### Table 1: Behavior of protected cryptosystem in the occurrence of a fault attack.

"... In PAGE 5: ... During simulation faults were injected in registers L, R and their replicas, and in the inputs of the the main proces- sor. Table1 summarizes our experimental results. Our fault injection campaign has demonstrated that the proposed so- lution allows the detection and correction of all transient faults inside the f function.... ..."

### Table 1: Behavior of protected cryptosystem in the occurrence of a fault attack.

"... In PAGE 7: ... During simulation, faults were injected in reg- isters L, R, their replicas, and in the inputs of the main processor. Table1 summarizes our experimental results. Our fault injection campaign has demonstrat- ed that the proposed solution allows the detection and correction of all transient faults inside the f function.... ..."

### Table 11. Success rates against the real cryptosystem

"... In PAGE 13: ... Our experiments showed that the best attack out of those suggested in this paper is the one looking for equivalent solutions (Algorithm 2), while avoiding repetitions and using memory. Table11 shows the results for the normal form length function. Table 11.... ..."

### Table 11. Success rates against the real cryptosystem

"... In PAGE 13: ... Our experiments showed that the best attack out of those suggested in this paper is the one looking for equivalent solutions (Algorithm 2), while avoiding repetitions and using memory. Table11 shows the results for the normal form length function. Table 11.... ..."

### Table 1. Equivalent key size for some cryptosystems.

"... In PAGE 1: ... Due to expected advances in cryptanalysis and increases in available computing power, both private and public key sizes must grow over time to offer acceptable security. Table1 [NIST00], [Blake03] shows expected key-size growth for various private and public-key cryptosystems: Elliptic Curve Cryptography has attracted attention due to the reduced key size at equivalent levels. Table 1.... In PAGE 2: ... The security of ECC lies in the fact that given P and Q = kP , it is hard to find k; this problem has similar difficulty as solving discrete logarithm in integer fields, although at the time being this operation seems harder in elliptic curve groups. Consequently, the same level of security is obtained with smaller key sizes compared with standard public-key methods ( Table1 ). While it is possible to carry out a brute force approach of computing all multiples of P to find Q, by choosing to operate over a large field, for instance binary field GF(2163), k is so large that it becomes infeasible to determine k this way.... In PAGE 5: ... In Table 7, static and dynamic figures for standard cryptography algorithms (dh, dssign, dsverify, rsa, elg) and their ECC equivalent (ec-dh, ec- sign, ec-verify, ec-elg) are reported. We considered operations involving same level of security by choosing an appropriate key length, as discussed in Introduction (see Table1 ): 1024 bits for standard public-key cryptography, 192 bits for prime field based ECC, and 163 bits for binary field based ECC. In our characterization, we also included the MiBench/Security suite, in order to provide a direct comparison with a widely known benchmark suite in our experimental setup.... In PAGE 6: ... II) If the constraints of our system design require a slower (lower-power) main memory, the stall time due to memory access could be even higher (Figure 4, right portion, where main memory latency is 96 cycles). Another interesting comparison is between ECC methods working on 163 bits and those working on 571 bits (for binary field; in the case of prime field this numbers are respectively 192 and 521, see Table1 ). As we can see (Figures 4, 5, 6), the importance of memory stall and thus the importance of appropriate caches is more relevant in the case of binary field rather than in the case of prime field.... ..."

### Table 2 Synthesized results of the 160-bit elliptic curve cryptosystem LSI. com. noncom. total delay mult. operation

2006

"... In PAGE 5: ... (1), (2). In Table2 , we show the synthesized results of the val- ues of area, delay, configuration of multipliers, and oper- ation time. In Table 2, com.... In PAGE 5: ...urves only have to satisfy the Eqs. (1), (2). In Table 2, we show the synthesized results of the val- ues of area, delay, configuration of multipliers, and oper- ation time. In Table2 , com. area is the size of operating unit and noncom.... In PAGE 5: ...9% area overhead compared to the LSI embedding a 8-bit word-based Mont- gomery multiplier. In Table2 , delay means a critical path delay. The op- eration cycle counts can be reduced by increasing the word size of multipliers, but the delay becomes longer, and thus, the operating frequency becomes lower.... In PAGE 5: ... The op- eration cycle counts can be reduced by increasing the word size of multipliers, but the delay becomes longer, and thus, the operating frequency becomes lower. In Table2 , operation time means the time of a 160-bit point multiplication. All LSIs in Table 2 operate at their own maximum operating frequency.... In PAGE 5: ... In Table 2, operation time means the time of a 160-bit point multiplication. All LSIs in Table2 operate at their own maximum operating frequency. The high-speed design us-... ..."

### Table 2.1: Analogies between Discrete Logarithm and Elliptic Curve Cryptosystems

1999

### Table X.6: GF(2m) elliptic curve cryptosystem hardware comparison

### Table 1: A comparison of public-key cryptosystems [16].

2004

"... In PAGE 2: ... The relative difficulty of solving that problem determines the security strength of the corre- sponding system. Table1 summarizes three types of well known public-key cryptosystems. As shown in the last column, RSA, Diffie-Hellman and DSA can all be attacked using sub-exponential algorithms, but the best known attack on ECC requires exponential time.... ..."

Cited by 11

### Table 5.5.1 Minimum key size for elliptic curve cryptosystems providing a su cient level of security [33].

2003