Results 1  10
of
48
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 147 (9 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Optimal Extension Fields for Fast Arithmetic in PublicKey Algorithms
, 1998
"... Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported ..."
Abstract

Cited by 65 (14 self)
 Add to MetaCart
Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported optimizations focus on finite fields of the form GF (p) and GF (2 m), an OEF is the class of fields GF (p m), for p a prime of special form and m a positive integer. Modern RISC workstation processors are optimized to perform integer arithmetic on integers of size up to the word size of the processor. Our construction employs wellknown techniques for fast finite field arithmetic which fully exploit the fast integer arithmetic found on these processors. In this paper, we describe our methods to perform the arithmetic in an OEF and the methods to construct OEFs. We provide a list of OEFs tailored for processors with 8, 16, 32, and 64 bit word sizes. We report on our application of this approach to construction of elliptic curve cryptosystems and demonstrate a substantial performance improvement over all previous reported software implementations of Galois field arithmetic for elliptic curves.
A Compact Rijndael Hardware Architecture with SBox Optimization
, 2001
"... Abstract. Compact and highspeed hardware architectures and logic optimization methods for the AES algorithm Rijndael are described. Encryption and decryption data paths are combined and all arithmetic components are reused. By introducing a new composite field, the SBox structure is also optimized ..."
Abstract

Cited by 54 (1 self)
 Add to MetaCart
Abstract. Compact and highspeed hardware architectures and logic optimization methods for the AES algorithm Rijndael are described. Encryption and decryption data paths are combined and all arithmetic components are reused. By introducing a new composite field, the SBox structure is also optimized. An extremely small size of 5.4 Kgates is obtained for a 128bit key Rijndael circuit using a 0.11µmCMOS standard cell library. It requires only 0.052 mm 2 of area to support both encryption and decryption with 311 Mbps throughput. By making effective use of the SPN parallel feature, the throughput can be boosted up to 2.6 Gbps for a highspeed implementation whose size is 21.3 Kgates. 1
Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography
 Journal of Cryptology
, 2000
"... . This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. I ..."
Abstract

Cited by 46 (7 self)
 Add to MetaCart
. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudoMersenne primes and OEFs. We apply this new work to provide implementation results using these me...
Improved Algorithms for Elliptic Curve Arithmetic in GF(2^n)
, 1998
"... This paper describes three contributions for efficient implementation of elliptic curve cryptosystems in GF (2^n). The first is a new method for doubling an elliptic curve point, which is simpler to implement than the fastest known method, due to Schroeppel, and which favors sparse elliptic curve co ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
This paper describes three contributions for efficient implementation of elliptic curve cryptosystems in GF (2^n). The first is a new method for doubling an elliptic curve point, which is simpler to implement than the fastest known method, due to Schroeppel, and which favors sparse elliptic curve coefficients. The second is a generalized and improved version of the Guajardo and Paar's formulas for computing repeated doubling points. The third contribution consists of a new kind of projective coordinates that provides the fastest known arithmetic on elliptic curves. The algorithms resulting from this new formulation lead to a running time improvement for computing a scalar multiplication of about 17% over previous projective coordinate methods.
On the Performance of Signature Schemes based on Elliptic Curves
, 1998
"... . This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2 n ), using a standard basis, and GF(p). We discuss various design decisions that have t ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
. This paper describes a fast software implementation of the elliptic curve version of DSA, as specified in draft standard documents ANSI X9.62 and IEEE P1363. We did the implementations for the fields GF(2 n ), using a standard basis, and GF(p). We discuss various design decisions that have to be made for the operations in the underlying field and the operations on elliptic curve points. In particular, we conclude that it is a good idea to use projective coordinates for GF(p), but not for GF(2 n ). We also extend a number of exponentiation algorithms, that result in considerable speed gains for DSA, to ECDSA, using a signed binary representation. Finally, we present timing results for both types of fields on a PPro200 based PC, for a C/C++ implementation with small assemblylanguage optimizations, and make comparisons to other signature algorithms, such as RSA and DSA. We conclude that for practical sizes of fields and moduli, GF(p) is roughly twice as fast as GF(2 ...
Mastrovito Multiplier for All Trinomials
 IEEE Trans. Computers
, 1999
"... An e cient algorithm for the multiplication in GF (2m)was introduced by Mastrovito. The space complexity of the Mastrovito multiplier for the irreducible trinomial x m + x +1was given as m 2, 1 XOR and m 2 AND gates. In this paper, we describe an architecture based on a new formulation of the multip ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
An e cient algorithm for the multiplication in GF (2m)was introduced by Mastrovito. The space complexity of the Mastrovito multiplier for the irreducible trinomial x m + x +1was given as m 2, 1 XOR and m 2 AND gates. In this paper, we describe an architecture based on a new formulation of the multiplication matrix, and show that the Mastrovito multiplier for the generating trinomial x m + x n +1, where m 6 = 2n, also requires m 2, 1 XOR and m 2 AND gates. However, m 2, m=2 XOR gates are su cient when the generating trinomial is of the form x m + x m=2 +1 for an even m. We also calculate the time complexity of the proposed Mastrovito multiplier, and give design examples for the irreducible trinomials x 7 + x 4 + 1 and x 6 + x 3 +1.
Elliptic Curve Cryptography On Smart Cards Without Coprocessors
 IN IFIP CARDIS 2000, FOURTH SMART CARD RESEARCH AND ADVANCED APPLICATION CONFERENCE
, 2000
"... This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on the use of the finite field GF ((2 8  17) 17 ) which is particularly suited for low end 8bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii's inversion algorithm is used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2 134 in less than 2 seconds. Unlike other implementations, we do not make use of curves defined over a subfield such as Koblitz curves.
Efficient and secure elliptic curve point multiplication using doublebase chains
 In Advances in Cryptology  ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additio ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential sidechannel analysis by using sidechannel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speedups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1