Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Slides:



Advertisements
Similar presentations
1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,
Advertisements

Thapliyal 1MAPLD 2005/1011 A High Speed and Efficient Method of Elliptic Curve Encryption Using Ancient Indian Vedic Mathematics Himanshu Thapliyal and.
14. Aug Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.
COMP 170 L2 Page 1 L06: The RSA Algorithm l Objective: n Present the RSA Cryptosystem n Prove its correctness n Discuss related issues.
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
Advanced Information Security 4 Field Arithmetic
1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.
Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291.
A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II
CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.
IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
Elliptic Curve Cryptography
-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.
Ipsita Sahoo 10IT61B05 School of Information Technology IIT Kharagpur October 29, 2011 E LLIPTIC C URVES IN C RYPTOGRAPHY.
Software Security Seminar - 1 Chapter 11. Mathematical Background 발표자 : 안병희 Applied Cryptography.
Lecture 10: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2009.
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8
Application of Elliptic Curves to Cryptography
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Dr. Johannes Wolkerstorfer IAIK – Graz University of Technology.
Implementation of Finite Field Inversion
Discrete Methods in Mathematical Informatics Lecture 4: Elliptic Curve Cryptography Implementation(I) 27 th November 2012 Vorapong Suppakitpaisarn
FPT 2006 Bangkok A Novel Memory Architecture for Elliptic Curve Cryptography with Parallel Modular Multipliers Ralf Laue, Sorin A. Huss Integrated Circuits.
Hyperelliptic Curve Coprocessors On a FPGA HoWon Kim ETRI, Korea.
Gaj1P230/MAPLD 2004 Elliptic Curve Cryptography over GF(2 m ) on a Reconfigurable Computer: Polynomial Basis vs. Optimal Normal Basis Representation Comparative.
Elliptical Curve Cryptography Manish Kumar Roll No - 43 CS-A, S-7 SOE, CUSAT.
Chapter 4 – Finite Fields
BCRYPT ECC-Day 2008 Requirements, Algorithms, Architectures The design space of ECC hardware.
Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Tim Güneysu, Christof Paar and Jan Pelzl.
Elliptic Curve Cryptography
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.
Cryptographic coprocessor
An Introduction to Elliptic Curve Cryptography
Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.
Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.
11 RSA Variants.  Scheme ◦ Select s.t. p and q = 3 mod 4 ◦ n=pq, public key =n, private key =p,q ◦ y= e k (x)=x (x+b) mod n ◦ x=d k (y)=  y mod n.
Elliptic Curve Cryptography Speaker : Debdeep Mukhopadhyay Dept of Computer Sc and Engg IIT Madras.
Security of Using Special Integers in Elliptic Scalar Multiplication Mun-Kyu Lee o Jin Wook Kim Kunsoo Park School of CSE, Seoul National University.
A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2 n ) Michael Jung 1, M. Ernst 1, F. Madlener 1, S. Huss 1, R. Blümel.
Lecture 11: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2008.
15-499Page :Algorithms and Applications Cryptography II – Number theory (groups and fields)
1 Network Security Dr. Syed Ismail Shah
1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Advanced Information Security 3 PROJECTIVE COORDINATES Dr. Turki F. Al-Somani 2015.
Motivation Basis of modern cryptosystems
Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.
Giuseppe Bianchi Lecture 8: Elliptic Curve Crypto A (minimal) introduction.
Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.
Chapter 9 – Elliptic Curve Cryptography ver. November 3rd, 2009
Public Key Cryptosystem
Network Security Design Fundamentals Lecture-13
D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK
Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer:
Unified Architectures for Efficient and Compact Crypto-Processing
The Application of Elliptic Curves Cryptography in Embedded Systems
Cryptology Design Fundamentals
Computer Security Elliptic Curve Cryptosystems
Network Security Design Fundamentals Lecture-13
Presentation transcript:

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep Kumar* and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany

Outline The Past The Problem The Solution The Implementation The Future : Previous work : Design a tiny ECC processor : Algorithmic choice : CMOS ASIC design : ECC in RFID

The Past: RFID workshop 2005!

Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3) 1.00 Discribe groµP GroµP operation Field operation Point mult and ECDLP

Elliptic Curve Cryptography (ECC) ECC suggested in 1985 by Miller/Koblitz Elliptic Curve Discrete Logarithm Problem (ECDLP) Define an Additive Abelian Group (E,+) over an Elliptic Curve Set E: Points on curve Operation: P+Q=(x1,y1)+(x2,y2)=R=(x3,y3) =(y2-y1)/(x2-x1) x3=2-x2-x1 y3=(x1-x3)-y1 Discribe groµP GroµP operation Field operation Point mult and ECDLP

Elliptic Curve Cryptography (ECC) Define group over an Elliptic Curve Finite Field Types Binary Fields Prime Fields Extension Fields (OEF) Finite Fields Prime fields Extension fields GF(p) GF(pm) char = 2 char > 2 binary OEF Describe groµP GroµP operation Field operation Point mult and ECDLP GF(2n) GF((2n-c)m)

ECC System Design Protocol Group Operation Field Operations Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse a+b, a-b, a·b, 1/b

ECC System Design Protocol Group Operation Field Operations Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse x3=... y3=... a+b, a-b, a·b, 1/b

ECC System Design Protocol Group Operation Field Operations Point Mult (k.P) Group Operation Point Add/Double Field Operations Addition/Subtraction Multiplication Reduction Inverse kP x3=... y3=... a+b, a-b, a·b, 1/b

Scalar Point Multiplication Easy : Hard : k . P (Point Mult.) P + P + .. + P = T Given P, T. Find k? Elliptic Curve Discrete Logarithm Problem (ECDLP) Discribe groµP GroµP operation Field operation Point mult and ECDLP

The Problem: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : memory amounts to more than 50% of design : avoid units like invertor design for specific size : reduce control logic area - multiplexers

The Problem ! The Solution arithemtic unit memory Solution simple but efficient

The Solution: Tiny ECC design Reduce memory requirements Reduce arithemtic unit area Keep it simple but efficient : Affine co-ordinates, Montgomery scalar multiplication : An efficient invertor unit using an efficient squarer : Modify Montgomery scalar multiplication algo.

Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult.

The Implementation: Multiplier Most-Significant Bit (MSB) Multiplier n-clocks for n-bit multiplier

Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Fermat‘s Little Theorem

The Implementation: Invertor Fermat‘s Little Theorem A-1 = A2m-2 mod F(x) if A in GF(2m) For m=163 : 161 Mult. + 162 Sqr. Itoh-Tsuji Method: For m=163: 9 Mult. + 162 Sqr. A2m-2=A(2(m-1)-1).2 =A[111..1]2.2 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Parallel Squaring Fermat‘s Little Theorem

The Implementation: Squarer Single Cycle Squaring Low critical path

Tiny ECC processor Arithmetic Units Point Multiplier Memory Unit Squarer Invertor Point Multiplier Control Unit Memory Unit Most-Significant Bit Mult. Parallel Squaring Fermat‘s Little Theorem Modified Montgomery Algo

Modified Montgomery Algorithm Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

The Implementation ECC processor implementation for 2113,2131,2163,2193 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2)

Tiny ECC processor: Results Performance @ 13.56 MHz Field Size Arithmetic Unit(gates) Memory (gates) Total Time (ms) 113 1,625 6,686 10,112 14 131 2,071 7,747 11,969 18 163 2,572 9,632 15,094 32 193 2,776 11,400 17,723 41 Running difference: P=(x,y)=P1-P2 Derive x-coordinate of P1+P2=(x3,y3) x3=f(x,x1,x2) 22% smaller than previous results

The Future Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Yes and No! Depends on application, RFID device, power... Future? The next 60 mins!

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.