Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität.

Similar presentations


Presentation on theme: "Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität."— Presentation transcript:

1 Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany

2 Outline The Past The Problem The Solution The Implementation The Future : Previous work : Design a tiny ECC processor : Algorithmic choice : CMOS ASIC design : ECC in RFID

3 The Past: RFID workshop 2005!

4 Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3)

5 Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3)  (y 2 -y 1 )/(x 2 -x 1 ) x 3 = 2 -x 2 -x 1 y 3 = (x 1 -x 3 )-y 1

6 Elliptic Curve Cryptography (ECC) Finite Fields GF(p) GF(p m ) GF(2 n ) GF((2 n -c) m ) Prime fields Extension fields char = 2 char > 2 binary OEF Define group over an Elliptic Curve Finite Field Types – Binary Fields – Prime Fields – Extension Fields (OEF)

7 a+b, a-b, a·b, 1/b ECC System Design Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

8 a+b, a-b, a·b, 1/b ECC System Design x 3 =... y 3 =... Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

9 a+b, a-b, a·b, 1/b ECC System Design x 3 =... y 3 =... kP Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

10 Scalar Point Multiplication k. P (Point Mult.) P + P +..  + P = T Given P, T. Find k? Elliptic Curve Discrete Logarithm Problem (ECDLP) Easy : Hard :

11 The Problem: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : memory amounts to more than 50% of design : avoid units like invertor design for specific size : reduce control logic area - multiplexers

12 The Problem ! The Solution Solution memory arithemtic unit simple but efficient

13 The Solution: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : Affine co-ordinates, Montgomery scalar multiplication : An efficient invertor unit using an efficient squarer : Modify Montgomery scalar multiplication algo.

14 Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult.

15 The Implementation: Multiplier Most-Significant Bit (MSB) Multiplier n-clocks for n-bit multiplier

16 Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Fermat‘s Little Theorem

17 The Implementation: Invertor Fermat‘s Little Theorem A -1 = A 2 m -2 mod F(x) if A in GF(2 m ) For m=163 : 161 Mult Sqr. Itoh-Tsuji Method: For m=163: 9 Mult Sqr. A 2 m -2 =A (2 (m-1) -1).2 =A [111..1] 2.2

18 Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Parallel Squaring – Fermat‘s Little Theorem

19 The Implementation: Squarer Single Cycle Squaring Low critical path

20 Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Parallel Squaring – Fermat‘s Little Theorem – Modified Montgomery Algo

21 Modified Montgomery Algorithm

22 The Implementation ECC processor implementation for 2 113,2 131,2 163,2 193

23 Tiny ECC processor: Results Field Size Arithmetic Unit(gates) Memory (gates) Total (gates) Time (ms) 1131,6256,68610, ,0717,74711, ,5729,63215, ,77611,40017, MHz 22% smaller than previous results

24 The Future Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? – Yes and No! – Depends on application, RFID device, power... Future? – The next 60 mins!

25 Thank You!


Download ppt "Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität."

Similar presentations


Ads by Google