An Inverter Architecture for ECC-GF(2m) Based on the Stein

1
An Inverter Architecture for ECC-GF(2m)Based on
theSteins Algorithm
2
Objectives

• To present the development of a modular inverter
  for elliptic curves, implemented by programmable
  circuit
• To show the viability to implement this inverter
  by combinatorial circuit
• To talk about the difficulties found during the
  development of the inverter
• To explain the solutions found to allow the
  development of the inverter.

3
Justifications

• The interest about digital circuits
• The today importance of projects that work with
  cryptography implemented by hardware
• The need to create a device in order to increase
  the performance of programs that work with
  asymmetric cryptography
• Challenges speed X area
• combinatorial circuits X affine coordinates.

4
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

5
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

6
Introduction

• Information
• QS (symmetric cryptography)
• QP and k (asymmetric cryptography)
• Q kP
• 2P and P doubling and addition of P
• , , x2, mod, x-1 finite field arithmetic.

7
A Key-Exchange Example

• cli the client side of the communication
• serv the server side of the communication
• P an element previously chosen by cli and serv
• k a private key
• QP a public key
• QS a secret key
• Q and P are elements of the same type.

8
Key-Exchange

• The cli generates at random an integer number
  kcli
• The serv generates at random an integer number
  kserv
• The cli calculates QPcli kcli P
• The serv calculates QPserv kserv P
• The cli sends QPcli to the serv
• The serv sends QPserv to the cli
• The cli calculates QS kcli QPserv
• The serv calculates QS kserv QPcli.

9
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

10
Elliptic Curves

• They are represented by the equation
• y2 xy x3 ax2 b
• for which
• x and y represent the point coordinates
• a and b define an elliptic curve over GF(2m).

11
The Main Operation of the Elliptic Curve
Algorithms

• Q kP
• for which
• k is an integer number
• P is an elliptic curve point of coordinates x and
  y
• Q is an elliptic curve point of coordinates x and
  y
• P(Px,Py) and Q(Qx,Qy) are points represented by
  affine coordinates and polynomial basis.

12
Double-and-Add Algorithm
Q 10P 1010 gt ((2P)2P)2 gt 10P Q
17P 10001 gt (((2P)2)2)2P gt 17P
13
Point Doubling

• S PX ((PY) / (PX)) mod p
• QX (S2 S a) mod p
• QY (S(PX QX) PY QX) mod p

14
Point Addition

• S ((PY PY) / (PX PX)) mod p
  
• QX (S2 S PX PX a) mod p
• QY (S(PX QX) PY QX) mod p

15
Comparison BetweenDoublings . and Additions .

• S Px (Py / Px) mod p.
• S ((Py Py) / (Px Px)) mod p.
• Qx (S2 S a) mod p.
• Qx (S2 S Px Px a) mod p.
• Qy (S(Px Qx) Py Qx) mod p.
• Qy (S(Px Qx) Py Qx) mod p.

16
Unification of the Equations

• S F ((G PY) / (H PX)) mod p
• QX (S2 S PX PX a) mod p
• QY (S(PX QX) PY QX) mod p

17
Attribution of Values

• Point Doubling
• F PX
• G 0
• H 0.

• Point Addition
• F 0
• G PY
• H PX.

18
Finite Field Arithmetic

• Sum
• Multiplication
• Module
• Squaring
• Modular Inversion.

19
Unification of the Equations

• S F ((G PY) / (H PX)) mod p
• QX (S2 S PX PX a) mod p
• QY (S(PX QX) PY QX) mod p

20
Optimization of the Equations

• S F ((G PY) (H PX)-1) mod p
• QX (S2 S PX PX a) mod p
• QY (S(PX QX) PY QX) mod p

21
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

22
Modular Division Methods

• Gaussian Elimination
• Fermats Theorem
• MDC (Euclides or Stein).

23
The Steins Algorithm

• (A, B, U, V) ? (Px, p, 1, 0)
• while A ! 0 and B ! 1
• if A0 1
• if deg(A) gt deg(B)
• (A, B) ? (A B, U V)
• else
• (A, B, U, V) ? (A B, A, U V, U)
• endif
• endif
• (A, U) ? (A / 2, (U / 2) mod p)
• endwhile

24
The Steins Algorithm Optimized

• (A, B, U, V, DCC, Flag, slice) ? (Px, p, 1, 0,
  2, 1, 2m-1)
• while slice gt 0
• if A0 1
• if Flag 1 and DCC0 0
• (A, B, U, V, Flag) ? (A B, A, U
  V, U, 0)
• else
• (A, B) ? (A B, U V)
• endif
• endif
• (A, U) ? (A / 2, (U / 2) mod p)
• if Flag 0 and DCC0 0
• DCC ? DCC / 2
• else
• (DCC, Flag) ? ((DCC 2), 1)
• endif
• slice ? slice -1
• endwhile

25
FLAG and AUX handling
26
DCC handling
27
A handling
28
U handling
29
B handling
30
V handling
31
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

32
A combinatorial Circuit forPoint Doubling and
Point Addition
Modular Inversion
Other Operations
Qx
Px
Px
Qy
Py
33
Unification of the Equations

• S F ((G PY) (H PX)-1) mod p
• QX (S2 S PX PX a) mod p
• QY (S(PX QX) PY QX) mod p

34
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

35
The Cryptosystem
CPU
PC-board
Other Operations
Modular Inversion
EP2S180F1020C4
EP2S90F1508C3
Registers
Key-Exchange Example
P
P
Px
Qx
S
Px
Qy
PC Bus
36
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

37
General Results
Finite Field Number of Pins Number of Slices Number of LUTs Circuit Delay (ns) Compilation Time (ddhhmmss)
113 229 225 60,361 324 01184119
131 265 261 82,082 374 03045136
163 329 325 128,265 491 10033141
38
Modular Inversion Time for Different
Implementations
Implementations Modular Inversion Time (µs)
Ext. Euclides 2.509
Itho-Tsujii 0.760
Our Inverter 0.490
39
Scalar Multiplication Time for Different
Implementations
Implementation Software or Hardware Finite Field Plataform Q kP (ms)
Montgomery LD99 Software GF(2163) UltraSparc 64-bit 13,5
Almost Inv. SOOS95 Software GF(2155) DEC Alpha 64-bit 7,8
ASIC Coprocessor AMV93 Hardware GF(2155) VLSI 3,9 est.
FPGA Coprocessor SES98 Hardware GF(2155) Xilinx FPGA XC4020XL 18,4 est.
ECP OP00 Hardware GF(2167) Xilinx FPGA XCV400E 0,21
Montgomery EGSG03 Software GF(2163) Sun FireTM280R Server 3,11
Cryptographic Processor EGSG03 Hardware GF(2163) Xilinx FPGA Virtex-II XCV2000E-7 0,14
Our Cryptosystem Hardware GF(2163) Altera FPGAs Stratix II EP2S180F1020C4 and EP2S90F1508C3 0,1
40
Results of Our Key-Exchange Example
Finite Field Our Key-Exchange Example Our Key-Exchange Example
Finite Field Without our cryptosystem (s) With our cryptosystem (µs)
113 1 125
131 2 161
163 5 244
41
Summary

• Introduction
• ECC-GF(2m)
• A combinatorial Circuit for Modular Inversion
• A combinatorial Circuit for Point Doubling and
  Point Addition
• A Cryptosystem Implemented by Programmable
  Circuits
• Results
• Conclusions.

42
Conclusions

• The Objectives was successfully achieved
• High performance to the detriment of a small
  area
• High-speed and high-density combinatorial
  circuits
• Our inverter and cryptosystem were made valid
• Our cryptosystem allows high frequency of key
  exchange.

43
The End