ebook img

Efficient Arithmetic for the Implementation of Elliptic Curve Cryptography PDF

153 Pages·2017·2.62 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Efficient Arithmetic for the Implementation of Elliptic Curve Cryptography

WWeesstteerrnn UUnniivveerrssiittyy SScchhoollaarrsshhiipp@@WWeesstteerrnn Electronic Thesis and Dissertation Repository 11-22-2013 12:00 AM EEffifficciieenntt AArriitthhmmeettiicc ffoorr tthhee IImmpplleemmeennttaattiioonn ooff EElllliippttiicc CCuurrvvee CCrryyppttooggrraapphhyy Ebrahim Abdulrahman Hasan Abdulrahman, The University of Western Ontario Supervisor: Reyhani-Masoleh, The University of Western Ontario A thesis submitted in partial fulfillment of the requirements for the Doctor of Philosophy degree in Electrical and Computer Engineering © Ebrahim Abdulrahman Hasan Abdulrahman 2013 Follow this and additional works at: https://ir.lib.uwo.ca/etd Part of the Computer and Systems Architecture Commons, Digital Communications and Networking Commons, and the Hardware Systems Commons RReeccoommmmeennddeedd CCiittaattiioonn Hasan Abdulrahman, Ebrahim Abdulrahman, "Efficient Arithmetic for the Implementation of Elliptic Curve Cryptography" (2013). Electronic Thesis and Dissertation Repository. 1744. https://ir.lib.uwo.ca/etd/1744 This Dissertation/Thesis is brought to you for free and open access by Scholarship@Western. It has been accepted for inclusion in Electronic Thesis and Dissertation Repository by an authorized administrator of Scholarship@Western. For more information, please contact [email protected]. EFFICIENT ARITHMETIC FOR THE IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY (Thesis format: Monograph) by Ebrahim Abdulrahman Hasan Graduate Program in Electrical and Computer Engineering A thesis submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy The School of Graduate and Postdoctoral Studies The University of Western Ontario London, Ontario, Canada (cid:13)c Ebrahim Abdulrahman Hasan 2013 Abstract The technology of elliptic curve cryptography is now an important branch in public-key basedcrypto-system. Cryptographicmechanismsbasedonellipticcurvesdependonthearith- meticofpointsonthecurve. Themostimportantarithmeticismultiplyingapointonthecurve by an integer. This operation is known as elliptic curve scalar (or point) multiplication oper- ation. A cryptographic device is supposed to perform this operation efficiently and securely. The elliptic curve scalar multiplication operation is performed by combining the elliptic curve pointroutinesthataredefinedintermsoftheunderlyingfinitefieldarithmeticoperations. Thisthesisfocusesonhardwarearchitecturedesignsofellipticcurveoperations. Inthefirst part,weaimatfindingnewarchitecturestoimplementthefinitefieldarithmeticmultiplication operationmoreefficiently. Inthisregard,weproposenovelschemesfortheserial-outbit-level (SOBL)arithmeticmultiplicationoperationinthepolynomialbasisoverF . Weshowthatthe 2m smallestSOBLschemepresentedherecanprovideabout24-26%reductioninarea-complexity cost and about 21-22% reduction in power consumptions for F compared to the current 2163 state-of-the-artbit-levelmultiplierschemes. Then,weemploytheproposedSOBLschemesto present new hybrid-double multiplication architectures that perform two multiplications with latencycomparabletothelatencyofasinglemultiplication. Then,inthesecondpartofthisthesis,weinvestigatethedifferentalgorithmsfortheimple- mentation of elliptic curve scalar multiplication operation. We focus our interest in three as- pects,namely,thefinitefieldarithmeticcost,thecriticalpathdelay,andtheprotectionstrength from side-channel attacks (SCAs) based on simple power analysis. In this regard, we propose a novel scheme for the scalar multiplication operation that is based on processing three bits of the scalar in the exact same sequence of five point arithmetic operations. We analyse the security of our scheme and show that its security holds against both SCAs and safe-error fault attacks. In addition, we show how the properties of the proposed elliptic curve scalar multi- plication scheme yields an efficient hardware design for the implementation of a single scalar multiplication on a prime extended twisted Edwards curve incorporating 8 parallel multiplica- tion operations. Our comparison results show that the proposed hardware architecture for the twistedEdwardscurvemodelimplementedusingtheproposedscalarmultiplicationschemeis the fastest secure SCA protected scalar multiplication scheme over prime field reported in the literature. Keywords: Finitefieldarithmeticmultiplication,ellipticcurvecryptography,scalarmulti- plication,serial-outbit-level. ii Dedication Tomymotherforherlove,inspiration,andguidance. iii Acknowledgments This work would not have been possible without the support of many people. I would like tousethisspacetoexpressmymostsinceregratitudetoallthosewhohavemadethispossible. First and foremost I would like to thank my supervisor Prof. Arash Reyhani-Masoleh for theadvice,guidance,andtrusthehasprovidedmewith. Icouldnotforgetthevaluablebenefits I have gained from his constructive criticism, invaluable advice, many long night discussions and the amount of time he spent on going over my draft papers. I feel honored by being able toworkwithhimandlookforwardtoacontinuedresearchrelationshipinthefuture. I also am deeply indebted to Prof. Wu Huapeng, University of Windsor for taking the time to review this work as an external examiner. Moreover, I would like to thank Prof. Marc Moreno Maza, Prof. Abdallah Shami, and Prof. Anestis Dounavis for serving on the thesis committee and for offering their insightful comments and invaluable suggestions. I would like to truly appreciate the financial support provided by the University of Bahrain during my PhD thesis. ThanksmustalsogoouttomycolleaguesintheVLSIlabatWesternUniversityHayssam, Behdad, Sasan, Depanwita, and Shahriar for the good spirit and friendship. A big Thank you! tomyfriendsYasser,Fadah,andAimanforinterestingdiscussionsandgeneralfriendship. Finally, this work will not have been possible without the love and moral support of my mother Mariam and brother Hasan. Lastly but certainly not least, my wonderful wife Fayeza who helped me in more way than I can count. Without her love and support, I would not have finishedthisdissertation. Toallofyouthankyouverymuch! EbrahimA.H.Abdulrahman 2013/11/12 iv Contents Abstract ii Dedication iii Acknowledgments iv ListofFigures viii ListofTables xi ListofAlgorithms xiii ListofAbbreviations xiv ListofNotations xvi 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.1 FieldMultiplicationOperation . . . . . . . . . . . . . . . . . . . . . . 5 1.1.2 Bit-LevelFiniteFieldDoubleMultiplication . . . . . . . . . . . . . . . 6 1.1.3 EllipticCurveScalarMultiplication . . . . . . . . . . . . . . . . . . . 7 1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3 ThesisOrganizationandOutlines . . . . . . . . . . . . . . . . . . . . . . . . . 10 2 Preliminaries 12 2.1 Public-KeyBasedSchemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2 IntroductiontoEllipticCurves . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2.1 EllipticCurveDiffie-HellmanKeyAgreementScheme . . . . . . . . . 18 2.3 GroupLowOperationsinAffineCoordinates . . . . . . . . . . . . . . . . . . 19 2.4 GroupLowOperationsinProjectiveCoordinates . . . . . . . . . . . . . . . . 20 2.4.1 InverseofaPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.5 EllipticCurveScalarMultiplication . . . . . . . . . . . . . . . . . . . . . . . 25 2.5.1 BinaryMethods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.5.2 WindowBasedMethods . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.6 PowerAnalysisAttacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.6.1 TheSecuredECSMSchemes . . . . . . . . . . . . . . . . . . . . . . . 29 2.7 StandardCurves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 v 2.8 FiniteFieldArithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.9 ArithmeticoverPrimeFieldsF . . . . . . . . . . . . . . . . . . . . . . . . . 32 p 2.9.1 FieldArithmeticAddition . . . . . . . . . . . . . . . . . . . . . . . . 32 2.9.2 FieldArithmeticSubtraction . . . . . . . . . . . . . . . . . . . . . . . 33 2.9.3 FieldArithmeticMultiplication . . . . . . . . . . . . . . . . . . . . . . 34 2.9.4 FieldReduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.9.5 FieldArithmeticSquaring . . . . . . . . . . . . . . . . . . . . . . . . 37 2.9.6 FieldArithmeticInversion . . . . . . . . . . . . . . . . . . . . . . . . 37 2.10 ArithmeticoverBinaryExtensionFieldsF . . . . . . . . . . . . . . . . . . . 37 2m 2.10.1 FieldArithmeticAddition . . . . . . . . . . . . . . . . . . . . . . . . 39 2.10.2 FieldArithmeticSquaring . . . . . . . . . . . . . . . . . . . . . . . . 39 2.10.3 FieldArithmeticMultiplication . . . . . . . . . . . . . . . . . . . . . . 40 2.10.4 TraditionalParallel-OutBit-LevelPolynomialBasisMultiplicationOp- eration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 2.10.5 FieldArithmeticDivision/Inversion . . . . . . . . . . . . . . . . . . . 46 3 ArchitecturesforSOBLMultiplicationUsingPolynomialBasis 47 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.2.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.2.2 ReductionProcess . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.3 ProposedSOBLMultiplicationAlgorithm . . . . . . . . . . . . . . . . . . . . 53 3.3.1 ProposedSOBLMultiplicationAlgorithmforω-nomials . . . . . . . . 54 3.4 MultiplierArchitectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 3.4.1 MultiplierArchitectureforω-nomials . . . . . . . . . . . . . . . . . . 58 3.4.2 MultiplierArchitectureforTrinomials . . . . . . . . . . . . . . . . . . 61 3.5 NovelVeryLowAreaMultiplicationArchitecture . . . . . . . . . . . . . . . . 63 3.5.1 ProposedCompactMultiplierArchitecture . . . . . . . . . . . . . . . . 65 3.5.2 ExtendingtoaDigit-LevelScheme . . . . . . . . . . . . . . . . . . . . 68 3.6 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 3.7 ASICImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 3.8 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 4 Hybrid-DoubleMultiplicationArchitecture 76 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 4.2 ArchitecturesforDoubleMultiplication . . . . . . . . . . . . . . . . . . . . . 77 4.2.1 NewLSB-first/MSB-firstPOBLDoubleMultiplications . . . . . . . . 77 4.2.2 NewParallel-OutDigit-LevelPolynomialBasisDoubleMultiplication . 78 4.3 Hybrid-DoubleMultiplication . . . . . . . . . . . . . . . . . . . . . . . . . . 82 4.4 ASICImplementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 4.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5 NewRegularRadix-8SchemeforECSM 88 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 vi 5.2.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 5.2.2 TheSSCA-ProtectedECSMs . . . . . . . . . . . . . . . . . . . . . . . 92 5.3 ProposedRadix-8ScalarMultiplicationAlgorithm . . . . . . . . . . . . . . . 93 5.3.1 High-RadixScalarExpansion . . . . . . . . . . . . . . . . . . . . . . 93 5.3.2 RecodingtheScalark IntoSignedRadix-8 . . . . . . . . . . . . . . . . 95 5.3.3 ProposedRadix-8AlgorithmforScalarMultiplication . . . . . . . . . 96 5.4 ProposedRegularECSMScheme . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.4.1 TheFour-StageLevels . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.4.2 TheThree-StageLevels . . . . . . . . . . . . . . . . . . . . . . . . . . 103 5.5 PerformanceAnalysisofTheProposedECSMScheme . . . . . . . . . . . . . 104 5.6 ParallelArchitectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 5.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 6 SummaryandFutureWork 115 6.1 FutureWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Bibliography 118 CurriculumVitae 133 vii List of Figures 1.1 HierarchicalSchemeforTheImplementationofECCCrypto-System[1]. . . . 2 2.1 Diffie-HellmanKeyExchangeScheme[1,10]. . . . . . . . . . . . . . . . . . . 14 2.2 GraphicalRepresentationofTheChord-and-TangentGroupLow(EC-Operations) foranEllipticCurveE : y2 = x3−2overF [1,91]. (a)PointAddition(ADD) p Operation of P and Q on E and Resulting in The Point R. (b) Point Doubling (DBL)Operationof Pon E andResultinginThePoint Q. . . . . . . . . . . . 17 2.3 EllipticCurveDiffie-HellmanKeyExchangeScheme[1]. . . . . . . . . . . . . 18 2.4 ModularAdditionoverF [90]. . . . . . . . . . . . . . . . . . . . . . . . . . . 33 p 2.5 ModularSubtractionoverF [90]. . . . . . . . . . . . . . . . . . . . . . . . . 34 p 2.6 FieldArithmeticSquaringconstructedvia P(x) = x4 + x+1overF . . . . . . 40 24 2.7 TheTraditionalParallel-OutBit-Level(POBL)FieldArithmeticMultiplication Schemes[31]. (a)LSB-FirstPOBLMultiplier. (b)MSB-FirstPOBLMultiplier. 45 3.1 ConstructingTheMastrovitoMatrixMoverF Generatedby x163+x7+x6+ 2163 x3 +1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.2 TheProcessforConstructingTheCoordinatesofTheSignalVector soverF . 56 2163 3.3 The Proposed SOBL Mastrovito Multiplier Architecture for The ω-nomial Ir- reduciblePolynomials. (a)TheHigh-LevelArchitecture. (b)TheImplemen- tationofTheCircuitS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3.4 The Proposed SOBL Mastrovito Multiplier Architecture for The Irreducible Trinomials. (a) The High-Level Architecture. (b) The Implementation of The CircuitS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.5 The proposed compact SOBL multiplier architecture for the pentanomial irre- ducible polynomial. (a) The high-level architecture. (b) The implementation of the circuit S. (c) An example for BTX module when P(x) = x163 + x7 + 4 x6 + x3 +1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 3.6 The architecture of serial-out digit-level (SODL) polynomial basis multiplier overF2m forthepentanomialirreduciblepolynomial,i.e., xm+xt1+xt2+xt3+1, wheredigitd = 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 viii 3.7 HardwareOverheadGatesDuetoTheParallelI/ODataTransfer. (a)TheCir- cuit That Enables a Register to be Cleared or Updated. (b) The Circuit That EnablesaRegistertobeSwitchedBetweenTwoInputs(MUX). . . . . . . . . 71 4.1 The Proposed Double Multiplication Architectures That Extend The POBL Schemes Presented in [31]. (a) LSB-First POBL Double Multiplication Ar- chitecture. (b)MSB-FirstPOBLDoubleMultiplicationArchitecture. . . . . . 79 4.2 ProposedarchitecturefortheLSD-firstPODLDoubleMultiplicationOperation. 82 4.3 ProposedarchitecturefortheMSD-firstPODLDoubleMultiplicationOperation. 83 4.4 ArchitecturesforTheHybrid-DoubleMultiplication. TheHybrid-DoubleMul- tiplier Structure is Developed by Connecting The Output of The SOBL Multi- plierIntoTheInputofThePOBLMultiplier. . . . . . . . . . . . . . . . . . . 84 4.5 ArchitecturesforTheHybrid-DoubleMultiplication. (a)TheCritical-PathDe- lay of The Hybrid-Double Multiplier (t ). (b) Reducing The Delay by Insert- h ingRegistersatTheIP BlockInsideTheSOBLMultiplier. . . . . . . . . . . 85 m 5.1 EC-OperationsDependencyGraphforTheMontgomeryLadderECSMMethod [189, 190, 191], Which Shows That a Fixed Sequence of Both The ADD and The DBL Blocks Are Performed for Any Value of The k Bit, i.e., Only The i OperandsAreTransposed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 5.2 EC-Operation Dependency Graph That Shows The Usage of Both The ADD andTheDBLBlocksWhenk = 3ork = 4. . . . . . . . . . . . . . . . . . . . 100 j j 5.3 EC-Operation Dependency Graph That Shows The Usage of Both The ADD andTheDBLBlocksWhenk = 2ork = 5. . . . . . . . . . . . . . . . . . . . 101 j j 5.4 EC-Operation Dependency Graph That Shows The Usage of Both The ADD and The DBL Blocks When k = −1, 0, 1, or 6. Notice That The SUB Opera- j tionisUsedatStage3forBothCasesk = −1andk = 0. . . . . . . . . . . . . 102 j j 5.5 EC-Operation Dependency Graph That Shows The Usage of Both The ADD andTheDBLBlocksforAllCasesofk ,i.e.,k ∈ {−1,0,1,···,6}. . . . . . . 102 j j 5.6 EC-Operation Dependency Graph for The Proposed Radix-8 ESCM Method That Shows The Total Memory Points Required, The Total EC-Operations Cost, and The Total Computational Time Complexity Per 3 Scalar Bits at The EC-OperationLevel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 5.7 EC-operation Dependency Graph for The Width-4 Okeya Method [64] That Shows The Total Memory Points Required, The Total EC-Operations Cost, and The Total Computational Time Complexity Per 3 Scalar Bits at The EC- OperationLevel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 ix

Description:
The School of Graduate and Postdoctoral Studies. The University of Western Keywords: Finite field arithmetic multiplication, elliptic curve cryptography, scalar multi- plication, serial-out Chapter 5: New Regular Radix-8 Scheme for Elliptic Curve Scalar Multiplication. Without Pre-computation.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.