Table Of Contentnm
u Ottawa
L’UiiivorsUb canadicnnc
Canada’s university
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
mil
FACULTE DES ETUDES SUPERIEURES FACULTY OF GRADUATE AND
ET POSTOCTORALES u Ottawa POSDOCTORAL STUDIES
L’Universitd canadienne
Canada’s university
Patrick Longa
M.A.Sc. (Electrical Engineering)
School of Information Technology and Engineering
'TACUlfOCOLETDlPARTM^
Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems over Prime Fields
TITRE DE LA THESE I TITLE OF THESIS
A. Miri
DIRECtEUifpR^^
CCLDIrECTeURTC^
EXAMINATEURS (EXAMINATRICES) DE LA THESE / THESIS EXAMINERS
A. Adler
M. Bolic
Gary W. Slater
Le Doyen de la Facuitedes etudes supdrieures et postdoctoraies / Dean of the Faculty of Graduate and Postdoctoral Studies
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Accelerating the Scalar Multiplication on
Elliptic Curve Cryptosystems
over Prime Fields
by
Patrick Longa
Thesis submitted to
The Faculty of Graduate and Postdoctoral Studies
in partial fulfillment of the requirements
for the degree of
Master of Applied Science
in
Electrical and Computer Engineering
Ottawa-Carleton Institute for Electrical and Computer Engineering
School of Information Technology and Engineering
University of Ottawa
© Patrick Longa
Ottawa, Canada, 2007
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Library and Bibliotheque et
Archives Canada Archives Canada
Published Heritage Direction du
Branch Patrimoine de I'edition
395 Wellington Street 395, rue Wellington
Ottawa ON K1A 0N4 Ottawa ON K1A 0N4
Canada Canada
Your file Votre reference
ISBN: 978-0-494-32465-3
Our file Notre reference
ISBN: 978-0-494-32465-3
NOTICE: AVIS:
The author has granted a non L'auteur a accorde une licence non exclusive
exclusive license allowing Library permettant a la Bibliotheque et Archives
and Archives Canada to reproduce, Canada de reproduire, publier, archiver,
publish, archive, preserve, conserve, sauvegarder, conserver, transmettre au public
communicate to the public by par telecommunication ou par I'lnternet, preter,
telecommunication or on the Internet, distribuer et vendre des theses partout dans
loan, distribute and sell theses le monde, a des fins commerciales ou autres,
worldwide, for commercial or non sur support microforme, papier, electronique
commercial purposes, in microform, et/ou autres formats.
paper, electronic and/or any other
formats.
The author retains copyright L'auteur conserve la propriete du droit d'auteur
ownership and moral rights in et des droits moraux qui protege cette these.
this thesis. Neither the thesis Ni la these ni des extraits substantiels de
nor substantial extracts from it celle-ci ne doivent etre imprimes ou autrement
may be printed or otherwise reproduits sans son autorisation.
reproduced without the author's
permission.
In compliance with the Canadian Conformement a la loi canadienne
Privacy Act some supporting sur la protection de la vie privee,
forms may have been removed quelques formulaires secondaires
from this thesis. ont ete enleves de cette these.
While these forms may be included Bien que ces formulaires
in the document page count, aient inclus dans la pagination,
their removal does not represent il n'y aura aucun contenu manquant.
any loss of content from the
thesis.
i*i
Canada
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Abstract
Elliptic curve cryptography (ECC), independently introduced by Koblitz and Miller in the
80’s, has attracted increasing attention in recent years due to its shorter key length
requirement in comparison with other public-key cryptosystems such as RSA. Shorter key
length means reduced power consumption and computing effort, and less storage
requirement, factors that are fundamental in ubiquitous portable devices such as PDAs,
cellphones, smartcards, and many others. To that end, a lot of research has been carried out
to speed-up and improve ECC implementations, mainly focusing on the most important and
time-consuming ECC operation: scalar multiplication.
In this thesis, we focus in optimizing such ECC operation at the point and scalar
arithmetic levels, specifically targeting standard curves over prime fields. At the point
arithmetic level, we introduce two innovative methodologies to accelerate ECC formulae:
the use of new composite operations, which are built on top of basic point doubling and
addition operations; and the substitution of field multiplications by squarings and other
cheaper operations. These techniques are efficiently exploited, individually or jointly, in
several contexts: to accelerate computation of scalar multiplications, and the computation of
pre-computed points for window-based scalar multiplications (up to 30% improvement in
comparison with previous best method); to speed-up computations of simple side-channel
attack (SSCA)-protected implementations using innovative atomic structures (up to 22%
improvement in comparison with scalar multiplication using original atomic structures); and
to develop parallel formulae for SIMD-based applications, which are able to execute three
and four operations simultaneously (up to 72% of improvement in comparison with a
ii
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
sequential scalar multiplication).
At the scalar arithmetic level, we develop new sublinear (in terms of Hamming weight)
multibase scalar multiplications based on NAF-like conversion algorithms that are shown to
be faster than any previous scalar multiplication method. For instance, proposed multibase
scalar multiplications reduce computing times in 10.9% and 25.3% in comparison with
traditional NAF for unprotected and SSCA-protected scenarios, respectively. Moreover, our
conversion algorithms overcome the problem of converting any integer to multibase
representation, solving an open problem that was defined as hard. Thus, our algorithms
make the use of multiple bases practical for applications as ECC scalar multiplication for
first time.
m
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Acknowledgements
I would like to thank my wife and family for their support and understanding through all
these years. Their love and confidence in me were the inspiration to give the best of myself
to this work.
Special gratitude is to Dr. Miri. His faith in my work and capacity, and his constant
support and guidance at all levels were priceless factors that helped me to achieve more than
I thought possible.
iv
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
To my wife, Veronica
v
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table of Contents
ABSTRACT II
ACKNOWLEDGEMENTS IV
TABLE OF CONTENTS VI
LIST OF TABLES X
LIST OF FIGURES XIII
LIST OF ALGORITHMS XIV
LIST OF ACRONYMS XV
CHAPTER 1: INTRODUCTION 1
1.1 Motivation.............................................................................................................................1
1.2 Significance of this Work....................................................................................................3
1.3 Thesis Outline.......................................................................................................................5
CHAPTER 2: BACKGROUND 7
2.1 Preliminaries.........................................................................................................................7
2.2 Introduction to Elliptic Curves............................................................................................9
2.2.1 Elliptic Curve Discrete Logarithm Problem (ECDLP).................................................10
vi
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
2.3 ECC Arithmetic.................................................................................................................12
2.3.1 Level 3: Finite Field Arithmetic....................................................................................13
2.3.2 Level 2: Point Arithmetic..............................................................................................15
2.3.3 Level 1: Scalar Arithmetic.............................................................................................22
CHAPTER 3: EFFICIENT POINT ARITHMETIC OVER PRIME FIELDS VIA
COMPOSITE OPERATIONS 31
3.1 Previous Work...................................................................................................................32
3.2 Composite Operations dP + Q..........................................................................................34
3.2.1 Improved Doubling-Addition (DA) operation.............................................................35
3.2.2 Improved Tripling-Addition (TA) operation................................................................37
3.2.3 Generalization to Composite Operations dP + Q........................................................40
3.2.4 Performance comparison...............................................................................................42
3.3 Composite Operations dP.................................................................................................43
3.3.1 Improved Tripling (T) operation..................................................................................43
3.3.2 Generalization to Composite Operations dP................................................................44
3.3.3 Performance comparison............................... 48
3.4 Applications.......................................................................................................................49
3.4.1 Computation of pre-computed points...........................................................................50
3.4.2 Speeding-up existent scalar multiplications.................................................................54
CHAPTER 4: FAST AND FLEXIBLE POINT ARITHMETIC OVER PRIME FIELDS 56
4.1 Flexible Methodology for Replacing Multiplications by Cheaper Operations.............57
4.1.1 Fast Point Formulae for Traditional Operations...........................................................59
4.1.2 Fast Point Formulae for Composite Operations...........................................................62
4.2 Performance Comparison.................................................................................................65
CHAPTER 5: SSCA-PROTECTED POINT ARITHMETIC USING SIDE-CHANNEL
ATOMICITY 68
5.1 Side-Channel Attacks.......................................................................................................69
vii
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Description:Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems over Prime Fields. TITRE DE LA THESE I TITLE OF L'auteur conserve la propriete du droit d'auteur et des droits moraux qui arithmetic level, we introduce two innovative methodologies to accelerate ECC formulae: the use of new
