high speed elliptic curve cryptography accelerator for
play

High-Speed Elliptic Curve Cryptography Accelerator for Koblitz - PowerPoint PPT Presentation

Mar 11, 2023 •154 likes •528 views

Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma Skytt a Helsinki University of Technology Department of Signal

  1. Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J¨ arvinen Jorma Skytt¨ a Helsinki University of Technology Department of Signal Processing and Acoustics Otakaari 5A, FIN-02150, Finland {Kimmo.Jarvinen,Jorma.Skytta}@tkk.fi April 14, 2008 FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  2. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Outline Preliminaries 1 Elliptic Curve Cryptography Koblitz Curves Window Method and Multiple Point Multiplication FPGA Implementation 2 Design Specifications Architecture of the Implementation Results, Comparisons and Conclusions 3 Results Comparisons Conclusions and Future Work FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  3. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Introduction to Elliptic Curve Cryptography Public-key cryptography method which uses a group of points on an elliptic curve, E , defined over a finite field, F q Faster and shorter keys than, e.g., RSA FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  4. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Introduction to Elliptic Curve Cryptography Public-key cryptography method which uses a group of points on an elliptic curve, E , defined over a finite field, F q Faster and shorter keys than, e.g., RSA Elliptic Curve Point Multiplication Q = kP where k is a positive integer and P = ( x , y ) is a point on E Computed with point additions, P 1 + P 2 , and point doublings, 2 P 1 FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  5. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Point Multiplication on Koblitz Curves Koblitz curves Frobenius maps, φ ( P 1 ) , instead of point doublings ⇒ faster computation k must be converter to τ -adic representation FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  6. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Point Multiplication on Koblitz Curves Koblitz curves Frobenius maps, φ ( P 1 ) , instead of point doublings ⇒ faster computation k must be converter to τ -adic representation Point multiplication Frobenius map for all bits of k Point addition if the bit is 1 FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  7. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Point Multiplication on Koblitz Curves Koblitz curves Frobenius maps, φ ( P 1 ) , instead of point doublings ⇒ faster computation k must be converter to τ -adic representation Point multiplication Frobenius map for all bits of k Point addition if the bit is 1 Example 1001110001001111001 10 A AAA A AAAA A FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  8. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Point Multiplication on Koblitz Curves Koblitz curves Frobenius maps, φ ( P 1 ) , instead of point doublings ⇒ faster computation k must be converter to τ -adic representation Point multiplication Frobenius map for all bits of k Point addition if the bit is 1 , point subtraction if ¯ 1 Example 10100¯ 1000101000¯ 1001110001001111001 1001 10 7 A AAA A AAAA A A A S A A S A FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  9. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Window Method Windowing further reduces the number of point additions FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  10. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Window Method Windowing further reduces the number of point additions Idea of windowing Instead of computing AAA several times: Precompute AAA Use the precomputed value every time for the string 111 ! We precompute values for the strings 10¯ 1 , 101 , and 1001 FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  11. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Window Method Windowing further reduces the number of point additions Idea of windowing Instead of computing AAA several times: Precompute AAA Use the precomputed value every time for the string 111 ! We precompute values for the strings 10¯ 1 , 101 , and 1001 Example τ NAF Width-4 τ NAF 10¯ 10100010010010100¯ 10¯ 301000000¯ 7000050000¯ 1 5 9 5 A S A S A A A S S A A S A S 3 Precomputations: FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  12. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Multiple Point Multiplication Sum of n point multiplications Q = k ( 1 ) P ( 1 ) + k ( 2 ) P ( 2 ) + . . . + k ( n ) P ( n ) FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  13. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Multiple Point Multiplication Sum of n point multiplications Q = k ( 1 ) P ( 1 ) + k ( 2 ) P ( 2 ) + . . . + k ( n ) P ( n ) Efficient computation with Shamir’s trick Precompute all combinations of P ( 1 ) . . . P ( n ) , e.g. P ( 1 ) + P ( 2 ) and P ( 1 ) − P ( 2 ) Interpret k ( 1 ) . . . k ( n ) as n -row table, e.g. 100100 ¯ 101001010 10 ¯ 10010010100 ¯ 10 Frobenius map for all columns Point addition with precomputed point if column is nonzero FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  14. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Multiple Point Multiplication Sum of n point multiplications Q = k ( 1 ) P ( 1 ) + k ( 2 ) P ( 2 ) + . . . + k ( n ) P ( n ) Efficient computation with Shamir’s trick Precompute all combinations of P ( 1 ) . . . P ( n ) , e.g. P ( 1 ) + P ( 2 ) and P ( 1 ) − P ( 2 ) Interpret k ( 1 ) . . . k ( n ) as n -row table, e.g. 100100 ¯ 101001010 10 ¯ 10010010100 ¯ 10 Frobenius map for all columns Point addition with precomputed point if column is nonzero τ -adic joint sparse form ( τ JSF) τ JSF maximizes the number of zero columns in the table FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  15. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Algorithmic Comparison Window method Multiple point multiplication Input: n integers k ( i ) , n points P ( i ) Input: Integer k , point P Output: Result point Q = � n i = 1 k ( i ) P ( i ) Output: Result point Q = kP � k ℓ − 1 ... k 0 � ← τ JSF ( k ( 1 ) , ..., k ( n ) ) � k ℓ − 1 ... k 0 � ← w - τ NAF ( k ) P 1 , P 2 , ..., P ( 3 n − 1 ) / 2 ← PreC ( P ( 1 ) , ..., P ( n ) ) P 1 , P 3 , ..., P 2 w − 1 − 1 ← PreC ( P ) Q ← O Q ← O for i = ℓ − 1 down to 0 do for i = ℓ − 1 down to 0 do Q ← φ ( Q ) Q ← φ ( Q ) if k i � = 0 then if k i � = 0 then Q ← Q + sign ( k i ) P | k i | Q ← Q + sign ( k i ) P | k i | end if end if end for end for Q ← xy ( Q ) Q ← xy ( Q ) FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

  16. Preliminaries FPGA Implementation Results, Comparisons and Conclusions Algorithmic Comparison Window method Multiple point multiplication Input: n integers k ( i ) , n points P ( i ) Input: Integer k , point P Output: Result point Q = � n i = 1 k ( i ) P ( i ) Output: Result point Q = kP � k ℓ − 1 ... k 0 � ← τ JSF ( k ( 1 ) , ..., k ( n ) ) � k ℓ − 1 ... k 0 � ← w - τ NAF ( k ) P 1 , P 2 , ..., P ( 3 n − 1 ) / 2 ← PreC ( P ( 1 ) , ..., P ( n ) ) P 1 , P 3 , ..., P 2 w − 1 − 1 ← PreC ( P ) Q ← O Q ← O for i = ℓ − 1 down to 0 do for i = ℓ − 1 down to 0 do Q ← φ ( Q ) Q ← φ ( Q ) if k i � = 0 then if k i � = 0 then Q ← Q + sign ( k i ) P | k i | Q ← Q + sign ( k i ) P | k i | end if end if end for end for Q ← xy ( Q ) Q ← xy ( Q ) FCCM 2008, April 14–15, 2008, Palo Alto, CA, USA K. J¨ arvinen, J. Skytt¨ a — Helsinki University of Technology

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve :

High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve :

= 2 255 High-speed Define 19; prime. elliptic-curve cryptography Define = 358990. Define 1 Curve : Z 0 1 by D. J. Bernstein th multiple coordinate of

606 views • 45 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime

Four Q on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields K. Jrvinen 1 , A. Miele 2 , R. Azarderakhsh 3 , and P . Longa 4 1 Aalto University 2 Intel Corporation 3 Rochester Institute of

831 views • 81 slides
High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363 more elliptic-curve formulas; uses Weierstrass curves field arithmetic in Jacobian coordinates Daniel J. Bernstein to provide the fastest

2.15k views • 187 slides
High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce elliptic-curve formulas cryptographic security levels or give up on cryptography. Daniel J. Bernstein University of Illinois at Chicago & Example 1

1.55k views • 138 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication A mine Mrabet , Nadia El-Mrabet, Ronan Lashermes , Jean-Baptiste Rigaud, Belgacem Bouallegue, Sihem Mesnager and Mohsen Machhout September 2016

920 views • 44 slides
Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester

Pushing the Limits of High-Speed GF (2 m ) Elliptic Curve Scalar Multiplier on FPGAs Chester Rebeiro, Sujoy Sinha Roy, and Debdeep Mukhopadhyay Secured Embedded Architecture Lab Indian Institute of Technology Kharagpur India 9/12/2012 CHES

720 views • 45 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA Wen Wang , Shanquan Tian, Bernhard Jungk, Nina Bindel, Patrick Longa, and Jakub Szefer CHES 2020 September 14, 2020

711 views • 69 slides
ADJOINT APPROACH TO ACCELERATOR LATTICE DESIGN* T.M.

ADJOINT APPROACH TO ACCELERATOR LATTICE DESIGN* T.M.

ADJOINT APPROACH TO ACCELERATOR LATTICE DESIGN* T.M. Antonsen, I. Haber, B. L. Beaudoin Ins6tute for Research in Electronics and Applied Physics

656 views • 13 slides
The UK - a natural home for global engineering and technology champions? Warren East January

The UK - a natural home for global engineering and technology champions? Warren East January

The UK - a natural home for global engineering and technology champions? Warren East January 2019 Certain material courtesy of ARM and Rolls-Royce Making an Engineer Certain material courtesy of ARM and Rolls-Royce Rolls-Royce: A Leading

988 views • 39 slides
Lecture 4: Smoothing Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Last

Lecture 4: Smoothing Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Last

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 4: Smoothing Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Last lectures key concepts Basic probability review: joint probability, conditional

412 views • 38 slides
Datacentre Acceleration Ted Zhang (z5019142) Meisi Li (z5119623) Han Zhao(z5099931) Nattamon

Datacentre Acceleration Ted Zhang (z5019142) Meisi Li (z5119623) Han Zhao(z5099931) Nattamon

Datacentre Acceleration Ted Zhang (z5019142) Meisi Li (z5119623) Han Zhao(z5099931) Nattamon Paiboon (z5176930) Background Data Centres Centralised computing and network infrastructure Cloud applications for storage and computation

640 views • 46 slides
STORK Worshop 26-27 November 2002 Bruges Aniyan Varghese aniyan.varghese@cec.eu.int European

STORK Worshop 26-27 November 2002 Bruges Aniyan Varghese aniyan.varghese@cec.eu.int European

Cryptography Research in FP6 Cryptography Research in FP6-I ST I ST STORK Worshop 26-27 November 2002 Bruges Aniyan Varghese aniyan.varghese@cec.eu.int European Commission DG I nformation Society European Commission DG I nformation

316 views • 12 slides
IDPAs Intra-Group Data Processing Agreements 21.10.2020 IAPP Switzerland KnowledgeNet Dr

IDPAs Intra-Group Data Processing Agreements 21.10.2020 IAPP Switzerland KnowledgeNet Dr

IDPAs Intra-Group Data Processing Agreements 21.10.2020 IAPP Switzerland KnowledgeNet Dr David Vasella, CIPP/E 1 Challenges and options for international groups 2 The challenge The reality : The law : International groups of

483 views • 14 slides
Erasmus+ mobility for studies 19/20 Info Meeting Call available in English:

Erasmus+ mobility for studies 19/20 Info Meeting Call available in English:

Erasmus+ mobility for studies 19/20 Info Meeting Call available in English: www.unibo.it/en/international/Studying-abroad/ January 14th Purposes and Destinations The Erasmus + Mobility for Studies programme enables students to spend a period

692 views • 28 slides

More recommend