Abstract. Cryptographic algorithms are used in a large variety of different applications to ensure security services. It is, thus, very interesting to investigate various implementation platforms. Hyperelliptic curve schemes are cryptographic primitives to which a lot of attention was recently given due to the short operand size compared to other algorithms. They are specifically interesting for special-purpose hardware. This paper provides a comprehensive investigation of high-efficient HEC architectures. We propose a genus-2 hyperelliptic curve cryptographic coprocessor using affine coordinates. We implemented a special class of hyperelliptic curves, namely using the parameter h(x) = x and f = x 5 + f1x + f0 and the base field GF(2 89). In addition, we only consider the most frequent case in our implementation and assume that the other cases are handled, e.g. by the protocol. We provide three different implementations ranging from high speed to moderate area. Hence, we provide a solution for a variety of applications. Our high performance HECC coprocessor is 78.5 % faster than the best previous implementation and our low area implementation utilizes only 22.7 % of the area that the smallest published design uses. Taking into account both area and latency, our coprocessor is an order of magnitude more efficient than previous implementations. We hope that the work at hand provides a step towards introducing HEC systems in practical applications.

Abstract. The HyperElliptic Curve Cryptosystem (HECC) was quite extensively studied during the recent years. In the open literature one can find results on improving the group operations of HECC as well as implementations on various types of processors. There have also been some efforts to implement HECC on hardware devices, like for instance FPGAs. Only one of these works, however, deals with the inversionfree formulae to compute the group operations of HECC. We present inversionfree group operations for the HEC y 2 + xy = x 5 + f1x + f0 and targeting characteristic two fields. The reason being to allow a fair comparison to hardware architectures using the affine case presented in [BBWP04]. In the main part of the paper we use these results to investigate various hardware architectures for a HECC VLSI coprocessor. If area constraints are not considered, scalar multiplication can be performed in 19769 clock cycles using three field multipliers (of type D = 32), one field adder and one field squarer, where D indicates the digit size of the multiplier. However, the optimal solution in terms of latency and area uses two multipliers (of type D = 4), one addition and one squaring. The main finding of the present contribution is that coprocessors based on the inversionfree formulae should be preferred compared to those using group operations containing inversion. This holds despite the fact that one field inversion in the affine HECC group operation is traded by up to 24 field multiplications in the inversionfree case.

Abstract—This paper presents a microcode instruction set coprocessor which is designed to work with an 8-bit 8051 microcontroller and implements a Hyperelliptic Curve Cryptosystem (HECC). The microcode coprocessor is capable of performing a range of Galois Field operations using a dualmultiplier/dual-adder datapath and storing the intermediate results in the local storage unit of the coprocessor (RAM). This coprocessor is programmed using the software routines from the 8051 microcontroller which implements the HECC divisor’s doubling and addition operations. The Jacobian scalar multiplication was computed in a 656 msec (7.87 M cycles) at 12 MHz clock frequency.

Abstract. Implementing public-key cryptography on platforms with limited resources, such as microprocessors, is a challenging task. Hardware/software co-design is often the only answer to implement the computationally intensive operations with limited memory and power at an acceptable speed. This contribution describes such a solution for Hyperelliptic Curve Cryptography (HECC). The proposed hardware/software co-design of the HECC system was implemented and co-simulated using the GEZEL design environment [3]. As a low-cost platform, we chose an 8-bit 8051 microprocessor to which one small hardware co-processor was added for field multiplication. We show that the Jacobian scalar multiplication can be computed in 2.488 sec at 12 MHz on this platform if a minimal hardware module is added i.e. a hardware multiply-add unit. This optimal solution provides a factor of 26 speed-up over a softwareonly solution. Keywords: HECC, GF(2 m), genus 2 curves, hardware/software codesign, embedded implementation. 1