The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2008 vol.57)
pp: 672-685
Elliptic curve (EC) cryptography is expected to have a significant role in enabling information security in constrained embedded devices. In order to be efficient on a target architecture, EC cryptosystems (ECC) require an accurate choice/tuning of the algorithms that perform the underlying mathematical operations. This paper performs a cycle-level analysis of the dependencies of ECC performance from the interaction between the features of the mathematical algorithms and the actual architectural and microarchitectural features of an ARM XScale processor. The paper investigates the origin of performance through the breakdown of execution into the cycles spent in the different activities at field- and at elliptic-curve levels. In addition, we perform a cycle-level analysis of a modified ARM processor that includes in its datapath a word-level finite field polynomial multiplier (poly_mul). The paper points out the most advantageous mix of EC parameters both for the standard ARM XScale platform and for the one equipped with the poly_mul unit. In this way, the latter allows more than 41% execution time reduction on the considered benchmarks. Then, the paper analyses the correlation between EC benchmark performance and the possible architectural organizations of a processor equipped with poly_mul unit(s). For instance, only superscalar pipelines can exploit the features of out-of-order execution and only very complex organizations (e.g. 4-way superscalar) can exploit a high number of available ALUs. Conversely, we show that there are no benefits in endowing the processor with more than one poly_mul and we point out a possible trade-off between performance and complexity increase: 2-way in-order/out-of-order pipeline allows +50% and +90% IPC, respectively. Finally, we show that there are not critical constraints on the latency and pipelining capability of the poly_mul unit.
Cryptography, Elliptic curves, Performance Evaluation, Public key cryptosystems, Processor Architectures, Pipeline processors, Instruction set design, Hardware/software interfaces, Microprocessor/microcomputer applications, Portable devices
Sandro Bartolini, Irina Branovic, Roberto Giorgi, Enrico Martinelli, "Effects of Instruction-Set Extensions on an Embedded Processor: A Case Study on Elliptic Curve Cryptography over GF(2/sup m/)", IEEE Transactions on Computers, vol.57, no. 5, pp. 672-685, May 2008, doi:10.1109/TC.2007.70832
[1] T. Austin, E. Larson, and D. Ernst, “SimpleScalar: An Infrastructure for Computer System Modeling,” Computer, vol. 35, no. 2, pp. 56-59, Feb. 2002.
[2] Intel™ XScale® Core Developer's Manual, http:/ com, 2007.
[3] SimpleScalar Architectural Simulator, http:/www.simplescalar. com, 2007.
[4] MIRACL Big Integer Library,, 2007.
[5] Nat'l Inst. Standards and Technology (NIST), Digital Signature Standard (DSS), Fed. Information Processing Standards (FIPS) Publication 186-2, Jan. 2000.
[6] W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, vol. 22, pp. 644-654, Nov. 1976.
[7] T. ElGamal, “A Public-Key Cryptosystem and Signature Scheme Based on Discrete Logarithms,” IEEE Trans. Information Theory, vol. 31, no. 4, pp. 469-472, July 1985.
[8] A.J. Menezes, Elliptic Curve Public Key Cryptosystems. Kluwer Academic, 1995.
[9] R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck, “Fast Key Exchange with Elliptic Curve Cryptosystems,” Proc. Advances in Cryptology, pp. 43-56, 1995.
[10] A. Karatsuba and Y. Ofman, “Multiplication of Multidigit Numbers on Automata,” Soviet Physics-Doklady, vol. 7, pp. 595-596, 1963.
[11] S.S. Erdem and Ç.K. Koç, “A Less Recursive Variant of Karatsuba-Ofman Algorithm for Multiplying Operands of Size a Power of Two,” Proc. 16th IEEE Int'l Symp. Computer Arithmetic, pp. 28-35, June 2003.
[12] P.L. Montgomery, “Modular Multiplication without Trial Division,” Math. of Computation, vol. 44, pp. 519-521, 1985.
[13] Ç.K. Koç and T. Acar, “Montgomery Multiplication in ${\rm GF}(2^{\rm k})$ ,” Design, Codes and Cryptography, vol. 14, no. 1, pp. 59-67, Jan. 1998.
[14] D.A. Knuth, The Art of Computer Programming 2, Seminumerical Algorithms, second ed. Addison-Wesley, 1981.
[15] D.R. Hankerson, J.C. López Hernandes, and A.J. Menezes, “Software Implementations of Elliptic Curve Cryptography over Binary Fields,” Proc. Second Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 1-24, 2000.
[16] J. López and R. Dahab, “Fast Multiplication on Elliptic Curves over ${\rm GF}(2^{\rm m})$ without Precomputation,” Lecture Notes in Computer Science, vol. 1717, pp. 316-327, Springer-Verlag, 1999.
[17] I.F. Blake, G. Seroussi, and N.P. Smart, Elliptic Curves in Cryptography. Cambridge Univ. Press, 1999.
[18] A. Weimerskirch, D. Stebila, and S. Chang Shantz, “Generic ${\rm GF}(2^{\rm m})$ Implementation in Software and Its Application in ECC,” Proc. Eighth Australasian Conf. Information Security and Privacy, 2003.
[19] A.M. Fiskiran and R.B. Lee, “Evaluating Instruction Set Extensions for Fast Arithmetic on Binary Finite Fields,” Proc. 15th IEEE Int'l Conf. Application-Specific Systems, Architectures, and Processors, pp.125-136, Sept. 2004.
[20] J. Großschädl and G. Kamendje, “Instruction Set Extension for Fast Elliptic Curve Cryptography over Binary Finite Fields ${\rm GF}(2^{\rm m})$ ,” Proc. 14th IEEE Int'l Conf. Application-Specific Systems, Architectures and Processors, pp. 455-468, June 2003.
[21] S. Bartolini, I. Branovic, R. Giorgi, and E. Martinelli, “A Performance Evaluation of ARM ISA Extensions for Elliptic Curve Cryptography over Binary Finite Fields,” Proc. 16th IEEE Symp. Computer Architecture and High Performance Computing, pp.238-245, Oct. 2004.
[22] H. Eberle, A. Wander, N. Gura, and S. Chang Shantz, “Architectural Extensions for Elliptic Curve Cryptography over ${\rm GF}(2^{\rm m})$ on 8-bit Microprocessors,” Proc. 16th IEEE Int'l Conf. Application-Specific Systems, Architecture Processors, pp. 343-349, July 2005.
[23] V. Gupta, M. Wurm, Y. Zhu, M. Millard, S. Fung, N. Gura, H. Eberle, and S. Chang Shantz, “Sizzle: A Standards-Based End-to-End Security Architecture for the Embedded Internet,” Pervasive and Mobile Computing J., vol. 1, no. 4, pp. 425-445, Dec. 2005.
[24] H. Eberle, N. Gura, S. Chang Shantz, V. Gupta, and L. Rarick, “A Public-Key Cryptographic Processor for RSA and ECC,” Proc. 15th IEEE Conf. Application-Specific Systems, Architectures and Processors, pp. 98-110, Sept. 2004.
[25] T.H. Cormen, C.E. Leiserson, R.L. Rivest, and C. Stein, Introduction to Algorithms, second ed. MIT Press and McGraw-Hill, 2001.
[26] P. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of Factorization,” Math. of Computation, vol. 48, pp. 243-264, 1987.
[27] G.B. Agnew, R.C. Mullin, and S.A. Vanstone, “An Implementation of Elliptic Curve Cryptosystems over ${\rm F}2^{155}$ ,” IEEE J. Selected Areas in Comm., vol. 11, no. 5, June 1993.
[28] E. Savaş, A.F. Tenca, and Ç.K. Koç, “Dual-Field Multiplier Architecture for Cryptographic Applications,” Conf. Record 37th Asilomar Conf. Signals, Systems, and Computers, pp. 374-378, Nov. 2003.
[29] J. Großschädl, A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and ${\rm GF}(2^{\rm m})$ , Lecture Notes in Computer Science, vol. 2162, pp. 202-219, Springer-Verlag, 2001.
[30] J. López and R. Dahab, “Improved Algorithms for Elliptic Curve Arithmetic in ${\rm GF}(2^{\rm n})$ ,” Technical Report IC-98-39, Relatório Técnico, Oct. 1998.
[31] J.L. Hennessy and D.A. Patterson, Computer Architecture: A Quantitative Approach, third ed. Morgan-Kaufmann, 2003.
[32] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. of Computation, vol. 48, pp. 203-209, 1987.
[33] V. Miller, “Use of Elliptic Curves in Cryptography,” Proc. Advances in Cryptology '85, 1985.
[34] M. Brown, D. Hankerson, J. Lopez, and A. Menezes, “Software Implementation of the NIST Elliptic Curves over Prime Fields,” Proc. Cryptology Track of the RSA Conf., D. Naccache, ed., pp. 250-265, 2001.
[35] NIOS-II Processor Web site, nios2/, 2007.
[36] A. Reyhani-Masoleh and M.A. Hasan, “Low Complexity Bit Parallel Architectures for Polynomial Basis Multiplication over ${\rm GF}(2^{\rm m})$ ,” IEEE Trans. Computers, vol. 53, no. 8, pp. 945-959, Aug. 2004.
[37] G.B. Agnew, T. Beth, R.C. Mullin, and S.A. Vanstone, “Arithmetic Operations in ${\rm GF}(2^{\rm m})$ ,” J. Cryptology, vol. 6, pp. 3-13, 1993.
[38] A.J. Menezes, I.F. Blake, X. Gao, R.C. Mullin, S.A. Vanstone, and T. Yaghoobian, Applications of Finite Fields. Kluwer Academic, 1993.
[39] Ç.K. Koç and B. Sunar, “Low-Complexity Bit-Parallel Canonical and Normal Basis Multipliers for a Class of Finite Fields,” IEEE Trans. Computers, vol. 47, no. 3, pp. 353-356, Mar. 1998.
[40] J.A. Solinas, “Efficient Arithmetic on Koblitz Curves,” Designs, Codes and Cryptography, vol. 19, pp. 195-249, 2000.
[41] C.H. Lim and P.J. Lee, “More Flexible Exponentiation with Precomputation,” Lecture Notes in Ccomputer Science, vol. 839, pp.95-107, Springer-Verlag, 1994.
[42] D.V. Chudnovsky and G.V. Chudnovsky, “Sequences of Numbers Generated by Addition in Formal Groups and New Primality and Factorization Tests,” Advances in Applied Math., vol. 7, pp. 385-434, 1987.
[43] S. Okada, N. Torii, K. Itoh, and M. Takenaka, “Implementation of Elliptic Curve Cryptographic Coprocessor over ${\rm GF}(2^{\rm m})$ on an FPGA,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 25-40, Jan. 2002.
[44] M. Ernst, M. Jung, F. Madlener, S. Huss, and R. Blümel, “A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2n),” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 381-399, Jan. 2003.
[45] V. Miller, “Use of Elliptic Curves in Cryptography,” Proc. Advances in Cryptology '85, pp. 417-426, 1986.
[46] Pentium-4 IA-32 Intel Architecture Optimization Reference Manual,, 2007.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool