Results 1  10
of
15
Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography
 Journal of Cryptology
, 2000
"... . This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEF ..."
Abstract

Cited by 53 (9 self)
 Add to MetaCart
(Show Context)
. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudoMersenne primes and OEFs. We apply this new work to provide implementation results using these me...
Optimizing Galois Field Arithmetic for Diverse Processor Architectures and Applications
"... Galois field implementations are central to the design of many reliable and secure systems, with many systems implementing them in software. The two most common Galois field operations are addition and multiplication; typically, multiplication is far more expensive than addition. In software, multip ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
(Show Context)
Galois field implementations are central to the design of many reliable and secure systems, with many systems implementing them in software. The two most common Galois field operations are addition and multiplication; typically, multiplication is far more expensive than addition. In software, multiplication is generally done with a lookup to a precomputed table, limiting the size of the field and resulting in uneven performance across architectures and applications. In this paper, we first analyze existing tablebased implementation and optimization techniques for multiplication in fields of the form GF(2 l). Next, we propose the use of techniques in composite fields: extensions of GF(2 l) in which multiplications are performed in GF(2 l) and efficiently combined. The composite field technique trades computation for storage space, which prevents eviction of lookup tables from the CPU cache and allows for arbitrarily large fields. Most Galois field optimizations are specific to a particular implementation; our technique is general and may be applied in any scenario requiring Galois fields. A detailed performance study across five architectures shows that the relative performance of each approach varies with architecture, and that CPU, memory limitations and fields size must be considered when selecting an appropriate Galois field implementation. We also find that the use of our composite field implementation is often faster and less memory intensive than traditional algorithms for GF(2 l). 1.
Efficient Computation of Multiplicative Inverse for Cryptographic Applications
 Proceeding of the 15th IEEE Symposium on Computer Arithmetic
"... ..."
Fast Arithmetic Architectures for PublicKey Algorithms over Galois Fields GF((2 n ) m )
 in Advances in Cryptography  EUROCRYPT '97
, 1997
"... This contribution describes a new class of arithmetic architectures for Galois fields GF (2 k ). The main applications of the architecture are publickey systems which are based on the discrete logarithm problem for elliptic curves. The architectures use a representation of the field GF (2 k ) ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
This contribution describes a new class of arithmetic architectures for Galois fields GF (2 k ). The main applications of the architecture are publickey systems which are based on the discrete logarithm problem for elliptic curves. The architectures use a representation of the field GF (2 k ) as GF ((2 n ) m ), where k = n \Delta m. The approach explores bit parallel arithmetic in the subfield GF (2 n ), and serial processing for the extension field arithmetic. This mixed parallelserial (hybrid) approach can lead to very fast implementations. The principle of these approach was initially suggested by Mastrovito. As the core module, a hybrid multiplier is introduced and several optimizations are discussed. We provide two different approaches to squaring which, in conjunction with the multiplier, yield fast exponentiation architectures. The hybrid architectures are capable of exploring the timespace tradeoff paradigm in a flexible manner. In particular, the number of clock...
Analysis and Construction of Galois Fields for Efficient Storage Reliability
, 2007
"... Softwarebased Galois field implementations are used in the reliability and security components of many storage systems. Unfortunately, multiplication and division operations over Galois fields are expensive, compared to the addition. To accelerate multiplication and division, most software Galois f ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
Softwarebased Galois field implementations are used in the reliability and security components of many storage systems. Unfortunately, multiplication and division operations over Galois fields are expensive, compared to the addition. To accelerate multiplication and division, most software Galois field implementations use precomputed lookup tables, accepting the memory overhead associated with optimizing these operations. However, the amount of available memory constrains the size of a Galois field and leads to inconsistent performance across architectures. This is especially problematic in environments with limited memory, such as sensor networks. In this paper, we first analyze existing tablebased implementation and optimization techniques for GF(2 l) multiplication and division. Next, we propose the use of techniques that perform multiplication and division in an extension of GF(2 l), where the actual multiplications and divisions are performed in a smaller field and combined. This approach allows different applications to share Galois field multiplication tables, regardless of the field size, while drastically lowering memory consumption. We evaluated multiple such approaches in terms of basic operation performance and memory consumption. We then evaluated different approaches for their suitability in common Galois field applications. Our experiments showed that the relative performance of each approach varies with processor architecture, and that CPU, memory limitations and field size must be considered when selecting an appropriate Galois field implementation. In particular, the use of extension fields is often faster and less memoryintensive than comparable approaches using standard algorithms for GF(2 l). 1
On the Cost of Lazy Engineering for Masked Software Implementations
"... Abstract. Masking is one of the most popular countermeasures to mitigate sidechannel analysis. Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that the leakage corresponding to different shares is independent. Several works have s ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Masking is one of the most popular countermeasures to mitigate sidechannel analysis. Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that the leakage corresponding to different shares is independent. Several works have shown that such an independent leakage assumption may be contradicted in practice, because of physical effects such as “glitches ” or “transitionbased ” leakages. As a result, implementing masking securely can be a timeconsuming engineering problem. This is in strong contrast with recent and promising approaches for the automatic insertion of countermeasures exploiting compilers, that aim to limit the development time of sidechannel resistant software. Motivated by this contrast, we question what can be hoped for these approaches – or more generally for masked software implementations based on careless assembly generation. For this purpose, our first contribution is a simple reduction from security proofs obtained in a (usual but not always realistic) model where leakages depend on the intermediate variables manipulated by the target device, to security proofs in a (more realistic) model where the transitions between these intermediate variables are leaked. We show that the cost of moving from one context to the other implies a division of the security order by two for masking schemes. Next, our second and main contribution is to provide an exhaustive empirical validation of this reduction, based on two microcontrollers, several (handwritten and compilerbased) ways of generating assembly codes, with and without “recycling ” the randomness used for sharing. These experiments confirm the relevance of our analysis, and therefore quantify the cost of lazy engineering for masking. 1
Private Computing: The Trusted Digital Assistant
, 2002
"... This dissertation was typeset with L T E X in Charter and Euler, with symbols from A M S ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
This dissertation was typeset with L T E X in Charter and Euler, with symbols from A M S
SoftTimeout Distributed Key Generation for Digital Signature based on Elliptic Curve Dlog for LowPower Devices
"... Group based transactions are becoming common via handhelds. Single key based systems may not be able to meet various security requirements. In this paper, we propose a threshold signature scheme based on Pedersen distributed key generation principle which is suitable for handheld devices and adho ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Group based transactions are becoming common via handhelds. Single key based systems may not be able to meet various security requirements. In this paper, we propose a threshold signature scheme based on Pedersen distributed key generation principle which is suitable for handheld devices and adhoc networks. Existing distributed key generation protocols use either cryptosystems based on the hardness of discrete logarithm over a finite field or integer factorization. Elliptic curve cryptosystems provide a promising alternative with efficiency which is suitable for lowpower devices in terms of memory and processing overhead. In the proposed scheme, the public key from the key generation protocol follows a uniform distribution in the elliptic curve additive group, and the signature can be generated and verified efficiently. We evaluated the proposed key generation protocol and signature scheme using PARI/GP, and the key generation time takes a fraction of a second and the signature signing and verifying can be finished in a few milliseconds on the LINUX Intel PXA 255 processor.
USENIX acknowledges all trademarks herein. Offline Delegation
"... reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. ..."
Abstract
 Add to MetaCart
reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper.
ECDKG: A Distributed Key Generation Protocol Based on Elliptic Curve Discrete Logarithm ∗
"... In public key based cryptosystems, key distribution has been a crucial issue of protocol design. Many attack methods are orchestrated by making use of some weakness at the stage of key distribution. In this report, we also propose a distributed key generation protocol based on elliptic curve discret ..."
Abstract
 Add to MetaCart
(Show Context)
In public key based cryptosystems, key distribution has been a crucial issue of protocol design. Many attack methods are orchestrated by making use of some weakness at the stage of key distribution. In this report, we also propose a distributed key generation protocol based on elliptic curve discrete logarithm, called ECDKG. Existing distributed key generation protocols use either cryptosystems based on discrete logarithm over a finite field or Integer factorization as a building block. The secrecy has been proven and the secrecy is as strong as the building block systems. However, there are subexponential algorithms for solving this discrete logarithm problem over a field field and the integer factorization problem. Elliptic curve cryptosystem provides a promising alternative for building a distributed key generation scheme and no known subexponential algorithms solve a general version of the discrete logarithm over an additive group derived from a point on an elliptic curve. Main advantages using this building block include the space and time efficiency and flexibility. We also propose the adaptive version and proactive version of ECDKG. An example on how to use ECDKG on ElGamal based message encryption is also given. We will also address some practical implementation issues.