Results 1  10
of
26
A Practical Implementation of the Timing Attack
, 1998
"... When the running time of a cryptographic algorithm is nonconstant, timing measurements can leak information about the secret key. This idea, first publicly introduced by Kocher, is developed here to attack an earlier version of the CASCADE smart card. We propose several improvements on Kocher's idea ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
When the running time of a cryptographic algorithm is nonconstant, timing measurements can leak information about the secret key. This idea, first publicly introduced by Kocher, is developed here to attack an earlier version of the CASCADE smart card. We propose several improvements on Kocher's ideas, leading to a practical implementation that is able to break a 512bit key in few hours, provided we are able to collect 300 000 timing measurements (128bit keys can be recovered in few seconds using a personal computer and less than 10 000 samples). We therefore show that the timing attack represents an important threat against cryptosystems, which must be very seriously taken into account.
Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m)
 CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS — CHES 2004
, 2004
"... Abstract. Instruction set extensions are a small number of custom instructions specifically designed to accelerate the processing of a given kind of workload such as multimedia or cryptography. Enhancing a generalpurpose RISC processor with a few applicationspecific instructions to facilitate the ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
Abstract. Instruction set extensions are a small number of custom instructions specifically designed to accelerate the processing of a given kind of workload such as multimedia or cryptography. Enhancing a generalpurpose RISC processor with a few applicationspecific instructions to facilitate the inner loop operations of publickey cryptosystems can result in a significant performance gain. In this paper we introduce a set of five custom instructions to accelerate arithmetic operations in finite fields GF(p) and GF(2^m). The custom instructions can be easily integrated into a standard RISC architecture like MIPS32 and require only little extra hardware. Our experimental results show that an extended MIPS32 core is able to perform an elliptic curve scalar multiplication over a 192bit prime field in 36 msec, assuming a clock speed of 33 MHz. An elliptic curve scalar multiplication over the binary field GF(2^191) takes only 21 msec, which is approximately six times faster than a software implementation on a standard MIPS32 processor.
Montgomery Exponentiation with no Final Subtractions: Improved Results
 In Cryptographic Hardware and Embedded Systems  CHES 2000, LNCS 1965
"... . The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Coli ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
. The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Colin D. Walter proposed a constant time implementation of this algorithm [17, 18]. In this paper, we propose an improved (faster) version of this implementation. We also provide figures about the overhead of these versions relatively to a speed optimised version (theoretically and experimentally). Keywords. Montgomery multiplication, modular exponentiation, smart cards, timing attacks, power attacks 1 Introduction In RSA based cryptosystems, modular exponentiations are often computed with Montgomery multiplications [14].The optimisation of this algorithm is consequently very important. Several fast implementations of this algorithm were proposed both in hardware (e.g. [18]) and softwar...
Parallel FPGA implementation of RSA with residue number systems – can sidechannel threats be avoided
 46 th . International Midwest Symposium on Circuits and Systems: MWSCAS ’03
, 2003
"... Abstract — In this paper, we present a new parallel architecture to avoid sidechannel analysis such as: timing attack, simple/differential power analysis, fault induction attack and simple/differential electromagnetic analysis. We use a Montgomery Multiplication based on Residue Number Systems. Tha ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract — In this paper, we present a new parallel architecture to avoid sidechannel analysis such as: timing attack, simple/differential power analysis, fault induction attack and simple/differential electromagnetic analysis. We use a Montgomery Multiplication based on Residue Number Systems. Thanks to RNS, we develop a design able to perform an RSA signature in parallel on a set of identical and independent coprocessors. Of independent interest, we propose a new DPA countermeasure when RNS are used that is only (slightly) memory consuming. Finally, we synthesized our new architecture on FPGA and it presents promising performance results. Even if our aim is to sketch a secure architecture, the RSA signature is performed in less than 150 ms, with competitive hardware resources. To our knowledge, this is the first proposal of an architecture counteracting electromagnetic analysis apart from hardware countermeasures reducing electromagnetic radiations. I.
Shor’s algorithm on a nearestneighbor machine
 Asian conference on Quantum Information Science
, 2007
"... We give a new “nested adds ” circuit for implementing Shor’s algorithm in linear width and quadratic depth on a nearestneighbor machine. Our circuit combines Draper’s transform adder with approximation ideas of Zalka. The transform adder requires small controlled rotations. We also give another ver ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
We give a new “nested adds ” circuit for implementing Shor’s algorithm in linear width and quadratic depth on a nearestneighbor machine. Our circuit combines Draper’s transform adder with approximation ideas of Zalka. The transform adder requires small controlled rotations. We also give another version, with slightly larger depth, using only reversible classical gates. We do not know which version will ultimately be cheaper to implement. 1
Cryptography on FPGAs: State of the Art Implementations and Attacks
, 1999
"... this paper is devoted to studying FPGAs from a systems security perspective. We do this by looking at attacks documented in the literature against FPGAs as well as attacks that have been performed against other hardware platforms and by adapting them and their solutions to FPGAs. Furthermore, we pro ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
this paper is devoted to studying FPGAs from a systems security perspective. We do this by looking at attacks documented in the literature against FPGAs as well as attacks that have been performed against other hardware platforms and by adapting them and their solutions to FPGAs. Furthermore, we provide a list of open problems regarding system security of FPGAs
Implementation of fast RSA key generation on smart cards
 ACM Symposium on Applied Computing
, 2002
"... Although smart cards are becoming used in an increasing number of applications, there is small literature of the implementation issues for smart cards. This paper describes the issues and considerations that need to be taken into account when implementing the key generation step of a cryptographic a ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Although smart cards are becoming used in an increasing number of applications, there is small literature of the implementation issues for smart cards. This paper describes the issues and considerations that need to be taken into account when implementing the key generation step of a cryptographic algorithm widely used nowadays, RSA. Smart cards are used in many applications that require a tamper resistant area. Therefore, smart cards that use cryptography have to provide encryption, decryption, as well as key generation inside its security perimeter. RSA key generation is a concern for oncard implementation of RSA cryptosystem, as it usually takes a long time. In this paper, two simple but efficient key generation algorithms are evaluated, in addition to a simple but not very efficient algorithm. The paper discusses in detail how to build fast implementations for the three algorithms presented, using smart cards with cryptocoprocessor.
Faster Fparithmetic for Cryptographic Pairings on BarretoNaehrig Curves ⋆
"... Abstract. This paper describes a new method to speed up Fparithmetic for BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction i ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract. This paper describes a new method to speed up Fparithmetic for BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudoMersenne number. With this algorithm, the performance of pairings on BN curves can be significantly improved, resulting in a factor 5.4 speedup compared with the stateoftheart hardware implementations. Using this algorithm, we implemented a pairing processor in hardware, which runs at 204 MHz and finishes one ate and Rate pairing computation over a 256bit BN curve in 4.22 ms and 2.91 ms, respectively.
Evaluating Instruction Set Extensions for Fast Arithmetic on Binary Finite Fields
 PROC. INT. CONF. APPLICATIONSPECIFIC SYSTEMS, ARCHITECTURES, AND PROCESSORS (ASAP
, 2004
"... Binary finite fields GF(2^n) are very commonly used in cryptography, particularly in publickey algorithms such as Elliptic Curve Cryptography (ECC). On wordoriented programmable processors, field elements are generally represented as polynomials with coefficients from {0, 1}. Key arithmetic operati ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Binary finite fields GF(2^n) are very commonly used in cryptography, particularly in publickey algorithms such as Elliptic Curve Cryptography (ECC). On wordoriented programmable processors, field elements are generally represented as polynomials with coefficients from {0, 1}. Key arithmetic operations on these polynomials, such as squaring and multiplication, are not supported by integeroriented processor architectures. Instead, these are implemented in software, causing a very large fraction of the cryptography execution time to be dominated by a few elementary operations. For example, more than 90% of the execution time of 163bit ECC may be consumed by two simple field operations: squaring and multiplication. A few
Performance of Firefly RPC
 INFORMATICA
, 1990
"... Generally speaking, publickey cryptographic systems consist of raising elements of some group such as GF(2n), Z/NZ or elliptic curves, to large powers and reducing the result modulo some given element. Such operation is often called modular exponentiation and is performed using modular multiplicati ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Generally speaking, publickey cryptographic systems consist of raising elements of some group such as GF(2n), Z/NZ or elliptic curves, to large powers and reducing the result modulo some given element. Such operation is often called modular exponentiation and is performed using modular multiplications repeatedly. The practicality of a given cryptographic system depends heavily on how fast modular exponentiations are performed. Consequently, it also depends on how efficiently modular multiplications are done as these are at the base of the computation. This problem has received much attention over the years. Software as well as hardware efficient implementation were proposed. However, the results are scattered through the literature. In this paper we survey most known and recent methods for efficient modular multiplication, investigating and examining their strengths and weaknesses. For each method presented, we provide an adequate hardware implementation. Povzetek: Podan je pregled modernih metod kriptografije. 1