Download presentation

Presentation is loading. Please wait.

Published byBaylee Buttler Modified about 1 year ago

1
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany

2
Outline The Past The Problem The Solution The Implementation The Future : Previous work : Design a tiny ECC processor : Algorithmic choice : CMOS ASIC design : ECC in RFID

3
The Past: RFID workshop 2005!

4
Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3)

5
Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3) (y 2 -y 1 )/(x 2 -x 1 ) x 3 = 2 -x 2 -x 1 y 3 = (x 1 -x 3 )-y 1

6
Elliptic Curve Cryptography (ECC) Finite Fields GF(p) GF(p m ) GF(2 n ) GF((2 n -c) m ) Prime fields Extension fields char = 2 char > 2 binary OEF Define group over an Elliptic Curve Finite Field Types – Binary Fields – Prime Fields – Extension Fields (OEF)

7
a+b, a-b, a·b, 1/b ECC System Design Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

8
a+b, a-b, a·b, 1/b ECC System Design x 3 =... y 3 =... Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

9
a+b, a-b, a·b, 1/b ECC System Design x 3 =... y 3 =... kP Protocol – Point Mult (k.P) Group Operation – Point Add/Double Field Operations – Addition/Subtraction – Multiplication – Reduction – Inverse

10
Scalar Point Multiplication k. P (Point Mult.) P + P +.. + P = T Given P, T. Find k? Elliptic Curve Discrete Logarithm Problem (ECDLP) Easy : Hard :

11
The Problem: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : memory amounts to more than 50% of design : avoid units like invertor design for specific size : reduce control logic area - multiplexers

12
The Problem ! The Solution Solution memory arithemtic unit simple but efficient

13
The Solution: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : Affine co-ordinates, Montgomery scalar multiplication : An efficient invertor unit using an efficient squarer : Modify Montgomery scalar multiplication algo.

14
Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult.

15
The Implementation: Multiplier Most-Significant Bit (MSB) Multiplier n-clocks for n-bit multiplier

16
Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Fermat‘s Little Theorem

17
The Implementation: Invertor Fermat‘s Little Theorem A -1 = A 2 m -2 mod F(x) if A in GF(2 m ) For m=163 : 161 Mult. + 162 Sqr. Itoh-Tsuji Method: For m=163: 9 Mult. + 162 Sqr. A 2 m -2 =A (2 (m-1) -1).2 =A [111..1] 2.2

18
Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Parallel Squaring – Fermat‘s Little Theorem

19
The Implementation: Squarer Single Cycle Squaring Low critical path

20
Tiny ECC processor Arithmetic Units – Multiplier – Squarer – Invertor Point Multiplier – Control Unit Memory Unit – Most-Significant Bit Mult. – Parallel Squaring – Fermat‘s Little Theorem – Modified Montgomery Algo

21
Modified Montgomery Algorithm

22
The Implementation ECC processor implementation for 2 113,2 131,2 163,2 193

23
Tiny ECC processor: Results Field Size Arithmetic Unit(gates) Memory (gates) Total (gates) Time (ms) 1131,6256,68610,11214 1312,0717,74711,96918 1632,5729,63215,09432 1932,77611,40017,72341 Performance @ 13.56 MHz 22% smaller than previous results

24
The Future Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? – Yes and No! – Depends on application, RFID device, power... Future? – The next 60 mins!

25
Thank You!

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google