Abstract not found

Nowadays, there exists a manifold variety of cryptographic applications: from low level embedded crypto implementations up to high end cryptographic engines for servers. The latter require a exible implementation of a variety of cryptographic primitives in order to be capable of communicating with several clients. On the other hand, on the client it only requires an implementation of one speci c algorithm with xed parameters such as a xed eld size or xed curve parameters if using ECC/ HECC. In particular for embedded environments like PDAs or mobile communication devices, xing these parameters can be crucial regarding speed and power consumption. In this contribution, we propose a highly ecient algorithm for a hyperelliptic curve cryptosystem of genus two, well suited for these constraint devices.

Abstract. In this paper, we present several improvements on the best known explicit formulæ for hyperelliptic curves of genus three and four in characteristic two, including the issue of reducing memory requirements. To show the effectiveness of these improvements and to allow a fair comparison of the curves of different genera, we implement all formulæ using a highly optimized software library for arithmetic in binary fields. This library was designed to minimize the impact of a whole series of overheads which have a larger significance as the genus of the curves increases. The current state of the art in attacks against the discrete logarithm problem is taken into account for the choice of the field and group sizes. Performance tests are done on two personal computers with very different architectures. Our results can be shortly summarized as follows: Curves of genus three provide performance similar, or better, to that of curves of genus two, and these two types of curves can perform faster than elliptic curves – indeed on some processors often twice as fast. Curves of genus four attain a performance level comparable to elliptic curves. A large choice of curves is therefore available for the deployment of curve-based cryptography, with curves of genus three and four providing their own advantages as larger cofactors can be allowed for the group order.

It is widely recognized that data security will play a central role in future IT systems. Providing public-key cryptographic primitives, which are the core tools for security, is often difficult on embedded processor due to computational, memory, and power constraints. This contribution appears to be the first thorough comparison of two public-key families, namely elliptic curve (ECC) and hyperelliptic curve cryptosystems on a wide range of embedded processor types (ARM, ColdFire, PowerPC). We investigated the influence of the processor type, resources, and architecture regarding throughput. Further, we improved previously known HECC algorithms resulting in a more efficient arithmetic.

Regarding the overall speed and power consumption, cryptographic applications in embedded environments like PDAs or mobile communication devices can benefit from specially designed cryptosystems with fixed parameters. In this contribution, we propose a highly efficient algorithm for a hyperelliptic curve cryptosystem (HECC) of genus two, well suited for these applications on constrained devices. This work presents a major improvement of HECC arithmetic for certain non-supersingular curves defined over fields of characteristic two. We optimized the group doubling operation and managed to speed up the whole cryptosystem by approximately 27 % compared to the previously known most efficient case. Furthermore, an actual implementation of the new formulae on an embedded processor shows its practical relevance. A scalar multiplication can be performed in approximately 50¢¤ £ on an 80MHz embedded device. 1.

Abstract. We describe an implementation of binary field arithmetic written in the C programming language. Even though the implementation targets 32-bit CPUs, the results can be applied also to CPUs with different granularity. We begin with separate routines for each operand size in words to minimize performance penalties that have a bigger relative impact for shorter operands – such as those used to implement modern curve based cryptography. We then proceed to use techniques specific to operand size in bits for several field sizes. This results in an implementation of field arithmetic where the curve representing field multiplication performance closely resembles the theoretical quadratic bit-complexity that can be expected for small inputs. This has important practical consequences: For instance, it will allow us to compare the performance of the arithmetic on curves of different genera and defined over fields of different sizes without worrying about penalties introduced by field arithmetic and concentrating on the curve arithmetic itself. Moreover, the cost of field inversion is very low, makingthe use of affine coordinates in curve arithmetic more interesting. These applications will be mentioned.

The necessity to secure the communication between hardware components in embedded systems becomes increasingly important with regard to the secrecy of data and particularly its commercial use. We suggest a low-cost (i.e. small logic-area) solution for flexible security levels and short key lifetimes. The basis is an approach for symmetric key exchange using the synchronization of Tree Parity Machines. Fast successive key generation enables a key exchange within a few milliseconds, given realistic communication channels with a limited bandwidth. For demonstration we evaluate characteristics of a standard-cell ASIC design realization as IP-core in  ¢¡¤£¦¥¨§ Index Terms-technology. K.4.4.f Security, K.6.5.a Authentication, B.7.1.b Algorithms implemented in hardware, C.3.h Ubiq-uitous computing, J.9.d Pervasive computing I.

Hardware accelerators are often used in cryptographic applications for speeding up the highly arithmetic-intensive publickey primitives, e.g. in high-end smart cards. One of these emerging and very promising public-key scheme is based on HyperElliptic Curve Cryptosystems (HECC). In the open literature only a few considerations deal with hardware implementation issues of HECC.

Abstract. The most important and expensive operation in a hyperelliptic curve cryptosystem (HECC) is scalar multiplication by an integer k, i.e., computing an integer k times a divisor D on the Jacobian. Using some recoding algorithms for scalar k, we can reduce a number of divisor class additions during the process of computing scalar multiplication. So divisor doubling will account for the main part in all kinds of scalar multiplication algorithms. In order to accelerate the genus 3 HECC over binary fields we investigate how to compute faster doubling in this paper. By constructing birational transformation of variables, we derive explicit doubling formulae for all types of defining equations of the curve. For each type of curve, we analyze how many field operations are needed. So far all proposed curves are secure, though they are more special types. Our results allow to choose curves from a large enough variety which have extremely fast doubling needing only one third the time of an addition in the best case. Furthermore, an actual implementation of the new formulae on a Pentium-M processor shows its practical relevance.

(Communicated by Edlyn Teske) Abstract. We present public-key cryptographic protocols for key exchange, digital signatures, and encryption whose security is based on the presumed intractability of solving the principal ideal problem, or equivalently, the distance problem, in the real model of a hyperelliptic curve. Our protocols represent a significant improvement over existing protocols using real hyperelliptic curves. Theoretical analysis and numerical experiments indicate that they are comparable to the imaginary model in terms of efficiency, and hold much more promise for practical applications than previously believed. 1.