Results 1  10
of
15
Formulae for Arithmetic on Genus 2 Hyperelliptic Curves
 Applicable Algebra in Engineering, Communication and Computing
, 2003
"... The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we t ..."
Abstract

Cited by 50 (3 self)
 Add to MetaCart
The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we treat odd and even characteristic separately. We present 3 different coordinate systems which are suitable for different environments, e. g. on a smart card we should avoid inversions while in software a limited number is acceptable. The presented formulae render genus two hyperelliptic curves very useful in practice. The first system are affine coordinates where each group operation needs one inversion. Then we consider projective coordinates avoiding inversions on the cost of more multiplications and a further coordinate. Finally, we introduce a new system of coordinates and state algorithms showing that doublings are comparably cheap and no inversions are needed. A comparison between the systems concludes the paper.
FPGA Accelerated Tate Pairing Based Cryptosystems over Binary Fields
 IN CRYPTOLOGY EPRINT ARCHIVE, REPORT 2006/179
, 2006
"... Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Though the implementation of the Tate pairing is commonly believed to be computationally more intensive than other cryptographic operations, such as ECC point multiplication, there has been a substantial progress in speeding up the Tate pairing computations. Because of their inherent parallelism, the existing Tate pairing algorithms are very suitable for hardware implementation aimed at achieving a high operation speed. Supersingular elliptic curves over binary fields are good candidates for hardware implementation due to their simple underlying algorithms and binary arithmetic. In this paper we propose e#cient Tate pairing implementations over binary fields F 2 239 and F 2 283 via FPGA. Though our field sizes are larger than those used in earlier architectures with the same security strength based on cubic elliptic curves or binary hyperelliptic curves, fewer multiplications in the underlying field are required, so that the computational latency for one pairing can be reduced. As a result, our pairing accelerators implemented via FPGA can run 15to25 times faster than other FPGA realizations at the same level of security strength, and at the same time achieve lower product of latency by area.
Hyperelliptic Curve Coprocessors on a FPGA
 In Workshop on Information Security Applications  WISA, Jeju Island, Korea
, 2004
"... Abstract. Cryptographic algorithms are used in a large variety of different applications to ensure security services. It is, thus, very interesting to investigate various implementation platforms. Hyperelliptic curve schemes are cryptographic primitives to which a lot of attention was recently given ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. Cryptographic algorithms are used in a large variety of different applications to ensure security services. It is, thus, very interesting to investigate various implementation platforms. Hyperelliptic curve schemes are cryptographic primitives to which a lot of attention was recently given due to the short operand size compared to other algorithms. They are specifically interesting for specialpurpose hardware. This paper provides a comprehensive investigation of highefficient HEC architectures. We propose a genus2 hyperelliptic curve cryptographic coprocessor using affine coordinates. We implemented a special class of hyperelliptic curves, namely using the parameter h(x) = x and f = x 5 + f1x + f0 and the base field GF(2 89). In addition, we only consider the most frequent case in our implementation and assume that the other cases are handled, e.g. by the protocol. We provide three different implementations ranging from high speed to moderate area. Hence, we provide a solution for a variety of applications. Our high performance HECC coprocessor is 78.5 % faster than the best previous implementation and our low area implementation utilizes only 22.7 % of the area that the smallest published design uses. Taking into account both area and latency, our coprocessor is an order of magnitude more efficient than previous implementations. We hope that the work at hand provides a step towards introducing HEC systems in practical applications.
Effects of Optimizations for Software Implementations of Small Binary Field Arithmetic. To appear
 in Proceedings of WAIFI 2007, International Workshop on the Arithmetic of Finite Fields
, 2007
"... Abstract. We describe an implementation of binary field arithmetic written in the C programming language. Even though the implementation targets 32bit CPUs, the results can be applied also to CPUs with different granularity. We begin with separate routines for each operand size in words to minimize ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
Abstract. We describe an implementation of binary field arithmetic written in the C programming language. Even though the implementation targets 32bit CPUs, the results can be applied also to CPUs with different granularity. We begin with separate routines for each operand size in words to minimize performance penalties that have a bigger relative impact for shorter operands – such as those used to implement modern curve based cryptography. We then proceed to use techniques specific to operand size in bits for several field sizes. This results in an implementation of field arithmetic where the curve representing field multiplication performance closely resembles the theoretical quadratic bitcomplexity that can be expected for small inputs. This has important practical consequences: For instance, it will allow us to compare the performance of the arithmetic on curves of different genera and defined over fields of different sizes without worrying about penalties introduced by field arithmetic and concentrating on the curve arithmetic itself. Moreover, the cost of field inversion is very low, makingthe use of affine coordinates in curve arithmetic more interesting. These applications will be mentioned.
Efficient Doubling on Genus 3 Curves over Binary Fields. IACR ePrint 2005/228
"... Abstract. The most important and expensive operation in a hyperelliptic curve cryptosystem (HECC) is scalar multiplication by an integer k, i.e., computing an integer k times a divisor D on the Jacobian. Using some recoding algorithms for scalar k, we can reduce a number of divisor class additions d ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. The most important and expensive operation in a hyperelliptic curve cryptosystem (HECC) is scalar multiplication by an integer k, i.e., computing an integer k times a divisor D on the Jacobian. Using some recoding algorithms for scalar k, we can reduce a number of divisor class additions during the process of computing scalar multiplication. So divisor doubling will account for the main part in all kinds of scalar multiplication algorithms. In order to accelerate the genus 3 HECC over binary fields we investigate how to compute faster doubling in this paper. By constructing birational transformation of variables, we derive explicit doubling formulae for all types of defining equations of the curve. For each type of curve, we analyze how many field operations are needed. So far all proposed curves are secure, though they are more special types. Our results allow to choose curves from a large enough variety which have extremely fast doubling needing only one third the time of an addition in the best case. Furthermore, an actual implementation of the new formulae on a PentiumM processor shows its practical relevance.
Superscalar coprocessor for highspeed curvebased cryptography
 Cryptographic Hardware and Embedded Systems (CHES’06), number 4249 in Lecture Notes in Computer Science
, 2006
"... Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocesso ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocessor can fully utilize the superscalar feature. The implementation results show that scalar multiplication of Elliptic Curve Cryptography (ECC) over GF(2 163), Hyperelliptic Curve Cryptography (HECC) of genus 2 over GF(2 83) and ECC over a composite field, GF((2 83) 2)can be improved by a factor of 1.8, 2.7 and 2.5 respectively compared to the case of a basic singlescalar architecture. This speedup is achieved by exploiting parallelism in curvebased cryptography. The coprocessor deals with a single instruction that can be used for all field operations such as multiplications and additions. In addition, this instruction only allows one to compute point/divisor operations. Furthermore, we provide also a fair comparison between the three curvebased cryptosystems.
Private communication
, 1997
"... The Hyperelliptic curve cryptosystem is one of the emerging cryptographic primitives of the last years. This system offers the same security as established publickey cryptosystems, such as those based on RSA or elliptic curves, with much shorter operand length. However, until recently the common be ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
The Hyperelliptic curve cryptosystem is one of the emerging cryptographic primitives of the last years. This system offers the same security as established publickey cryptosystems, such as those based on RSA or elliptic curves, with much shorter operand length. However, until recently the common belief in industry and in the research community was that hyperelliptic curves are out of scope for any practical application. We were able to show the practical use of hyperelliptic curve cryptosystems (HECC) by narrowing the performance gap between elliptic curve (EC) and hyperelliptic curve cryptosystems. The complexity of the group operation for small genus hyperelliptic curves was reduced and efficient algorithms have been proposed [PWGP03, PWP03]. We developed a new metric to compare different cryptographic primitives based on the atomic operations of a processor and our theoretical comparison between elliptic curve and hyperelliptic curve cryptosystems, as well as our software and hardware implementations show that the performance of both cryptographic primitives are
Multicore curvebased cryptoprocessor with reconfigurable modular arithmetic logic units over GF(2 n
 IEEE Transactions on Computers
"... Abstract—This paper presents a reconfigurable curvebased cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GFð2nÞ. By allocating copies of processing cores that embed reconfigurable Modular Arithme ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract—This paper presents a reconfigurable curvebased cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GFð2nÞ. By allocating copies of processing cores that embed reconfigurable Modular Arithmetic Logic Units (MALUs) over GFð2nÞ, the scalar multiplication of ECC/HECC can be accelerated by exploiting InstructionLevel Parallelism (ILP). The supported field size can be arbitrary up to ðn þ 1Þ 1. The superscaling feature is facilitated by defining a single instruction that can be used for all field operations and point/divisor operations. In addition, the cryptoprocessor is fully programmable and it can handle various curve parameters and arbitrary irreducible polynomials. The cost, performance, and security tradeoffs are thoroughly discussed for different hardware configurations and software programs. The synthesis results with a 0:13 m CMOS technology show that the proposed reconfigurable cryptoprocessor runs at 292 MHz, whereas the field sizes can be supported up to 587 bits. The compact and fastest configuration of our design is also synthesized with a fixed field size and irreducible polynomial. The results show that the scalar multiplication of ECC over GFð2163Þ and HECC over GFð283Þ can be performed in 29 and 63 s, respectively. Index Terms—Multiprocessor systems, processor architectures, reconfigurable hardware, arithmetic and logic units, public key cryptosystems. Ç 1
A hyperelliptic curve crypto coprocessor for an 8051 microcontroller
 In Proceedings of The IEEE 2005 Workshop on Signal Processing Systems (SIPS’05
, 2005
"... Abstract—This paper presents a microcode instruction set coprocessor which is designed to work with an 8bit 8051 microcontroller and implements a Hyperelliptic Curve Cryptosystem (HECC). The microcode coprocessor is capable of performing a range of Galois Field operations using a dualmultiplier/dua ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract—This paper presents a microcode instruction set coprocessor which is designed to work with an 8bit 8051 microcontroller and implements a Hyperelliptic Curve Cryptosystem (HECC). The microcode coprocessor is capable of performing a range of Galois Field operations using a dualmultiplier/dualadder datapath and storing the intermediate results in the local storage unit of the coprocessor (RAM). This coprocessor is programmed using the software routines from the 8051 microcontroller which implements the HECC divisor’s doubling and addition operations. The Jacobian scalar multiplication was computed in a 656 msec (7.87 M cycles) at 12 MHz clock frequency.
Performance of HECC coprocessors using inversionfree formulae
 In International Workshop on Information Security & Hiding, Singapore (ISH ’05
"... Abstract. The HyperElliptic Curve Cryptosystem (HECC) was quite extensively studied during the recent years. In the open literature one can find results on improving the group operations of HECC as well as implementations on various types of processors. There have also been some efforts to implement ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. The HyperElliptic Curve Cryptosystem (HECC) was quite extensively studied during the recent years. In the open literature one can find results on improving the group operations of HECC as well as implementations on various types of processors. There have also been some efforts to implement HECC on hardware devices, like for instance FPGAs. Only one of these works, however, deals with the inversionfree formulae to compute the group operations of HECC. We present inversionfree group operations for the HEC y 2 + xy = x 5 + f1x + f0 and targeting characteristic two fields. The reason being to allow a fair comparison to hardware architectures using the affine case presented in [BBWP04]. In the main part of the paper we use these results to investigate various hardware architectures for a HECC VLSI coprocessor. If area constraints are not considered, scalar multiplication can be performed in 19769 clock cycles using three field multipliers (of type D = 32), one field adder and one field squarer, where D indicates the digit size of the multiplier. However, the optimal solution in terms of latency and area uses two multipliers (of type D = 4), one addition and one squaring. The main finding of the present contribution is that coprocessors based on the inversionfree formulae should be preferred compared to those using group operations containing inversion. This holds despite the fact that one field inversion in the affine HECC group operation is traded by up to 24 field multiplications in the inversionfree case.