Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Published byBaylee Buttler Modified over 9 years ago

Similar presentations

Presentation on theme: "Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?"— Presentation transcript:

1 Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany

2 Outline The Past The Problem The Solution The Implementation
The Future : Previous work : Design a tiny ECC processor : Algorithmic choice : CMOS ASIC design : ECC in RFID

3 The Past: RFID workshop 2005!

4 Elliptic Curve Cryptography (ECC)
ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3) 1.00 Discribe groµP GroµP operation Field operation Point mult and ECDLP

5 Elliptic Curve Cryptography (ECC)
ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3) =(y2-y1)/(x2-x1) x3=2-x2-x1 y3=(x1-x3)-y1 Discribe groµP GroµP operation Field operation Point mult and ECDLP

6 Elliptic Curve Cryptography (ECC)
Define group over an Elliptic Curve Finite Field Types Binary Fields Prime Fields Extension Fields (OEF) Finite Fields Prime fields Extension fields GF(p) GF(pm) char = 2 char > 2 binary OEF Describe groµP GroµP operation Field operation Point mult and ECDLP GF(2n) GF((2n-c)m)

7 ECC System Design Protocol Group Operation Field Operations
Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse a+b, a-b, a·b, 1/b

8 ECC System Design Protocol Group Operation Field Operations
Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse x3=... y3=... a+b, a-b, a·b, 1/b

9 ECC System Design Protocol Group Operation Field Operations
Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse kP x3=... y3=... a+b, a-b, a·b, 1/b

10 Scalar Point Multiplication
Easy : Hard : k . P (Point Mult.) P + P P = T Given P, T. Find k? Elliptic Curve Discrete Logarithm Problem (ECDLP) Discribe groµP GroµP operation Field operation Point mult and ECDLP

11 The Problem: Tiny ECC design
Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : memory amounts to more than 50% of design : avoid units like invertor design for specific size : reduce control logic area - multiplexers

12 The Problem ! The Solution
arithemtic unit memory Solution simple but efficient

13 The Solution: Tiny ECC design
Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : Affine co-ordinates, Montgomery scalar multiplication : An efficient invertor unit using an efficient squarer : Modify Montgomery scalar multiplication algo.

14 Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit
Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult.

15 The Implementation: Multiplier
Most-Significant Bit (MSB) Multiplier n-clocks for n-bit multiplier

16 Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit
Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Fermat‘s Little Theorem

17 The Implementation: Invertor
Fermat‘s Little Theorem A-1 = A2m-2 mod F(x) if A in GF(2m) For m=163 : 161 Mult Sqr. Itoh-Tsuji Method: For m=163: 9 Mult Sqr. A2m-2=A(2(m-1)-1).2 =A[111..1]2.2 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

18 Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit
Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Parallel Squaring Fermat‘s Little Theorem

19 The Implementation: Squarer
Single Cycle Squaring Low critical path

20 Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit
Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Parallel Squaring Fermat‘s Little Theorem Modified Montgomery Algo

21 Modified Montgomery Algorithm
Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

22 The Implementation ECC processor implementation for 2113,2131,2163,2193 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

23 Tiny ECC processor: Results
MHz Field Size Arithmetic Unit(gates) Memory (gates) Total Time (ms) 113 1,625 6,686 10,112 14 131 2,071 7,747 11,969 18 163 2,572 9,632 15,094 32 193 2,776 11,400 17,723 41 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2) 22% smaller than previous results

24 The Future Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Yes and No! Depends on application, RFID device, power... Future? The next 60 mins!

25 Thank You!

Download ppt "Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?"

Similar presentations

1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,

1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,
Thapliyal 1MAPLD 2005/1011 A High Speed and Efficient Method of Elliptic Curve Encryption Using Ancient Indian Vedic Mathematics Himanshu Thapliyal and.

Thapliyal 1MAPLD 2005/1011 A High Speed and Efficient Method of Elliptic Curve Encryption Using Ancient Indian Vedic Mathematics Himanshu Thapliyal and.
14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.

14. Aug Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.
COMP 170 L2 Page 1 L06: The RSA Algorithm l Objective: n Present the RSA Cryptosystem n Prove its correctness n Discuss related issues.

COMP 170 L2 Page 1 L06: The RSA Algorithm l Objective: n Present the RSA Cryptosystem n Prove its correctness n Discuss related issues.
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.

The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.

A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.
Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291.

Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291.
A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.

Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.

CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.

1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Similar presentations

Ads by Google