Results 1  10
of
35
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 147 (9 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Faster Attacks on Elliptic Curve Cryptosystems
 Selected Areas in Cryptography, LNCS 1556
, 1998
"... The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard's aemethod. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF (p) or G ..."
Abstract

Cited by 61 (1 self)
 Add to MetaCart
The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard's aemethod. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF (p) or GF (2 m ), the attack time can be reduced by a factor or p 2, a small improvement. For subfield curves, those defined over GF (2 ed ) with coefficients defining the curve restricted to GF (2 e ), the attack time can be reduced by a factor of p 2d. In particular for curves over GF (2 m ) with coefficients in GF (2), called anomalous binary curves or Koblitz curves, the attack time can be reduced by a factor of p 2m. These curves have structure which allows faster cryptosystem computations. Unfortunately, this structure also helps the attacker. In an example, the time required to compute an elliptic curve logarithm on an anomalous binary curve over GF (2 163 ) is reduced from 2 ...
Field inversion and point halving revisited
 IEEE Transactions on Computers
, 2004
"... We present a careful analysis of elliptic curve point multiplication methods that use the point halving technique of Knudsen and Schroeppel, and compare these methods to traditional algorithms that use point doubling. The performance advantage of halving methods is clearest in the case of point mult ..."
Abstract

Cited by 55 (8 self)
 Add to MetaCart
We present a careful analysis of elliptic curve point multiplication methods that use the point halving technique of Knudsen and Schroeppel, and compare these methods to traditional algorithms that use point doubling. The performance advantage of halving methods is clearest in the case of point multiplication kP where P is not known in advance, and smaller field inversion to multiplication ratios generally favour halving. Although halving essentially operates on affine coordinate representations, we adapt an algorithm of Knuth to allow efficient use of projective coordinates with halvingbased windowing methods for point multiplication.
Improved Algorithms for Elliptic Curve Arithmetic in GF(2^n)
, 1998
"... This paper describes three contributions for efficient implementation of elliptic curve cryptosystems in GF (2^n). The first is a new method for doubling an elliptic curve point, which is simpler to implement than the fastest known method, due to Schroeppel, and which favors sparse elliptic curve co ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
This paper describes three contributions for efficient implementation of elliptic curve cryptosystems in GF (2^n). The first is a new method for doubling an elliptic curve point, which is simpler to implement than the fastest known method, due to Schroeppel, and which favors sparse elliptic curve coefficients. The second is a generalized and improved version of the Guajardo and Paar's formulas for computing repeated doubling points. The third contribution consists of a new kind of projective coordinates that provides the fastest known arithmetic on elliptic curves. The algorithms resulting from this new formulation lead to a running time improvement for computing a scalar multiplication of about 17% over previous projective coordinate methods.
On the Performance of Signature Schemes based on Elliptic Curves
, 1998
"... . This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2 n ), using a standard basis, and GF(p). We discuss various design decisions that have t ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
. This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2 n ), using a standard basis, and GF(p). We discuss various design decisions that have to be made for the operations in the underlying field and the operations on elliptic curve points. In particular, we conclude that it is a good idea to use projective coordinates for GF(p), but not for GF(2 n ). We also extend a number of exponentiation algorithms, that result in considerable speed gains for DSA, to ECDSA, using a signed binary representation. Finally, we present timing results for both types of fields on a PPro200 based PC, for a C/C++ implementation with small assemblylanguage optimizations, and make comparisons to other signature algorithms, such as RSA and DSA. We conclude that for practical sizes of fields and moduli, GF(p) is roughly twice as fast as GF(2 ...
Elliptic Curve Cryptography On Smart Cards Without Coprocessors
 IN IFIP CARDIS 2000, FOURTH SMART CARD RESEARCH AND ADVANCED APPLICATION CONFERENCE
, 2000
"... This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on the use of the finite field GF ((2 8  17) 17 ) which is particularly suited for low end 8bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii's inversion algorithm is used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2 134 in less than 2 seconds. Unlike other implementations, we do not make use of curves defined over a subfield such as Koblitz curves.
Efficient and secure elliptic curve point multiplication using doublebase chains
 In Advances in Cryptology  ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additio ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential sidechannel analysis by using sidechannel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speedups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1
An Overview of Elliptic Curve Cryptography
, 2000
"... Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact t ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no subexponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.
Fast Arithmetic for PublicKey Algorithms in Galois Fields with Composite Exponents
 IEEE Transactions on Computers
, 1999
"... This contribution describes a new class of arithmetic architectures for Galois fields GF (2 k ). The main applications of the architecture are publickey systems which are based on the discrete logarithm problem for elliptic curves. The architectures use a representation of the field GF (2 k ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
This contribution describes a new class of arithmetic architectures for Galois fields GF (2 k ). The main applications of the architecture are publickey systems which are based on the discrete logarithm problem for elliptic curves. The architectures use a representation of the field GF (2 k ) as GF ((2 n ) m ), where k = n \Delta m. The approach explores bit parallel arithmetic in the subfield GF (2 n ), and serial processing for the extension field arithmetic. This mixed parallelserial (hybrid) approach can lead to fast implementations. As the core module, a hybrid multiplier is introduced and several This paper is an extension of [1]. The bit parallel squarer architectures have been completely revised. 1 optimizations are discussed. We provide two different approaches to squaring. We develop exact expressions for the complexity of parallel squarers in composite fields which can have a surprisingly low complexity. The hybrid architectures are capable of explori...
Elliptic curve cryptosystems on reconfigurable hardware
 MASTER’S THESIS, WORCESTER POLYTECHNIC INST
, 1998
"... Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other publickey schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of realworld size can be implemented on commercially available FPGAs.