Results 1  10
of
43
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Comparing Elliptic Curve Cryptography and RSA on 8bit CPUs
, 2004
"... Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF( ..."
Abstract

Cited by 127 (2 self)
 Add to MetaCart
Abstract. Strong publickey cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160bit, 192bit, and 224bit NIST/SECG curves over GF(p) and RSA1024 and RSA2048 on two 8bit microcontrollers. To accelerate multipleprecision multiplication, we propose a new algorithm to reduce the number of memory accesses. Implementation and analysis led to three observations: 1. Publickey cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160bit ECC point multiplication and 0.43s for a RSA1024 operation with exponent e =2 16 + 1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudoMersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.
The XTR public key system
, 2000
"... This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromis ..."
Abstract

Cited by 80 (11 self)
 Add to MetaCart
This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.
Elliptic Curve Cryptography On Smart Cards Without Coprocessors
 IN IFIP CARDIS 2000, FOURTH SMART CARD RESEARCH AND ADVANCED APPLICATION CONFERENCE
, 2000
"... This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
This contribution describes how an elliptic curve cryptosystem can be implemented on very low cost microprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other costsensitive devices. The implementation is based on the use of the finite field GF ((2 8  17) 17 ) which is particularly suited for low end 8bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii's inversion algorithm is used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2 134 in less than 2 seconds. Unlike other implementations, we do not make use of curves defined over a subfield such as Koblitz curves.
Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x Family of Microcontrollers
, 2001
"... This contribution describes a methodology used to efficiently implement elliptic curves (EC) over GF (p) on the 16bit TI MSP430x33x family of lowcost microcontrollers. We show that it is possible to implement EC cryptosystems in highly constrained embedded systems and still obtain acceptable perfo ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
This contribution describes a methodology used to efficiently implement elliptic curves (EC) over GF (p) on the 16bit TI MSP430x33x family of lowcost microcontrollers. We show that it is possible to implement EC cryptosystems in highly constrained embedded systems and still obtain acceptable performance at low cost. We modified the EC point addition and doubling formulae to reduce the number of intermediate variables while at the same time allowing for flexibility. We used a GeneralizedMersenne prime to implement the arithmetic in the underlying field. We take advantage of the special form of the moduli to minimize the number of precomputations needed to implement inversion via Fermat's Little theorem and the kary method of exponentiation. We apply these ideas to an implementation of an elliptic curve system over GF (p), where p = 2 128  2 97  1. We show that a scalar point multiplication can be achieved in 3.4 seconds without any stored/precomputed values and...
C.: Itoh–Tsujii inversion in standard basis and its application in cryptography and codes
 Des. Codes Cryptogr
, 2002
"... Abstract. This contribution is concerned with a generalization of Itoh and Tsujii’s algorithm for inversion in extension fields GF (q m). Unlike the original algorithm, the method introduced here uses a standard (or polynomial) basis representation. The inversion method is generalized for standard b ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
Abstract. This contribution is concerned with a generalization of Itoh and Tsujii’s algorithm for inversion in extension fields GF (q m). Unlike the original algorithm, the method introduced here uses a standard (or polynomial) basis representation. The inversion method is generalized for standard basis representation and relevant complexity expressions are established, consisting of the number of extension field multiplications and exponentiations. As the main contribution, for three important classes of fields we show that the Frobenius map can be explored to perform the exponentiations required for the inversion algorithm efficiently. As an important consequence, Itoh and Tsujii’s inversion method shows almost the same practical complexity for standard basis as for normal basis representation for the field classes considered.
Fast Elliptic Curve Algorithm Combining Frobenius Map and Table Reference to Adapt to Higher Characteristic
, 1999
"... . A new elliptic curve scalar multiplication algorithm is proposed. The algorithm offers about twice the troughput of some conventional OEFbase algorithms because it combines the Frobenius map with the table reference method based on baseOE expansion. Furthermore, since this algorithm suits conven ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
. A new elliptic curve scalar multiplication algorithm is proposed. The algorithm offers about twice the troughput of some conventional OEFbase algorithms because it combines the Frobenius map with the table reference method based on baseOE expansion. Furthermore, since this algorithm suits conventional computational units such as 16, 32 and 64 bits, its base field Fp m is expected to enhance elliptic curve operation efficiency more than Fq (q is a prime) or F2 n . Keywords: elliptic curve cryptosystem, scalar multiplication, OEF, finite field, Frobenius map, table reference method 1 Introduction While speeding up modular exponentiation has been a prime approach to speeding up the RSA scheme, scalar multiplication of an elliptic curve point can speed up elliptic curve schemes such as ECDSA and ECElGamal. In particular, elliptic curves over F q (q is a prime) or F 2 n have been implemented by many companies and standardized by several organizations such as IEEE P1363 and ISO/IEC ...
Implementation Options for Finite Field Arithmetic for Elliptic Curve Cryptosystems
, 1999
"... Contents 1. Motivation 2. Overview on Finite Field Arithmetic 3. Arithmetic in GF(p) 4. Arithmetic in GF(2 m ) 5. Arithmetic in GF(p m ) 6. Open Problems ECC '99 WPI Why PublicKey Algorithms? Traditional tool for data security: Privatekey (or symmetric) cryptography Main applications: ffl En ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Contents 1. Motivation 2. Overview on Finite Field Arithmetic 3. Arithmetic in GF(p) 4. Arithmetic in GF(2 m ) 5. Arithmetic in GF(p m ) 6. Open Problems ECC '99 WPI Why PublicKey Algorithms? Traditional tool for data security: Privatekey (or symmetric) cryptography Main applications: ffl Encryption ffl Message Authentication Traditional shortcomings: 1. Key distribution, especially with large, dynamic user population (Internet) 2. How to assure sender authenticity and nonrepudiation? Solution: Publickey schemes, e.g., DiffieHellman key exchange or digital signatures. ECC '99 WPI Practical PublicKey Algorithms There are three families of PK algorithms of practical relevance: Integer Factorization Schemes Exp: RSA, Rabin, etc. required ope
Reconfigurable instruction set extension for enabling ECC on an 8bit processor
 IN FIELD PROGRAMMABLE LOGIC AND APPLICATION — FPL 2004, LNCS 3203
, 2004
"... Abstract. Pervasive networks with lowcost embedded 8bit processors are set to change our daytoday life. Publickey cryptography provides crucial functionality to assure security which is often an important requirement in pervasive applications. However, it has been the hardest to implement on co ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Abstract. Pervasive networks with lowcost embedded 8bit processors are set to change our daytoday life. Publickey cryptography provides crucial functionality to assure security which is often an important requirement in pervasive applications. However, it has been the hardest to implement on constraint platforms due to its very high computational requirements. This contribution describes a proofofconcept implementation for an extremely lowcost instruction set extension using reconfigurable logic, which enables an 8bit microcontroller to provide full size elliptic curve cryptography (ECC) capabilities. Introducing full size publickey security mechanisms on such small embedded devices will allow new pervasive applications. We show that a standard compliant 163bit point multiplication can be computed in 0.113 sec on an 8bit AVR microcontroller running at 4 Mhz with minimal extra hardware, a typical representative for a lowcost pervasive processor. Our design not only accelerates the computation by a factor of more than 30 compared to a softwareonly solution, it also reduces the codesize, dataRAM and power requirements. 1
Optimizing Galois Field Arithmetic for Diverse Processor Architectures and Applications
"... Galois field implementations are central to the design of many reliable and secure systems, with many systems implementing them in software. The two most common Galois field operations are addition and multiplication; typically, multiplication is far more expensive than addition. In software, multip ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Galois field implementations are central to the design of many reliable and secure systems, with many systems implementing them in software. The two most common Galois field operations are addition and multiplication; typically, multiplication is far more expensive than addition. In software, multiplication is generally done with a lookup to a precomputed table, limiting the size of the field and resulting in uneven performance across architectures and applications. In this paper, we first analyze existing tablebased implementation and optimization techniques for multiplication in fields of the form GF(2 l). Next, we propose the use of techniques in composite fields: extensions of GF(2 l) in which multiplications are performed in GF(2 l) and efficiently combined. The composite field technique trades computation for storage space, which prevents eviction of lookup tables from the CPU cache and allows for arbitrarily large fields. Most Galois field optimizations are specific to a particular implementation; our technique is general and may be applied in any scenario requiring Galois fields. A detailed performance study across five architectures shows that the relative performance of each approach varies with architecture, and that CPU, memory limitations and fields size must be considered when selecting an appropriate Galois field implementation. We also find that the use of our composite field implementation is often faster and less memory intensive than traditional algorithms for GF(2 l). 1.