VIEWS: 0 PAGES: 43 POSTED ON: 2/15/2013
An Inverter Architecture for ECC-GF(2 m) Based on the Stein’s Algorithm Objectives To present the development of a modular inverter for elliptic curves, implemented by programmable circuit; To show the viability to implement this inverter by combinatorial circuit; To talk about the difficulties found during the development of the inverter; To explain the solutions found to allow the development of the inverter. Justifications The interest about digital circuits; The today importance of projects that work with cryptography implemented by hardware; The need to create a device in order to increase the performance of programs that work with asymmetric cryptography; Challenges: speed X area; combinatorial circuits X affine coordinates. Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. Introduction Information; QS (symmetric cryptography); QP and k (asymmetric cryptography); Q = kP; 2P and +P: doubling and addition of P; +, *, x2, mod, x-1: finite field arithmetic. Introduction A Key-Exchange Example cli – the client side of the communication; serv – the server side of the communication; P – an element previously chosen by cli and serv; k – a private key; QP – a public key; QS – a secret key; Q and P are elements of the same type. Introduction Key-Exchange The cli generates at random an integer number kcli; The serv generates at random an integer number kserv; The cli calculates: QPcli = kcli P; The serv calculates: QPserv = kserv P; The cli sends QPcli to the serv; The serv sends QPserv to the cli; The cli calculates: QS = kcli QPserv; The serv calculates: QS = kserv QPcli. Introduction Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. Elliptic Curves They are represented by the equation: y2 + xy = x3 + ax2 + b for which: x and y represent the point coordinates; a and b define an elliptic curve over GF(2m). ECC-GF() The Main Operation of the Elliptic Curve Algorithms Q = kP for which: k is an integer number; P is an elliptic curve point of coordinates x and y; Q is an elliptic curve point of coordinates x and y; P(Px,Py) and Q(Qx,Qy) are points represented by affine coordinates and polynomial basis. ECC-GF() Double-and-Add Algorithm Q = 10P 1010 => ((2P)2+P)2 => 10P Q = 17P 10001 => (((2P)2)2)2+P => 17P ECC-GF() Point Doubling S = PX + ((P’Y) / (P’X)) mod p QX = (S2 + S + a) mod p QY = (S(PX + QX) + PY + QX) mod p ECC-GF() Point Addition S = ((PY + P’Y) / (PX + P’X)) mod p QX = (S2 + S + PX + P’X + a) mod p QY = (S(PX + QX) + PY + QX) mod p ECC-GF() Comparison Between Doublings . and Additions . S = Px + (P’y / P’x) mod p. S = ((Py + P’y) / (Px + P’x)) mod p. Qx = (S2 + S + a) mod p. Qx = (S2 + S + Px + P’x + a) mod p. Qy = (S(Px + Qx) + Py + Qx) mod p. Qy = (S(Px + Qx) + Py + Qx) mod p. ECC-GF() Unification of the Equations S = F + ((G + P’Y) / (H + P’X)) mod p QX = (S2 + S + PX + P’X + a) mod p QY = (S(PX + QX) + PY + QX) mod p ECC-GF() Attribution of Values Point Doubling: Point Addition: F = PX; F = 0; G = 0; G = PY; H = 0. H = PX. ECC-GF() Finite Field Arithmetic Sum; Multiplication; Module; Squaring; Modular Inversion. ECC-GF() Unification of the Equations S = F + ((G + P’Y) / (H + P’X)) mod p QX = (S2 + S + PX + P’X + a) mod p QY = (S(PX + QX) + PY + QX) mod p ECC-GF() Optimization of the Equations S = F + ((G + P’Y) * (H + P’X)-1) mod p QX = (S2 + S + PX + P’X + a) mod p QY = (S(PX + QX) + PY + QX) mod p ECC-GF() Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. Modular Division Methods Gaussian Elimination; Fermat’s Theorem; MDC (Euclides or Stein). A Combinatorial Circuit for Modular Inversion The Stein’s Algorithm (A, B, U, V) (P’x, p, 1, 0) while A != 0 and B != 1 if A0 = 1 if deg(A) >= deg(B) (A, B) (A + B, U + V) else (A, B, U, V) (A + B, A, U + V, U) endif endif (A, U) (A / 2, (U / 2) mod p) endwhile A Combinatorial Circuit for Modular Inversion The Stein’s Algorithm Optimized (A, B, U, V, DCC, Flag, slice) (P’x, p, 1, 0, 2, 1, 2m-1) while slice > 0 if A0 = 1 if Flag = 1 and DCC0 = 0 (A, B, U, V, Flag) (A + B, A, U + V, U, 0) else (A, B) (A + B, U + V) endif endif (A, U) (A / 2, (U / 2) mod p) if Flag = 0 and DCC0 = 0 DCC DCC / 2 else (DCC, Flag) ((DCC * 2), 1) endif slice slice -1 endwhile A Combinatorial Circuit for Modular Inversion FLAG and AUX handling DCCin0 Ain0 FLAGin FLAGout FLAGin DCCin0 AUX A Combinatorial Circuit for Modular Inversion DCC handling DCCin[m-1..0] DCCL[m..1] DCCL[m..0] GND DCCL0 DCCout[m..0] DCCR[m..0] GND DCCRm DCCin[m..1] DCCR[m-1..0] FLAGout A Combinatorial Circuit for Modular Inversion A handling GND Ainm+1 Ain[m+1..1] Bin[m+1..1] Aout[m..0] Ain0 GND Binm+1 A Combinatorial Circuit for Modular Inversion U handling Uin[m..0] Vin[m..0] U[m..0] Ain0 GND Um+1 U[m+1..1] Uout[m..0] GND pm+1 p[m+1..1] A Combinational Circuit for Modular Inversion B handling Ain[m..0] Bout[m..0] Bin[m..0] AUX A Combinational Circuit for Modular Inversion V handling Uin[m..0] Vout[m..0] Vin[m..0] AUX A Combinatorial Circuit for Modular Inversion Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. A combinatorial Circuit for Point Doubling and Point Addition P’x Qx Modular Other P’x Inversion Operations P’y Qy A Combinatorial Circuit for Point Doubling and Point Addition Unification of the Equations S = F + ((G + P’Y) * (H + P’X)-1) mod p QX = (S2 + S + PX + P’X + a) mod p QY = (S(PX + QX) + PY + QX) mod p A Combinatorial Circuit for Point Doubling and Point Addition Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. The Cryptosystem CPU PC-board EP2S180F1020C4 EP2S90F1508C3 Registers Key- P P’x P Exchange Other Qx Example P’x Modular Inversion S Operations Qy P’y k Temp. k Algorithm of RNG Reg. ECC-GF(2m) PC Bus CAPTION data flow control signal A Cryptosystem Implemented by Programmable Circuits Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. General Results Number Number Number Circuit Compilation Finite of of of Delay Time Field Pins Slices LUTs (ns) (dd:hh:mm:ss) 113 229 225 60,361 324 01:18:41:19 131 265 261 82,082 374 03:04:51:36 163 329 325 128,265 491 10:03:31:41 Results Modular Inversion Time for Different Implementations Implementations Modular Inversion Time (µs) Ext. Euclides 2.509 Itho-Tsujii 0.760 Our Inverter 0.490 Results Scalar Multiplication Time for Different Implementations Software or Q = kP Implementation Finite Field Plataform Hardware (ms) Montgomery [LD99] Software GF(2163) UltraSparc 64-bit 13,5 Almost Inv. [SOOS95] Software GF(2155) DEC Alpha 64-bit 7,8 3,9 ASIC Coprocessor [AMV93] Hardware GF(2155) VLSI est. 18,4 FPGA Coprocessor [SES98] Hardware GF(2155) Xilinx FPGA XC4020XL est. ECP [OP00] Hardware GF(2167) Xilinx FPGA XCV400E 0,21 Montgomery [EGSG03] Software GF(2163) Sun FireTM280R Server 3,11 Cryptographic Processor [EGSG03] Hardware GF(2163) Xilinx FPGA Virtex-II XCV2000E-7 0,14 Altera FPGAs Stratix II: Our Cryptosystem Hardware GF(2163) EP2S180F1020C4 and 0,1 EP2S90F1508C3 Results Results of Our Key-Exchange Example Our Key-Exchange Example Finite Field Without our cryptosystem With our cryptosystem (s) (µs) 113 1 125 131 2 161 163 5 244 Results Summary Introduction; ECC-GF(2m); A combinatorial Circuit for Modular Inversion; A combinatorial Circuit for Point Doubling and Point Addition; A Cryptosystem Implemented by Programmable Circuits; Results; Conclusions. Conclusions The Objectives was successfully achieved; High performance to the detriment of a small area; High-speed and high-density combinatorial circuits; Our inverter and cryptosystem were made valid; Our cryptosystem allows high frequency of key exchange. Conclusions The End