Results 1  10
of
28
Compressed Pairings
 In Advances in cryptology – Crypto’2004
, 2004
"... Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit f ..."
Abstract

Cited by 38 (8 self)
 Add to MetaCart
Pairingbased cryptosystems rely on bilinear nondegenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit from the compressed representation to speed up exponentiations involving pairing values, as required in many pairing based protocols.
Fast genus 2 arithmetic based on theta functions
 J.Math.Cryptol.1 (2007), 243–265. MR2372155 (2009f:11156
"... Abstract. In 1986, D. V. Chudnovsky and G. V. Chudnovsky proposed to use formulae coming from Theta functions for the arithmetic in Jacobians of genus 2 curves. We follow this idea and derive fast formulae for the scalar multiplication in the Kummer surface associated to a genus 2 curve, using a Mon ..."
Abstract

Cited by 20 (6 self)
 Add to MetaCart
Abstract. In 1986, D. V. Chudnovsky and G. V. Chudnovsky proposed to use formulae coming from Theta functions for the arithmetic in Jacobians of genus 2 curves. We follow this idea and derive fast formulae for the scalar multiplication in the Kummer surface associated to a genus 2 curve, using a Montgomery ladder. Our formulae can be used to design very efficient genus 2 cryptosystems that should be faster than elliptic curve cryptosystems in some hardware configurations.
RFIDtags for AntiCounterfeiting
 Topics in Cryptology  CTRSA 2006, volume 3860 of LNCS
, 2006
"... Abstract. RFIDtags are becoming very popular tools for identification of products. As they have a small microchip on board, they offer functionality that can be used for security purposes. This chip functionality makes it possible to verify the authenticity of a product and hence to detect and prev ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
Abstract. RFIDtags are becoming very popular tools for identification of products. As they have a small microchip on board, they offer functionality that can be used for security purposes. This chip functionality makes it possible to verify the authenticity of a product and hence to detect and prevent counterfeiting. In order to be successful for these security purposes too, RFIDtags have to be resistant against many attacks, in particular against cloning of the tag. In this paper, we investigate how an RFIDtag can be made unclonable by linking it inseparably to a Physical Unclonable Function (PUF). We present the security protocols that are needed for the detection of the authenticity of a product when it is equipped with such a system. We focus on offline authentication because it is very attractive from a practical point of view. We show that a PUF based solution for RFIDtags is feasible in the offline case.
Sign Change Fault Attacks on Elliptic Curve Cryptosystems
 Fault Diagnosis and Tolerance in Cryptography 2006 (FDTC ’06), volume 4236 of Lecture Notes in Computer Science
, 2004
"... We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to out ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.
Binary Edwards Curves
"... Abstract. This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Abstract. This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases. If n ≥ 3 then the complete curves cover all isomorphism classes of ordinary elliptic curves over F2 n. This paper also presents dedicated doubling formulas for these curves using 2M + 6S + 3D, where M is the cost of a field multiplication, S is the cost of a field squaring, and D is the cost of multiplying by a curve parameter. These doubling formulas are also the first complete doubling formulas in the literature, with no exceptions for the neutral element, points of order 2, etc. Finally, this paper presents complete formulas for differential addition, i.e., addition of points with known difference. A differential addition and doubling, the basic step in a Montgomery ladder, uses 5M + 4S + 2D when the known difference is given in affine form.
XTR Implementation on Reconfigurable Hardware
 of Lecture Notes in Computer Science
, 2004
"... Abstract. Recently, Lenstra and Verheul proposed an efficient cryptosystem called XTR. This system represents elements of F ∗ p6 with order dividing p 2 − p + 1 by their trace over Fp2. Compared with the usual representation, this one achieves a ratio of three between security size and manipulated d ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. Recently, Lenstra and Verheul proposed an efficient cryptosystem called XTR. This system represents elements of F ∗ p6 with order dividing p 2 − p + 1 by their trace over Fp2. Compared with the usual representation, this one achieves a ratio of three between security size and manipulated data. Consequently very promising performance compared with RSA and ECC are expected. In this paper, we are dealing with hardware implementation of XTR, and more precisely with Field Programmable Gate Array (FPGA). The intrinsic parallelism of such a device is combined with efficient modular multiplication algorithms to obtain effective implementation(s) of XTR with respect to time and area. We also compare our implementations with hardware implementations of RSA and ECC. This shows that XTR achieves a very high level of speed with small area requirements: an XTR exponentiation is carried out in less than 0.21 ms at a frequency beyond 150 MHz.
Superscalar coprocessor for highspeed curvebased cryptography
 Cryptographic Hardware and Embedded Systems (CHES’06), number 4249 in Lecture Notes in Computer Science
, 2006
"... Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocesso ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocessor can fully utilize the superscalar feature. The implementation results show that scalar multiplication of Elliptic Curve Cryptography (ECC) over GF(2 163), Hyperelliptic Curve Cryptography (HECC) of genus 2 over GF(2 83) and ECC over a composite field, GF((2 83) 2)can be improved by a factor of 1.8, 2.7 and 2.5 respectively compared to the case of a basic singlescalar architecture. This speedup is achieved by exploiting parallelism in curvebased cryptography. The coprocessor deals with a single instruction that can be used for all field operations such as multiplications and additions. In addition, this instruction only allows one to compute point/divisor operations. Furthermore, we provide also a fair comparison between the three curvebased cryptosystems.
Multicore curvebased cryptoprocessor with reconfigurable modular arithmetic logic units over GF(2 n
 IEEE Transactions on Computers
"... Abstract—This paper presents a reconfigurable curvebased cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GFð2nÞ. By allocating copies of processing cores that embed reconfigurable Modular Arithme ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract—This paper presents a reconfigurable curvebased cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GFð2nÞ. By allocating copies of processing cores that embed reconfigurable Modular Arithmetic Logic Units (MALUs) over GFð2nÞ, the scalar multiplication of ECC/HECC can be accelerated by exploiting InstructionLevel Parallelism (ILP). The supported field size can be arbitrary up to ðn þ 1Þ 1. The superscaling feature is facilitated by defining a single instruction that can be used for all field operations and point/divisor operations. In addition, the cryptoprocessor is fully programmable and it can handle various curve parameters and arbitrary irreducible polynomials. The cost, performance, and security tradeoffs are thoroughly discussed for different hardware configurations and software programs. The synthesis results with a 0:13 m CMOS technology show that the proposed reconfigurable cryptoprocessor runs at 292 MHz, whereas the field sizes can be supported up to 587 bits. The compact and fastest configuration of our design is also synthesized with a fixed field size and irreducible polynomial. The results show that the scalar multiplication of ECC over GFð2163Þ and HECC over GFð283Þ can be performed in 29 and 63 s, respectively. Index Terms—Multiprocessor systems, processor architectures, reconfigurable hardware, arithmetic and logic units, public key cryptosystems. Ç 1
Horizontal correlation analysis on exponentiation
 In ICICS 2010, volume 6476 of LNCS
, 2010
"... Abstract. We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and succe ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and success will depend on the arithmetic coprocessor characteristics. We present the theory of the attack with some practical successful results on an embedded device and analyze the efficiency of classical countermeasures with respect to our attack. Our technique, which uses a single exponentiation curve, cannot be prevented by exponent blinding. Also, contrarily to the Big Mac attack, it applies even in the case of regular implementations such as the square and multiply always or the Montgomery ladder. We also point out that DSA and DiffieHellman exponentiations are no longer immune against CPA. Then we discuss the efficiency of known countermeasures, and we finally present some new ones.
Design methods for Security and Trust
"... The design of ubiquitous and embedded computers focuses on cost factors such as area, powerconsumption, and performance. Security and trust properties, on the other hand, are often an afterthought. Yet the purpose of ubiquitous electronics is to act and negotiate on their owner’s behalf, and this m ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
The design of ubiquitous and embedded computers focuses on cost factors such as area, powerconsumption, and performance. Security and trust properties, on the other hand, are often an afterthought. Yet the purpose of ubiquitous electronics is to act and negotiate on their owner’s behalf, and this makes trust a firstorder concern. We outline a methodology for the design of secure and trusted electronic embedded systems, which builds on identifying the securesensitive part of a system (the rootoftrust) and iteratively partitioning and protecting that rootoftrust over all levels of design abstraction. This includes protocols, software, hardware, and circuits. We review active research in the area of secure design methodologies. 1