Results 1  10
of
155
Comparing Elliptic Curve Cryptography and RSA on 8bit CPUs
, 2004
"... Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF( ..."
Abstract

Cited by 139 (2 self)
 Add to MetaCart
Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF(p) and RSA1024 and RSA2048 on two 8bit microcontrollers. To accelerate multipleprecision multiplication, we propose a new algorithm to reduce the number of memory accesses. Implementation and analysis led to three observations: 1. Publickey cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160bit ECC point multiplication and 0.43s for a RSA1024 operation with exponent e =2 16 + 1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudoMersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.
The XTR public key system
, 2000
"... This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromis ..."
Abstract

Cited by 82 (12 self)
 Add to MetaCart
This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
, 2001
"... The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of ..."
Abstract

Cited by 71 (0 self)
 Add to MetaCart
The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods.
Software Implementation of the NIST Elliptic Curves Over Prime Fields
 TOPICS IN CRYPTOLOGY – CTRSA 2001, VOLUME 2020 OF LNCS
, 2001
"... ..."
Formulae for Arithmetic on Genus 2 Hyperelliptic Curves
 Applicable Algebra in Engineering, Communication and Computing
, 2003
"... The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we t ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we treat odd and even characteristic separately. We present 3 different coordinate systems which are suitable for different environments, e. g. on a smart card we should avoid inversions while in software a limited number is acceptable. The presented formulae render genus two hyperelliptic curves very useful in practice. The first system are affine coordinates where each group operation needs one inversion. Then we consider projective coordinates avoiding inversions on the cost of more multiplications and a further coordinate. Finally, we introduce a new system of coordinates and state algorithms showing that doublings are comparably cheap and no inversions are needed. A comparison between the systems concludes the paper.
Hessian Elliptic Curves and SideChannel Attacks
 of Lecture Notes in Computer Science
, 2001
"... Sidechannel attacks are a recent class of attacks that have been revealed to be very powerful in practice. By measuring some sidechannel information (running time, power consumption, . . . ), an attacker is able to recover some secret data from a carelessly implemented cryptoalgorithm. ..."
Abstract

Cited by 49 (7 self)
 Add to MetaCart
Sidechannel attacks are a recent class of attacks that have been revealed to be very powerful in practice. By measuring some sidechannel information (running time, power consumption, . . . ), an attacker is able to recover some secret data from a carelessly implemented cryptoalgorithm.
Protections against Differential Analysis for Elliptic Curve Cryptography  An Algebraic Approach
 CHES 2001, LNCS 2162
, 2001
"... We propose several new methods to protect the scalar multiplication on an elliptic curve against Di#erential Analysis. The basic idea consists in transforming the curve through various random morphisms to provide a nondeterministic execution of the algorithm. The solutions ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
We propose several new methods to protect the scalar multiplication on an elliptic curve against Di#erential Analysis. The basic idea consists in transforming the curve through various random morphisms to provide a nondeterministic execution of the algorithm. The solutions
Unbelievable Security: Matching AES security using public key systems
 PROCEEDINGS ASIACRYPT 2001, LNCS 2248, SPRINGERVERLAG 2001, 67–86
, 2001
"... The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finit ..."
Abstract

Cited by 45 (4 self)
 Add to MetaCart
The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite fields and elliptic curve groups are considered. The practicality of the resulting systems is commented upon. Despite the conclusions, this paper should not be interpreted as an endorsement of any particular public key system in favor of any other.
Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves
 Workshop on Cryptographic Hardware and Embedded Systems — CHES 2003
, 2003
"... For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements ha ..."
Abstract

Cited by 41 (12 self)
 Add to MetaCart
For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the stateoftheart considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.
Efficient and secure elliptic curve point multiplication using doublebase chains
 In Advances in Cryptology  ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additio ..."
Abstract

Cited by 37 (8 self)
 Add to MetaCart
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential sidechannel analysis by using sidechannel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speedups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1