Subscribe
Issue No.03 - March (2008 vol.57)
pp: 289-302
ABSTRACT
We present an innovative methodology for accelerating the elliptic curve point formulae over prime fields. This flexible technique uses the substitution of multiplication with squaring and other cheaper operations, by exploiting the fact that field squaring is generally less costly than multiplication. Applying this substitution to the traditional formulae, we obtain faster point operations in unprotected sequential implementations. We show the significant impact our methodology has in protecting against Simple Side-Channel Attacks (SSCA). We modify the ECC point formulae to achieve a faster atomic structure when applying atomicity side-channel protection. In contrast to previous atomic operations that assumed squarings are undistinguishable from multiplications, our new atomic structure offers true SSCA-protection because it includes squaring in its formulation. We also extend our implementation to parallel architectures such as SIMD (Single-Instruction Multiple-Data). With the introduction of a new coordinate system and with the flexibility of our methodology, we present, to our knowledge, the fastest formulae for SIMD-based schemes that are capable of executing 3 and 4 operations simultaneously. Finally, a new parallel SSCA-protected scheme is proposed for multiprocessor/parallel architectures by applying the atomic structure presented in this work. Our parallel and atomic operations are shown to be significantly faster than previous implementations.
INDEX TERMS
Public key cryptosystems, Parallel, High-Speed Arithmetic
CITATION
Patrick Longa, Ali Miri, "Fast and Flexible Elliptic Curve Point Arithmetic over Prime Fields", IEEE Transactions on Computers, vol.57, no. 3, pp. 289-302, March 2008, doi:10.1109/TC.2007.70815
REFERENCES
 [1] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. Springer, 2004. [2] H. Cohen, A. Miyaji, and T. Ono, “Efficient Elliptic Curve Exponentiation Using Mixed Coordinates,” Advances in Cryptology —Proc. ASIACRYPT '98, pp. 51-65, 1998. [3] V. Dimitrov, L. Imbert, and P.K. Mishra, “Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains,” Advances in Cryptology—Proc. ASIACRYPT '05, pp. 59-78, 2005. [4] M. Ciet, M. Joye, K. Lauter, and P.L. Montgomery, “Trading Inversions for Multiplications in Elliptic Curve Cryptography,” Designs, Codes, and Cryptography, vol. 39, no. 2, pp. 189-206, 2006. [5] D. Bernstein, “High-Speed Diffie-Hellman, Part 2,” presentation at INDOCRYPT '06, tutorial session, 2006. [6] M. Brown, D. Hankerson, J. Lopez, and A. Menezes, “Software Implementation of the NIST Elliptic Curves over Prime Fields,” Topics in Cryptology—CT-RSA '01, pp. 250-265, 2001. [7] J. Großschädl, R. Avanzi, E. Savas, and S. Tillich, “Energy-Efficient Software Implementation of Long Integer Modular Arithmetic,” Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 75-90, 2005. [8] C.H. Lim and H.S. Hwang, “Fast Implementation of Elliptic Curve Arithmetic in ${\rm GF}({\rm p}^{\rm m})$ ,” Proc. Third Int'l Workshop Practice and Theory in Public Key Cryptography, pp. 405-421, 2000. [9] C.H. Gebotys and R.J. Gebotys, “Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 114-128, 2003. [10] R. Avanzi, “Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations,” Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 148-162, 2004. [11] D. Bernstein, “Curve25519: New Diffie-Hellman Speed Records,” Proc. Ninth Int'l Conf. Theory and Practice of Public Key Cryptography, pp. 229-240, 2006. [12] N. Gura, A. Patel, A. Wander, H. Eberle, and S.C. Shantz, “Comparing Elliptic Curve Cryptography and RSA on 8-Bit CPUs,” Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 119-132, 2004. [13] A. Woodbury, “Efficient Algorithms for Elliptic Curve Cryptosystems on Embedded Systems,” MSc thesis, Worcester Polytechnic Inst., 2001. [14] R. Avanzi, “Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives,” Cryptology ePrint Archive, Report 2005/017, http:/eprint.iacr.org/, 2005. [15] J.S. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems,” Proc. First Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 292-302, 1999. [16] P.Y. Liardet and N.P. Smart, “Preventing SPA/DPA in ECC Systems Using the Jacobi Form,” Proc. Third Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 401-411, 2001. [17] O. Billet and M. Joye, “The Jacobi Model of an Elliptic Curve and Side-Channel Analysis,” Cryptology ePrint Archive, Report 2002/125, http://eprint.iacr.org/2002125/, 2002. [18] N.P. Smart, “The Hessian Form of an Elliptic Curve,” Proc. Third Int'l Workshop Cryptographic Hardware and Embedded Systems, pp.118-125, 2001. [19] B. Chevallier-Mames, M. Ciet, and M. Joye, “Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity,” IEEE Trans. Computers, vol. 53, no. 6, pp. 760-768, June 2004. [20] L. Batina, N. Mentens, B. Preneel, and I. Verbauwhede, “Balanced Point Operations for Side-Channel Protection of Elliptic Curve Cryptography,” IEE Proc.—Information Security, vol. 152, no. 1, pp.57-65, 2005. [21] W. Fischer, C. Giraud, E.W. Knudsen, and J.-P. Seifert, “Parallel Scalar Multiplication on General Elliptic Curves over ${\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_{p}$ Hedged against Non-Differential Side-Channel Attacks,” IACR ePrint Archive, Report 2002/007, http:/www.iacr.org, 2002. [22] T. Izu and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks,” Proc. Fifth Int'l Workshop Practice and Theory in Public Key Cryptosystems, pp. 280-296, 2002. [23] T. Izu and T. Takagi, “Fast Elliptic Curve Multiplications Resistant against Side Channel Attacks,” IEICE Trans. Fundamentals, vol. E88-A, no. 1, pp. 161-171, 2005. [24] R. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, 2005. [25] C.D. Walter, “Sliding Windows Succumbs to Big Mac Attack,” Proc. Third Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 286-299, 2001. [26] K. Aoki, F. Hoshino, T. Kobayashi, and H. Oguro, “Elliptic Curve Arithmetic Using SIMD,” Proc. Fourth Int'l Conf. Information Security, pp. 235-247, 2001. [27] T. Izu and T. Takagi, “Fast Elliptic Curve Multiplications with SIMD Operations,” Proc. Fourth Int'l Conf. Information and Comm. Security, pp. 217-230, 2002. [28] P.K. Mishra, “Pipelined Computation of Scalar Multiplication in Elliptic Curve Cryptosystems,” IEEE Trans. Computers, vol. 55, no. 8, pp. 1000-1010, Aug. 2006. [29] S.B. Xu and L. Batina, “Efficient Implementation of Elliptic Curve Cryptosystems on an ARM7 with Hardware Accelerator,” Proc. Third Int'l Conf. Information and Comm. Security, pp. 266-279, 2001. [30] K. Itoh, M. Takenaka, N. Torii, S. Temma, and Y. Kurihara, “Fast Implementation of Public-Key Cryptography on a DSP TMS320C6201,” Proc. First Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 61-72, 1999.