Results 1  10
of
101
Anonymous connections and onion routing
 IEEE Journal on Selected Areas in Communications
, 1998
"... Abstract—Onion routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routing’s anonymous connections are bidirectional, near realtime, and can be used anywhere a s ..."
Abstract

Cited by 358 (18 self)
 Add to MetaCart
(Show Context)
Abstract—Onion routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routing’s anonymous connections are bidirectional, near realtime, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear different to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxyaware applications, such as web browsers and email clients, require no modification to use onion routing, and do so through a series of proxies. A prototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their implementation using onion routing. This paper also describes several application proxies for onion routing, as well as configurations of onion routing networks. Index Terms—Anonymity, communications, Internet, privacy, security, traffic analysis.
Anonymous connections and Onion Routing
 In IEEE Symposium on Security and Privacy
, 1997
"... ..."
(Show Context)
High radix Montgomery modular exponentiation on reconfigurable hardware
 IEEE Transactions on Computers
, 2001
"... ..."
(Show Context)
A Scalable Architecture for Modular Multiplication Based on Montgomery's Algorithm
 IEEE TRANSACTIONS ON COMPUTERS
, 2003
"... This paper presents a scalable architecture for the computation of modular multiplication, based on the Montgomery multiplication (MM) algorithm. A wordbased version of MM is presented and used to explain the main concepts in the hardware design. The proposed multiplier is able to work with any pr ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
(Show Context)
This paper presents a scalable architecture for the computation of modular multiplication, based on the Montgomery multiplication (MM) algorithm. A wordbased version of MM is presented and used to explain the main concepts in the hardware design. The proposed multiplier is able to work with any precision of the input operands, limited only by memory or control constraints. Its architecture gives enough freedom to select the word size and the degree of parallelism to be used, according to the available area and/or desired performance. Design trade offs are analyzed in order to identify adequate hardware configurations for a given area or bandwidth requirement.
Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x Family of Microcontrollers
, 2001
"... This contribution describes a methodology used to efficiently implement elliptic curves (EC) over GF (p) on the 16bit TI MSP430x33x family of lowcost microcontrollers. We show that it is possible to implement EC cryptosystems in highly constrained embedded systems and still obtain acceptable perfo ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
(Show Context)
This contribution describes a methodology used to efficiently implement elliptic curves (EC) over GF (p) on the 16bit TI MSP430x33x family of lowcost microcontrollers. We show that it is possible to implement EC cryptosystems in highly constrained embedded systems and still obtain acceptable performance at low cost. We modified the EC point addition and doubling formulae to reduce the number of intermediate variables while at the same time allowing for flexibility. We used a GeneralizedMersenne prime to implement the arithmetic in the underlying field. We take advantage of the special form of the moduli to minimize the number of precomputations needed to implement inversion via Fermat's Little theorem and the kary method of exponentiation. We apply these ideas to an implementation of an elliptic curve system over GF (p), where p = 2 128  2 97  1. We show that a scalar point multiplication can be achieved in 3.4 seconds without any stored/precomputed values and...
Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m)
 CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS — CHES 2004
, 2004
"... Abstract. Instruction set extensions are a small number of custom instructions specifically designed to accelerate the processing of a given kind of workload such as multimedia or cryptography. Enhancing a generalpurpose RISC processor with a few applicationspecific instructions to facilitate the ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
Abstract. Instruction set extensions are a small number of custom instructions specifically designed to accelerate the processing of a given kind of workload such as multimedia or cryptography. Enhancing a generalpurpose RISC processor with a few applicationspecific instructions to facilitate the inner loop operations of publickey cryptosystems can result in a significant performance gain. In this paper we introduce a set of five custom instructions to accelerate arithmetic operations in finite fields GF(p) and GF(2^m). The custom instructions can be easily integrated into a standard RISC architecture like MIPS32 and require only little extra hardware. Our experimental results show that an extended MIPS32 core is able to perform an elliptic curve scalar multiplication over a 192bit prime field in 36 msec, assuming a clock speed of 33 MHz. An elliptic curve scalar multiplication over the binary field GF(2^191) takes only 21 msec, which is approximately six times faster than a software implementation on a standard MIPS32 processor.
Nonlinear residue codes for robust publickey arithmetic
 In Proc. 3rd Workshop on Fault Tolerance and Diagnosis in Cryptography (FTDC
, 2006
"... Abstract. We present a scheme for robust multiprecision arithmetic over the positive integers, protected by a novel family of nonlinear arithmetic residue codes. These codes have a very high probability of detecting arbitrary errors of any weight. Our scheme lends itself well for straightforward i ..."
Abstract

Cited by 18 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We present a scheme for robust multiprecision arithmetic over the positive integers, protected by a novel family of nonlinear arithmetic residue codes. These codes have a very high probability of detecting arbitrary errors of any weight. Our scheme lends itself well for straightforward implementation of standard modular multiplication techniques, i.e. Montgomery or Barrett Multiplication, secure against active fault injection attacks. Due to the nonlinearity of the code the probability of detecting an error does not only depend on the error pattern, but also on the data. Since the latter is not usually known to the adversary a priori, a successful injection of an undetected error is highly unlikely. We give a proof of the robustness of these codes by providing an upper bound on the number of undetectable errors.
EnergyEfficient Software Implementation of Long Integer Modular Arithmetic
 CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS  CHES 2005
, 2005
"... This paper investigates performance and energy characteristics of software algorithms for long integer arithmetic. We analyze and compare the number of RISClike processor instructions (e.g. singleprecision multiplication, addition, load, and store instructions) required for the execution of differ ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
This paper investigates performance and energy characteristics of software algorithms for long integer arithmetic. We analyze and compare the number of RISClike processor instructions (e.g. singleprecision multiplication, addition, load, and store instructions) required for the execution of different algorithms such as Schoolbook multiplication, Karatsuba and Comba multiplication, as well as Montgomery reduction. Our analysis shows that a combination of KaratsubaComba multiplication and Montgomery reduction (the socalled KCM method) allows to achieve better performance than other algorithms for modular multiplication. Furthermore, we present a simple model to compare the energyefficiency of arithmetic algorithms. This model considers the clock cycles and average current consumption of the base instructions to estimate the overall amount of energy consumed during the execution of an algorithm. Our experiments, conducted on a StrongARM SA1100 processor, indicate that a 1024bit KCM multiplication consumes about 22% less energy than other modular multiplication techniques.
HighSpeed Implementation of an ECCbased Wireless Authentication Protocol on an
 ARM Microprocessor”, IEE Pro.: Comms, Oct
, 2001
"... In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) onan80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm ( ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
(Show Context)
In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) onan80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm (ECDSA). We implemented the ECDSA and a recently proposed ECCbased wireless authentication protocol using the library. Our timing results show that the 160bit ECDSA signature generation and verification operations take around 46 ms and 94 ms, respectively. With these timings, the execution of the ECCbased wireless authentication protocol takes around 140 ms on the ARM7TDMI processor, which is a widely used, lowpower core processor for wireless applications. 1
On software parallel implementation of cryptographic pairings
 In Selected Areas in Cryptography – SAC 2008, number 5381 in Lecture Notes in Computer Science
, 2008
"... Abstract. A significant amount of research has focused on methods to improve the efficiency of cryptographic pairings; in part this work is motivated by the wide range of applications for such primitives. Although numerous hardware accelerators for pairing evaluation have used parallelism within ext ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Abstract. A significant amount of research has focused on methods to improve the efficiency of cryptographic pairings; in part this work is motivated by the wide range of applications for such primitives. Although numerous hardware accelerators for pairing evaluation have used parallelism within extension field arithmetic to improve efficiency, similar techniques have not been examined in software thus far. In this paper we focus on parallelism within one pairing evaluation (intrapairing), and parallelism between different pairing evaluations (interpairing). We identify several methods for exploiting such parallelism (extending previous results in the context of ECC) and show that it is possible to accelerate pairing evaluation by a significant factor in comparison to a naive approach. 1