Results 1  10
of
54
Hardware Implementation of Elliptic Curve Processor over GF(p)
 International Journal of Embedded Systems
, 2003
"... This paper describes a hardware implementation of an arithmetic processor which is efficient for bitlengths suitable for both commonly used types of Public Key Cryptography (PKC), i.e., Elliptic Curve (EC) and RSA Cryptosystems. The processor consists of special operational blocks for Montgomery Mo ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
(Show Context)
This paper describes a hardware implementation of an arithmetic processor which is efficient for bitlengths suitable for both commonly used types of Public Key Cryptography (PKC), i.e., Elliptic Curve (EC) and RSA Cryptosystems. The processor consists of special operational blocks for Montgomery Modular Multiplication, modular addition/substraction, EC Point doubling/addition, modular multiplicative inversion, EC point multiplier, projective to affine coordinates conversion and Montgomery to normal representation conversion.
A VLIW processor with reconfigurable instruction set for embedded applications
 IJSER © 2012 http://www.ijser.org Journal of Scientific & Engineering Research Volume 3, Issue 1, January2012 5 ISSN
, 2003
"... Abstract—This paper describes a new architecture for embedded reconfigurable computing, based on a verylong instruction word (VLIW) processor enhanced with an additional runtime configurable datapath. The reconfigurable unit is tightly coupled with the processor, featuring an applicationspecific ..."
Abstract

Cited by 33 (1 self)
 Add to MetaCart
(Show Context)
Abstract—This paper describes a new architecture for embedded reconfigurable computing, based on a verylong instruction word (VLIW) processor enhanced with an additional runtime configurable datapath. The reconfigurable unit is tightly coupled with the processor, featuring an applicationspecific instructionset extension. Mapping computation intensive algorithmic portions on the reconfigurable unit allows a more efficient elaboration, thus leading to an improvement in both timing performance and power consumption. A test chip has been implemented in a standard 0.18 m CMOS technology. The test of a signal processing algorithmic benchmark showed speedups ranging from 4.3 to 13.5 and energy consumption reduced up to 92%. Index Terms—Energy consumption, fieldprogrammable gate array (FPGA), pipeline, reconfigurable processor. I.
An EndtoEnd Systems Approach to Elliptic Curve Cryptography
 In Cryptographic Hardware and Embedded Systems (CHES
, 2002
"... Since its proposal by Victor Miller [17] and Neal Koblitz [15] in the mid 1980s, Elliptic Curve Cryptography (ECC) has evolved into a mature publickey cryptosystem. Offering the smallest key size and the highest strength per bit, its computational efficiency can benefit both client devices and serv ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
(Show Context)
Since its proposal by Victor Miller [17] and Neal Koblitz [15] in the mid 1980s, Elliptic Curve Cryptography (ECC) has evolved into a mature publickey cryptosystem. Offering the smallest key size and the highest strength per bit, its computational efficiency can benefit both client devices and server machines. We have designed a programmable hardware accelerator to speed up point multiplication for elliptic curves over binary polynomial fields GF (2^m). The accelerator is based on a scalable architecture capable of handling curves of arbitrary field degrees up to m = 255. In addition, it delivers optimized performance for a set of commonly used curves through hardwired reduction logic. A prototype implementation running in a Xilinx XCV2000E FPGA at 66.4 MHz shows a performance of 6987 point multiplications per second for GF(2^163). We have integrated ECC into OpenSSL, today's dominant implementation of the secure Internet protocol SSL, and tested it with the Apache web server and opensource web browsers.
Scan Based Side Channel Attack on Dedicated Hardware Implementations of Data Encryption Standard
 in Proc. of the IEEE Int. Test Conf. (ITC), 2004
, 2004
"... Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. In this paper we show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
(Show Context)
Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. In this paper we show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard (DES). By loading pairs of known plaintexts with onebit difference in the normal mode and then scanning out the internal state in the test mode, we first determine the position of all scan elements in the scan chain. Then, based on a systematic analysis of the structure of the nonlinear substitution boxes, and using three additional plaintexts we discover the DES secret key. Finally, some assumptions in the attack are discussed. 1.
A cryptographic processor for arbitrary elliptic curves over GF(2m
 in: Proceedings of the IEEE International Conference ApplicationSpecific Systems, Architectures, and Processors, ASAP’03, The Hague, The
, 2003
"... ..."
(Show Context)
ApplicationDirected Voltage Scaling
, 2002
"... Clock (and voltage) scheduling is an important technique to reduce the energy consumption of processors that support voltage scaling. It is difficult, however, to achieve good results using only statistics from the OS level when applications show bursty (unpredictable) behavior. We take the approach ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Clock (and voltage) scheduling is an important technique to reduce the energy consumption of processors that support voltage scaling. It is difficult, however, to achieve good results using only statistics from the OS level when applications show bursty (unpredictable) behavior. We take the approach that such applications must be made poweraware and specify their Average Execution Time (AET) and the deadline to the scheduler controlling the clock speed and processor voltage. This paper describes our Energy Priority Scheduling (EPS) algorithm supporting poweraware applications. EPS orders tasks according to how tight their deadlines are and how often tasks overlap. Lowpriority tasks are scheduled first, since they can be easily preempted to accommodate for highpriority tasks later. The EPS algorithm does not always yield the optimal schedule, but has a low complexity. We have implemented EPS on a StrongARMbased variablevoltage platform. We conducted experiments with a modified video decoder that estimates the AET of each frame. Measurements show that applicationdirected voltage scaling reduces processor power consumption with 50% for the bursty video decoder without missing any frame deadlines.
An Elliptic Curve Processor Suitable For RFID Tags
"... RFIDTags are small devices used for identification purposes in many applications nowadays. It is expected that they will enable many new applications and link the physical and the virtual world in the near future. Since the processing power of these devices is low, they are often in the line of re ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
RFIDTags are small devices used for identification purposes in many applications nowadays. It is expected that they will enable many new applications and link the physical and the virtual world in the near future. Since the processing power of these devices is low, they are often in the line of re when their security and privacy is concerned. It is widely believed that devices with such constrained resources can not carry out sufficient cryptographic operations to guarantee security in new applications. In this paper, we show that identification of RFIDTags can reach high security levels. In particular, we show how secure identification protocols based on the DL problem on elliptic curves are implemented on a constrained device such as an RFIDTag requiring between 8,500 and 14,000 gates, depending on the implementation characteristics. We investigate the case of elliptic curves over F2p with p prime and over composite fields F22p. The implementations in this paper make RFIDTags suitable for anticounterfeiting purposes even in the offline setting.
EnergyAware Design Techniques for Differenctial Power Analysis
 Protection,” in Proc. Design Automation Conf
, 2003
"... Differential power analysis is a very effective cryptanalysis technique that extracts information on secret keys by monitoring instantaneous power consumption of cryptoprocessors. To protect against differential power analysis, power supply noise is added in cryptographic computations, at the pric ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Differential power analysis is a very effective cryptanalysis technique that extracts information on secret keys by monitoring instantaneous power consumption of cryptoprocessors. To protect against differential power analysis, power supply noise is added in cryptographic computations, at the price of an increase in power consumption. We present a novel technique, based on wellknown powerreducing transformations coupled with randomized clock gating, that introduces a significant amount of scrambling in the power profile without increasing (and, in some cases, by even reducing) circuit power consumption.
PublicKey Cryptographic Processor for RSA and ECC
 Columbia University
, 2004
"... We describe a generalpurpose processor architecture for accelerating publickey computations on server systems that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients that are likely to be limited in the set of cryptographic algorit ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
We describe a generalpurpose processor architecture for accelerating publickey computations on server systems that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients that are likely to be limited in the set of cryptographic algorithms supported. Flexibility is achieved in that the processor supports multiple publickey cryptosystems, namely RSA, DSA, DH, and ECC, arbitrary key sizes and, in the case of ECC, arbitrary curves over fields GF (p) and GF (2 m). At the core of the processor is a novel dualfield multiplier based on a modified carrysave adder (CSA) tree that supports both GF (p) and GF (2 m). In the case of a 64bit integer multiplier, the necessary modifications increase its size by a mere 5%. To efficiently schedule the multiplier, we implemented a multiplyaccumulate instruction that combines several steps of a multipleprecision multiplication in a single operation: multiplication, carry propagation, and partial product accumulation. We have developed a hardware prototype of the cryptographic processor in FPGA technology. If implemented in current 1.5 GHz processor technology, the processor executes 5,265 RSA1024 op/s and 25,756 ECC163 op/s the given key sizes offer comparable security strength. Looking at future security levels, performance is 786 op/s for RSA2048 and 9,576 op/s for ECC233. 1
Scalable and unified hardware to compute montgomery inverse
 in GF(p) and GF(2 n ),” Cryptographic Hardware and Embedded Systems  CHES 2002, 4th International Workshop
, 2003
"... Abstract. Computing the inverse of a number in finite fields GF(p) or GF(2 n) is equally important for cryptographic applications. This paper proposes a novel scalable and unified architecture for a Montgomery inverse hardware that operates in both GF(p) and GF(2 n) fields. We adjust and modify a GF ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Computing the inverse of a number in finite fields GF(p) or GF(2 n) is equally important for cryptographic applications. This paper proposes a novel scalable and unified architecture for a Montgomery inverse hardware that operates in both GF(p) and GF(2 n) fields. We adjust and modify a GF(2 n) Montgomery inverse algorithm to accommodate multibit shifting hardware, making it very similar to a previously proposed GF(p) algorithm. The architecture is intended to be scalable, which allows the hardware to compute the inverse of long precision numbers in a repetitive way. After implementing this unified design it was compared with other designs. The unified hardware was found to be eight times smaller than another reconfigurable design, with comparable performance. Even though the unified design consumes slightly more area and it is slightly slower than the scalable inverter implementations for GF(p) only, it is a practical solution whenever arithmetic in the two finite fields is needed. 1