Thomas Wollinger Chair for Communication Chair for Communication Security Security Ruhr Ruhr - - University of Bochum University of Bochum www.crypto.rub.de www.crypto.rub.de [email protected][email protected]Hardware Implementation Hardware Implementation of Hyperelliptic Curve of Hyperelliptic Curve Cryptosystems Cryptosystems Scuola Scuola Loretto Loretto Incisa Incisa , Italia , Italia www www .wollinger.org .wollinger.org [email protected][email protected]
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Thomas Wollinger
Chair for Communication Chair for Communication SecuritySecurity
RuhrRuhr--University of BochumUniversity of Bochumwww.crypto.rub.dewww.crypto.rub.de
• Genus 2 HECC over GF(289) & group operation introduced in [Lange 2003, Pelzl et al. 2004]• Xilinx Virtex II FPGA (XC2V4000 ff1517-6)• Digit-Multiplier D=32
Thomas Wollinger, ECC 2004
How do our results compare to previous How do our results compare to previous HECC/ECC coprocessors?HECC/ECC coprocessors?
Thomas Wollinger, ECC 2004
Results: LatencyResults: Latency
0
500
1000
1500
2000
Type1 Type 2 Type 3 Type1 Type 2 Type 3 Elias04
us
2^1782^226
affine projectiveUnlimited HW ⇒ faster cryptosystem ⇒ AT product Xilinx Virtex II FPGA (XC2V4000ff1517-6)
Xilinx Virtex II FPGA (XC2V4000ff1517-6)Normalized to the best AT product
affine projective
0,00
2,00
4,00
6,00
8,00
10,00
12,00
Type1 Type 2 Type 3 Type1 Type 2 Type 3 Elias04
2^1782^226
Thomas Wollinger, ECC 2004
ECC ECC versusversus HECC on FPGA HECC on FPGA ((groupgroup order order ≈≈22160160))
415
629
143
0
100
200
300
400
500
600
700
Affine/Type 1 Projective/Type 3 ECC [Gura03]
us
LatencyLatency
1,10
1,00
0,57
0,00
0,20
0,40
0,60
0,80
1,00
1,20
Affine/Type 1 Projective/Type 3 ECC [Gura03]
Area-Time Product
Thomas Wollinger, ECC 2004
Conclusion: HECC on FPGAConclusion: HECC on FPGA
• First FPGA implementation using affine explicit formulae• Comparison between HECC coprocessor using
projective and affine coordinates.• 64% better latency compared to [Elias et al. 2004] • 72% smaller area compared to [Elias et al. 2004]• Best AT-product for HECC implementation (13 times
better than [Elias et al. 2004]) • More work to be done to improve HECC on FPGA• further reading: [Wollinger 2004, Kim at al. 2004]
Thomas Wollinger, ECC 2004
ReferencesReferences
Boston N., Clancy T., Liow Y., Webster J., 2002. Genus Two Hyperelliptic Curve Coprocessor. B. S. Kaliski, C . K. Koc, and C. Paar, Ed. Cryptographic Hardware and Embedded Systems -CHES 2002, LNCS 2523, 529 - 539. Springer-Verlag, 2002. Updated version available at http://www.cs.umd.edu/∼clancy/docs/hec-ches2002.pdf.
Clancy T., 2002. Analysis of FPGA-based Hyperelliptic Curve Cryptosystems. Master's thesis, University of Illinois Urbana-Champaign.
Clancy T., 2003. FPGA-Based Hyperelliptic Curve Cryptosystems.invited paper presented at AMS Central Section Meeting, April 2003.
Elias G., Miri A., Hin Yeap T., 2004. High-Performance, FPGA-Based Hyperelliptic Curve Cryptosystems. In The Proceeding of the 22nd Biennial Symposium on Communications.
Thomas Wollinger, ECC 2004
ReferencesReferences
Gura N., Chang S., Eberle H., Sumit G., Gupta V., FinchelsteinD., Goupy E., Stebila D., 2001. An End-to-End Systems Approach to Elliptic Curve Cryptography. In C. K. Koc and C. Paar, Ed., Cryptographic Hardware and Embedded Systems -CHES 2001, LNCS1965, 351 - 366. Springer-Verlag, Berlin.
Kim H., Wollinger T., Choi Y., Chung K., and Paar C., 2004. Hyperelliptic Curve Coprocessors on a FPGA. Workshop on Information Security Applications – WISA. LNCS Springer Verlag, Berlin.
Lange T., 2003. Formulae for Arithmetic on Genus 2 Hyperelliptic Curves. September 2003. http://www.ruhr-uni-bochum.de/itsc/tanja/preprints/expl_sub.pdf.
Pelzl J., Wollinger T., Paar C., 2004. High Performance Arithmetic for Special Hyperelliptic Curve Cryptosystems of Genus Two. In International Conference on Information Technology: Coding and Computing – ITCC 2004. IEEE Computer Society.
Thomas Wollinger, ECC 2004
ReferencesReferences
Theriault N., 2003. Index calculus attack for hyperelliptic curves of small genus. In G. Goos, J. Hartmanis, and J. van Leeuwen, Ed., Advances in Cryp- tology - ASIACRYPT '03. LNCS 2894, 79 – 92. Springer Verlag, Berlin.
Wollinger T., 2001. Computer Architectures for Cryptosystems Based on Hyperelliptic Curves. Master's thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA, May 2001.
Wollinger T., Paar C., 2002. Hardware Architectures proposed for Cryptosystems Based on Hyperelliptic Curves. In Proceedings of the 9th IEEE International Conference on Electronics, Circuits and Systems – ICECS 2002, volume III, 1159 - 1163.
Wollinger T., 2004. Software and Hardware Implementation of Hyperelliptic Curve Cryptosystems. PhD thesis, Department of Electrical Engineering and Information Sciences, Ruhr-Universität Bochum, Bochum, Germany.