . NSF CCR–9983950 Main topic of this talk: Compute Alfred P. Sloan Foundation ✁ Curve( ) Curve( ) in very few CPU cycles. In particular, use floating point for fast arithmetic mod .

  2. ✂ ✁ ✁ ✆ � ✁ ✂ ✂ ✂ ✁ ✂ ✄ ✆ ☎ � ✁ ✁ ☎ = 2 255 Define 19; prime. Why cryptographers cryptography Define = 358990. Define Each user has secret ✁ 1 Curve : Z 0 1 by public key Curve( ✄ th multiple coordinate of Users with secret k ✂ ) on the elliptic curve of (2 2 = ✆ 3 + ✆ 2 + Illinois at Chicago exchange Curve( ) over F ✝ . CCR–9983950 through an authenticated Main topic of this talk: Compute Foundation compute Curve( ✁ Curve( ) Curve( ) use hash as shared in very few CPU cycles. encrypt and authenticate In particular, use floating point Curve speed is imp for fast arithmetic mod . when number of messages

  3. ☎ ✁ ✆ ✁ ✂ ✂ ✁ ✆ ☎ ✁ � ✄ ✂ ✂ ✂ � ✁ = 2 255 Define 19; prime. Why cryptographers care Define = 358990. Define Each user has secret key , ✁ 1 Curve : Z 0 1 by public key Curve( ). ✄ th multiple coordinate of Users with secret keys ✂ ) on the elliptic curve of (2 2 = ✆ 3 + ✆ 2 + ✁ Curve( ) exchange Curve( ) over F ✝ . through an authenticated channel; Main topic of this talk: Compute compute Curve( ); hash it; ✁ Curve( ) Curve( ) use hash as shared secret to in very few CPU cycles. encrypt and authenticate messages. In particular, use floating point Curve speed is important for fast arithmetic mod . when number of messages is small.

  4. � ☎ ✁ ☎ ✁ � ✆ ✆ ✆ ✂ ✂ ✂ ✆ ✁ ✄ � ✁ ✂ ✂ ✁ ✂ ✁ ✆ 19; prime. Why cryptographers care Analogous system 358990. Define 1976 Diffie Hellman. Each user has secret key , ✁ 1 1 by public key Curve( ). Using elliptic curves ✄ th multiple rdinate of to avoid index-calculus Users with secret keys elliptic curve 1986 Miller, 1987 Koblitz. ✁ Curve( ) exchange Curve( ) over F ✝ . ✆ 3 + ✆ 2 + through an authenticated channel; Using this talk: Compute compute Curve( ); hash it; 1987 Montgomery Curve( ) use hash as shared secret to High precision from cycles. encrypt and authenticate messages. 1968 Veltkamp, 1971 floating point Curve speed is important Speedups: 1999–2005 rithmetic mod . when number of messages is small.

  5. � ✁ ✆ Why cryptographers care Analogous system using 2 mod : 1976 Diffie Hellman. Each user has secret key , public key Curve( ). Using elliptic curves to avoid index-calculus attacks: Users with secret keys 1986 Miller, 1987 Koblitz. ✁ Curve( ) exchange Curve( ) ✆ 3 + ✆ 2 + through an authenticated channel; Using for speed: compute Curve( ); hash it; 1987 Montgomery (for ECM). use hash as shared secret to High precision from fp sums: encrypt and authenticate messages. 1968 Veltkamp, 1971 Dekker. Curve speed is important Speedups: 1999–2005 Bernstein. when number of messages is small.

  6. ✆ � ✁ cryptographers care Analogous system using 2 mod : Understanding CPU 1976 Diffie Hellman. secret key , Computers are designed Curve( ). Using elliptic curves music, movies, Photoshop, to avoid index-calculus attacks: etc. Heavy use of secret keys 1986 Miller, 1987 Koblitz. i.e., approximate real ✁ Curve( ) ) ✆ 3 + ✆ 2 + authenticated channel; Using for speed: Example: Athlon, ); hash it; 1987 Montgomery (for ECM). does one add and red secret to of high-precision fp High precision from fp sums: authenticate messages. 1968 Veltkamp, 1971 Dekker. Programmer paying important Speedups: 1999–2005 Bernstein. to these CPU features messages is small. can use them for cryptography

  7. ✆ � Analogous system using 2 mod : Understanding CPU design 1976 Diffie Hellman. Computers are designed for Using elliptic curves music, movies, Photoshop, Doom 3, to avoid index-calculus attacks: etc. Heavy use of fp arithmetic, 1986 Miller, 1987 Koblitz. i.e., approximate real arithmetic. ✆ 3 + ✆ 2 + Using for speed: Example: Athlon, every cycle, 1987 Montgomery (for ECM). does one add and one multiply of high-precision fp numbers. High precision from fp sums: 1968 Veltkamp, 1971 Dekker. Programmer paying attention Speedups: 1999–2005 Bernstein. to these CPU features can use them for cryptography.

  8. ✂ � ✂ ✁ ✁ � ✄ ✄ ✆ ✆ � ✆ system using 2 mod : Understanding CPU design A 53-bit fp numb Hellman. is a real number 2 Computers are designed for with Z and curves music, movies, Photoshop, Doom 3, index-calculus attacks: etc. Heavy use of fp arithmetic, Round each real numb 1987 Koblitz. i.e., approximate real arithmetic. closest 53-bit fp numb Round halves to even. + for speed: Example: Athlon, every cycle, Montgomery (for ECM). does one add and one multiply Examples: of high-precision fp numbers. fp 53 (8675309) = 8675309; from fp sums: fp 53 (2 127 + 8675309) 1971 Dekker. Programmer paying attention fp 53 (2 127 8675309) 1999–2005 Bernstein. to these CPU features can use them for cryptography.

  9. ✁ � � ✄ ✂ ✂ ✁ Understanding CPU design A 53-bit fp number is a real number 2 Computers are designed for 2 53 . with Z and music, movies, Photoshop, Doom 3, etc. Heavy use of fp arithmetic, Round each real number to i.e., approximate real arithmetic. closest 53-bit fp number, fp 53 ✄ . Round halves to even. Example: Athlon, every cycle, does one add and one multiply Examples: of high-precision fp numbers. fp 53 (8675309) = 8675309; fp 53 (2 127 + 8675309) = 2 127 ; Programmer paying attention fp 53 (2 127 8675309) = 2 127 . to these CPU features can use them for cryptography.

  10. � � � ☎ � ☎ � ✂ ✂ ✁ ✁ ✄ ✁ CPU design A 53-bit fp number Typical CPU: UltraSP is a real number 2 designed for Every cycle, UltraSP 2 53 . with Z and Photoshop, Doom 3, one fp multiplication ✁ ) of fp arithmetic, Round each real number to fp 53 ( ✁ ✂✁ real arithmetic. closest 53-bit fp number, fp 53 ✄ . and one fp addition � + ✁ ), Round halves to even. fp 53 ( thlon, every cycle, ✁ ✂✁ subject to limits on and one multiply Examples: fp numbers. fp 53 (8675309) = 8675309; “4-cycle fp-operation fp 53 (2 127 + 8675309) = 2 127 ; Results available after ying attention fp 53 (2 127 8675309) = 2 127 . features Can substitute subtraction r cryptography. for addition. I’ll count subtractions as additions.

  11. � � ☎ ✁ ✁ � ✂ ✂ � ☎ ✄ � A 53-bit fp number Typical CPU: UltraSPARC III. is a real number 2 Every cycle, UltraSPARC III can do 2 53 . with Z and one fp multiplication ✁ ) Round each real number to fp 53 ( ✁ ✂✁ closest 53-bit fp number, fp 53 ✄ . and one fp addition � + ✁ ), Round halves to even. fp 53 ( ✁ ✂✁ subject to limits on ✁ . Examples: fp 53 (8675309) = 8675309; “4-cycle fp-operation latency”: fp 53 (2 127 + 8675309) = 2 127 ; Results available after 4 cycles. fp 53 (2 127 8675309) = 2 127 . Can substitute subtraction for addition. I’ll count subtractions as additions.

  12. � ✄ � ☎ � � ☎ ✁ � ☎ � ✂ ✂ ✁ ✁ � � Typical CPU: UltraSPARC III. Some variation among number 2 Every cycle, UltraSPARC III can do PowerPC RS64 IV: 2 53 . and one fp multiplication or one multiplication ✁ ) number to fp 53 ( “fused” fp ✁ ✂✁ ✁ ✂✁ ✁ ✁� number, fp 53 ✄ . and one fp addition Results available after � + ✁ ), even. fp 53 ( Athlon: fp 64 instead ✁ ✂✁ subject to limits on ✁ . one multiplication 8675309; “4-cycle fp-operation latency”: Results available after 8675309) = 2 127 ; Results available after 4 cycles. I’ll focus on UltraSP 8675309) = 2 127 . Can substitute subtraction Not the most impo for addition. I’ll count but it’s a good warmup. subtractions as additions.

  13. � � ☎ ☎ � � � ☎ Typical CPU: UltraSPARC III. Some variation among CPUs. Every cycle, UltraSPARC III can do PowerPC RS64 IV: One addition one fp multiplication or one multiplication or one ✁ ) ✁ + � ). fp 53 ( “fused” fp 53 ( ✁ ✂✁ ✁ ✂✁ ✁ ✁� and one fp addition Results available after 4 cycles. � + ✁ ), fp 53 ( Athlon: fp 64 instead of fp 53 ; ✁ ✂✁ subject to limits on ✁ . one multiplication and one addition. “4-cycle fp-operation latency”: Results available after 4 cycles. Results available after 4 cycles. I’ll focus on UltraSPARC III. Can substitute subtraction Not the most important CPU, for addition. I’ll count but it’s a good warmup. subtractions as additions.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields K. Jrvinen 1 , A. Miele 2 , R. Azarderakhsh 3 , and P . Longa 4 1 Aalto University 2 Intel Corporation 3 Rochester Institute of

831 views • 81 slides
Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma Skytt a Helsinki University of Technology Department of Signal

528 views • 36 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363 more elliptic-curve formulas; uses Weierstrass curves field arithmetic in Jacobian coordinates Daniel J. Bernstein to provide the fastest

2.15k views • 187 slides
High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce elliptic-curve formulas cryptographic security levels or give up on cryptography. Daniel J. Bernstein University of Illinois at Chicago & Example 1

1.55k views • 138 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A mine Mrabet , Nadia El-Mrabet, Ronan Lashermes , Jean-Baptiste Rigaud, Belgacem Bouallegue, Sihem Mesnager and Mohsen Machhout September 2016

920 views • 44 slides
Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester Rebeiro, Sujoy Sinha Roy, and Debdeep Mukhopadhyay Secured Embedded Architecture Lab Indian Institute of Technology Kharagpur India 9/12/2012 CHES

720 views • 45 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Ellip%c Curve Cryptography Chester Rebeiro IIT Madras Slides borrowed from Prof. D.

Ellip%c Curve Cryptography Chester Rebeiro IIT Madras Slides borrowed from Prof. D.

Ellip%c Curve Cryptography Chester Rebeiro IIT Madras Slides borrowed from Prof. D. Mukhopadhyay, IIT Kharagpur Ref: NPTEL course by the same professor available on youtube ECC vs RSA 2 Lets start with a puzzle What is the number of

753 views • 25 slides
Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Outline Elliptic curve cryptography Secure domain parameters Case study: finding secure Edwards curves Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law hlaw@iml.univ-mrs.fr Institute de Math ematiques de

662 views • 41 slides
Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

992 views • 52 slides
A Finite Field Example Over F p geometric pictures dont make sense. Example Let E : y 2 = x 3

A Finite Field Example Over F p geometric pictures dont make sense. Example Let E : y 2 = x 3

E LLIPTIC CURVES C RYPTOGRAPHY F RANCESCO P APPALARDI #3 - T HIRD L ECTURE . J UNE 18 TH 2019 WAMS S CHOOL : O I NTRODUCTORY TOPICS IN N UMBER T HEORY AND D IFFERENTIAL G EOMETRY King Khalid University Abha, Saudi Arabia A Finite Field Example

404 views • 13 slides
Rational Points on an Elliptic Curve Dr. Carmen Bruni University of Waterloo November 11th, 2015

Rational Points on an Elliptic Curve Dr. Carmen Bruni University of Waterloo November 11th, 2015

Rational Points on an Elliptic Curve Dr. Carmen Bruni University of Waterloo November 11th, 2015 Lest We Forget Dr. Carmen Bruni Rational Points on an Elliptic Curve Revisit the Congruent Number Problem Congruent Number Problem Determine

572 views • 31 slides
Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC IRISA

Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC IRISA

Hardware Architectures for HECC Gabriel GALLIN and Arnaud TISSERAND CNRS Lab-STICC IRISA HAH Project CryptArchi June, 2017 Summary Context & Motivations HECC Operations Efficient Multiplier Architectures and Tools Conclusion

507 views • 33 slides
Computing Isogenies between Montgomery Curves Using the Action of (0 , 0) Joost Renes Radboud

Computing Isogenies between Montgomery Curves Using the Action of (0 , 0) Joost Renes Radboud

Computing Isogenies between Montgomery Curves Using the Action of (0 , 0) Joost Renes Radboud University, The Netherlands 9 April 2018 9 April 2018 1 / 11 Supersingular isogeny-based cryptography Proposed by Jao & De Feo [JF11]

972 views • 56 slides
2017.03.24 Yongsoo Song Contents Motivation The Learning with errors (LWE) Problem

2017.03.24 Yongsoo Song Contents Motivation The Learning with errors (LWE) Problem

2017.03.24 Yongsoo Song Contents Motivation The Learning with errors (LWE) Problem LWE-based Encryptions; Previous Works Our Scheme LWR Result and Conclusion Motivation Mot otiv ivation Contemporary Cryptography 1 2

541 views • 25 slides

More recommend