Power Consumption Analysis. Arithmetic Level Countermeasures for ECC Coprocessor. Arithmetic Operators for Cryptography.
|
|
- Elmer Goodman
- 6 years ago
- Views:
Transcription
1 Power Consumption Analysis General principle: measure the current I in the circuit Arithmetic Level Countermeasures for ECC Coprocessor Arnaud Tisserand, Thomas Chabrier, Danuta Pamula I V DD circuit traces CNRS, IRISA laboratory, CAIRN research team Claude Shannon Institute Workshop on Coding & Cryptography May 7-8,, UCC GND Simple Power Analysis Differential Power Analysis Correlation Power Analysis Template Attacks... Notations: V DD power supply (5,,.5,.,.9 V), GND ground Similar attacks: electromagnetic radiations (EMR) and timing analysis A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 Countermeasures Prevent attacks by using: additional protection block(s) modification(s) of the original circuit (i.e. secure version) Examples: electrical shielding use uniform computation durations use uniform power consumption add noise (e.g. useless instructions/computations) circuit reconfiguration at runtime modify the datapath modify the representation of values modify the computation algorithms Our solution: arithmetic level protection(s) Arithmetic Operators for Cryptography Values are elements of: prime finite field F p (p is a large prime) extensions of the binary field F m extensions of small fields F p m (e.g.: p = ) Typical sizes for public-key cryptography: RSA = 4 to 89 bits ECC = 6 to 6 bits Operations: addition, subtraction multiplication multiplication by a constant inversion exponentiation A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 4/4
2 Inputs: Output : Algorithm: (A + B) mod M = Addition Modulo M A, B {,,,,..., M } M (A + B) mod M { A + B A + B M MSB if A + B < M if A + B M Addition Modulo n Inputs: A, B {,,,,..., n } Output: (A + B) mod ( n ) Basic method: A + B if A + B < n (A + B) mod ( n ) = A + B ( n ) if A + B n }{{} A+B+ A + B M A B Problem: the test A + B n is costly A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 5/4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 6/4 Addition Modulo n : improved version Activity in F p Arithmetic Operators (/) (A + B) mod ( n ) = { A + B A + B + if A + B + < n if A + B + n a + b A a b B c out a + cst a and b are random elements of F p, cst is a constant (curve parameter) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 7/4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 8/4
3 Activity in F p Arithmetic Operators (/).. l=5 l=6.. Modular Exponentiation for RSA Algorithm: square and multiply l= l=9.. l=8 64 l= Activity profiles for l-bit windows (same transitions for all the bits of the window) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 9/4 I n p u t s : x, d = (d m... d d ) Output : y = x d R i m while (i ) do 4 R R square 5 i f (d i = ) then 6 R R x multiply 7 e n d i f 8 i i 9 endwhile return R A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 Attack: SPA Difference at each loop iteration: Square and multiply is Weak! d i = = square and multiply d i = = square only Trace example: Differences & External Signature An algorithm has a current signature and a time signature: r = c f o r i from to n do i f a i = then r = r + c e l s e r = r c T T + T I t A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 I + I i a i t A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4
4 SPA Countermeasure: Square and multiply always I n p u t s : x, d = (d m... d d ) Output : y = x d R i m while (i ) do 4 R R square 5 R R x multiply 6 i f (d i = ) then 7 R R 8 e l s e 9 R R e n d i f i i endwhile return R This is the main operation for ECC ECC: Scalar Multiplication Inputs: P a point of the curve E, a large integer k = n i= k i i Output: the point Q = [k]p = P + P + P P }{{} k times Basic algorithm: double-and-add : Q P : for i from n- to do : Q P 4: if k i = then Q Q + P Same problem: weak for SPA! A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 4/4 Countermeasure: Key Recoding Recoding: w-naf (non-adjacent form) With n k = k i i, k i {, } i= use k with digits in windows of w bits Example: k i < w k = 67 = ( ) ( ) NAF ( ) NAF ( 5 ) 4 NAF ( ) 5 NAF Cost: n DBL and n w+ ADD Notation: d = d where d is a digit A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 5/4 Addition Chains (PhD thesis of Nicolas Méloni) In scalar multiplication [k]p, only use point additions on the curve robust against SPA ADD(P, P ) = (P + P, P ) with P and P already computed problem find a short chain Example: addition chains for k = Collaboration with UCC code and crypto group (6 8) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 6/4
5 Signed-Digit Redundant Number Systems Avizienis 96: radix β representation replace the digit set {,,,..., β } by the digit set { α, α +,...,,..., α, α} with α β If α + > β some numbers have several possible representations Example: radix β =, digits from the set D = {9,...,,,,..., 9} Carry-Save Adder In carry-save, the number A is represented in radix using digits a i {,, } coded by bits such that a i = a i,c + a i,s where a i,c {, } and a i,s {, } n n A = a i i = (a i,c + a i,s ) i i= i= = () β,d a b a b a b a b = (9) β,d = (99) β,d = (8) β,d 4 = (89) β,d =... 4 In a redundant number system there is constant-time addition algorithm (without carry propagation) where all computations are done in parallel A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 7/4 s 4 s s s s Carry-save addition: delay of cells (T = ()) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 8/4 Borrow-Save Addition In borrow-save, the number A is represented in radix using digits a i {,, } coded by bits such that a i = a + i a i where a + i {, } and a i {, } n n A = a i i = (a + i a i ) i i= i= a b a b a b a b a b a b a b a b 4 a + b + d c + s Cell Arithmetic equation: c + s = a + +b + d Logic equation: s = a + b + d c = a + b + + a + d + b + d a b d + a + b d s 4 s4 s s s s s s s s Borrow-save addition: delay of cells (T = ()) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 9/4 c s c+ s A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4
6 Double-Base Number Systems (DBNS) (/) Redundant representation based the sum of powers of AND : x = n x i a i b i, with x i {, }, a i, b i i= Example: 7 = = = Source: L. Imbert Double-Base Number Systems (DBNS) (/) Smallest x > with n DBNS terms in its decomposition: n unsigned signed (4985) 5 8,4? 6,448,7 7,44,896,9 8? DBNS is a very sparse and redundant representation Example: 7 has 78 DBNS representations among which 6 are canonic: 7 = ( ) = ( ) = ( ) = ( ) = ( ) = ( ) A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 Double-Base Number Systems (DBNS) (/) Application: ECC scalar multiplication 459 = [459]P = [ 4 9 ]P + [ 8 ]P P cost: DBL + TPL + ADD Protection at the Arithmetic Level Redundant number system = a way to improve the performance of some operations a way to represent a value with different representations k 459 = [459]P = ((( ([ 4 ]P P) P) P) P cost: 4 DBL + 9 TPL + 5 ADD R (k) R (k) R (k) R 4 (k)... Recoding rules: [R (k)]p [R (k)]p [R (k)]p [R 4 (k)]p... [k]p A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 Proposed solution: use random redundant representations of k A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 4/4
7 countermeasures key recode Towards an ECC (co)processor COMM. CTRL AGU register file TRNG Circuits with On-Line Quality Evaluation Tested True Random Number Generator TRNG DAS Internal random bits Reconfigurable clock generator Embedded Statistical Tests AIS FIPS 4- FPGA Evaluation results Quality of a TRNG depends on: type of TRNG target circuit (FPGA, ASIC,... ) V dd, EMR, temp., attacks... data rate (Mbit/s) ±, on F q local register(s) CTRL ±, on F q local register(s) CTRL /x on F q local register(s) Functional units (FU): ±,, /x for F p and F m, key recoding Memory: register file + internal registers in the FUs Control: operations (E and F q levels) schedule, parameters management... A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 5/4 CTRL Objectives: TRNGs with embedded quality tests for security applications Comparison of various TRNGs TRNG Dichtl al. Find optimal data rate of a TRNG by and Success percentage (%) Run test AIS Data rates (Mb/s) ASIC: nm circuit HCMOS9GP (CMP) V : June 9 (% OK), V : Q FPGAs: Xilinx, Altera, Actel A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 6/4 x 6 Residue Number System (RNS) Base B = (m, m,..., m k ) of k relatively prime moduli Size of the base: k A = {a, a,..., a k }, i a i = A mod m i Operations: A ± B = ( a ± b m,..., a k ± b k mk ) A B = ( a b m,..., a k b k mk ) Residue Number System: Example (/) Base: B = (8, 7, 5, ) Dynamic range: M = = 84, i.e., A < M A std A RNS [,,, ] [,,, ] [,,, ] [,,, ] 4 [4, 4, 4, ] 5 [5, 5,, ] 6 [6, 6,, ] 7 [7,,, ] 8 [,,, ] A std A RNS 9 [,, 4, ] [,,, ] [, 4,, ] [4, 5,, ] [5, 6,, ] 4 [6,, 4, ] 5 [7,,, ] 6 [,,, ] 7 [,,, ] A std A RNS 8 [, 4,, ] 9 [, 5, 4, ] [4, 6,, ] [5,,, ] [6,,, ] [7,,, ] 4 [,, 4, ] 5 [, 4,, ] 6 [, 5,, ] A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 7/4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 8/4
8 Residue Number System: Example (/) Residue Number System: Conversions From standard to RNS: Operands: A = 6 = [6, 6,, ] and B = 6 = [,,, ] i a i = A mod m i Addition: (6 + ) mod 8 = 6 (6 + ) mod 7 = ( + ) mod 5 = ( + ) mod = Verification: = [6,,, ] Multiplication: (6 ) mod 8 = (6 ) mod 7 = 5 ( ) mod 5 = ( ) mod = Verification: 96 = [, 5,, ] From RNS to standard: Using a constructing proof of the Chinese Remainder Theorem (CRT) where A = k i= a i M i M i mi mod M M = k i= m i, A < M M i = M/m i M i mi is the inverse of M i modulo m i A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 9/4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 Residue Number System: Summary Advantages: parallel addition/subtraction and multiplication no carry propagation (between the blocks) natural way to split large numbers = simple scheduling no order in the elements (RNS is not a positional number system) Disadvantages: difficult comparison (< and >) difficult division difficult sign test difficult magnitude computation Circuit-Level Representations of Digits Standard representation of a bit b: V DD = b =, GND = b = Dual-rail representation of a bit b: r = V DD r = GND = b = r = GND r = V DD = b = r Benefit: same number of transitions for and Cost: larger area and memory High-radix coding: radix 4 with digits in {,,,, } ± ± b r A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4
9 Conclusion attacks are more and more efficient security is mandatory at all levels (specification, algorithm, operation, implementation) security = tradeoff between performances and robustness security = computer science + microelectronics + mathematics Current research topics: redundant number systems non-positional number systems circuit reconfigurations (representations, algorithms) circuits with reduced activity variations links between scheduling and circuit activity design space exploration Contact: The end, some questions? mailto:arnaud.tisserand@irisa.fr CAIRN Group IRISA Laboratory, CNRS INRIA Univ. Rennes 6 rue Kérampont, BP 858, F-5 Lannion cedex, France Thank you A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor /4 A. Tisserand, T. Chabrier, D. Pamula, IRISA. Arithmetic Level Countermeasures for ECC Coprocessor 4/4
Summary. Secured Arithmetic Operators for Cryptography. Introduction. Terminology
Summary Secured Arithmetic Operators for Cryptography Arnaud Tisserand CNRS, IRISA laboratory, CAIRN research team Electrical and Computer Engineering Seminar University of Massachusetts Amherst November
More informationOutline. Computer Arithmetic for Cryptography in the Arith Group. LIRMM Montpellier Laboratory of Computer Science, Robotics, and Microelectronics
Outline Computer Arithmetic for Cryptography in the Arith Group Arnaud Tisserand LIRMM, CNRS Univ. Montpellier 2 Arith Group Crypto Puces Porquerolles, April 16 18, 2007 Introduction LIRMM Laboratory Arith
More informationReferences on Elliptic Curves Most of examples/notations used in this presentation come from:
References on Elliptic Curves Most of eamples/notations used in this presentation come from: Hardware Arithmetic Operators for Elliptic Curve Crptograph (ECC) Arnaud Tisserand Guide to Elliptic Curve Crptograph
More informationLecture 8: Sequential Multipliers
Lecture 8: Sequential Multipliers ECE 645 Computer Arithmetic 3/25/08 ECE 645 Computer Arithmetic Lecture Roadmap Sequential Multipliers Unsigned Signed Radix-2 Booth Recoding High-Radix Multiplication
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationResidue Number Systems Ivor Page 1
Residue Number Systems 1 Residue Number Systems Ivor Page 1 7.1 Arithmetic in a modulus system The great speed of arithmetic in Residue Number Systems (RNS) comes from a simple theorem from number theory:
More informationNumeration and Computer Arithmetic Some Examples
Numeration and Computer Arithmetic 1/31 Numeration and Computer Arithmetic Some Examples JC Bajard LIRMM, CNRS UM2 161 rue Ada, 34392 Montpellier cedex 5, France April 27 Numeration and Computer Arithmetic
More informationImplementation Of Digital Fir Filter Using Improved Table Look Up Scheme For Residue Number System
Implementation Of Digital Fir Filter Using Improved Table Look Up Scheme For Residue Number System G.Suresh, G.Indira Devi, P.Pavankumar Abstract The use of the improved table look up Residue Number System
More informationECE380 Digital Logic. Positional representation
ECE380 Digital Logic Number Representation and Arithmetic Circuits: Number Representation and Unsigned Addition Dr. D. J. Jackson Lecture 16-1 Positional representation First consider integers Begin with
More informationHybrid Binary-Ternary Joint Sparse Form and its Application in Elliptic Curve Cryptography
Hybrid Binary-Ternary Joint Sparse Form and its Application in Elliptic Curve Cryptography Jithra Adikari, Student Member, IEEE, Vassil Dimitrov, and Laurent Imbert Abstract Multi-exponentiation is a common
More informationA VLSI Algorithm for Modular Multiplication/Division
A VLSI Algorithm for Modular Multiplication/Division Marcelo E. Kaihara and Naofumi Takagi Department of Information Engineering Nagoya University Nagoya, 464-8603, Japan mkaihara@takagi.nuie.nagoya-u.ac.jp
More informationLecture 8. Sequential Multipliers
Lecture 8 Sequential Multipliers Required Reading Behrooz Parhami, Computer Arithmetic: Algorithms and Hardware Design Chapter 9, Basic Multiplication Scheme Chapter 10, High-Radix Multipliers Chapter
More informationOptimal Use of Montgomery Multiplication on Smart Cards
Optimal Use of Montgomery Multiplication on Smart Cards Arnaud Boscher and Robert Naciri Oberthur Card Systems SA, 71-73, rue des Hautes Pâtures, 92726 Nanterre Cedex, France {a.boscher, r.naciri}@oberthurcs.com
More informationKEYWORDS: Multiple Valued Logic (MVL), Residue Number System (RNS), Quinary Logic (Q uin), Quinary Full Adder, QFA, Quinary Half Adder, QHA.
GLOBAL JOURNAL OF ADVANCED ENGINEERING TECHNOLOGIES AND SCIENCES DESIGN OF A QUINARY TO RESIDUE NUMBER SYSTEM CONVERTER USING MULTI-LEVELS OF CONVERSION Hassan Amin Osseily Electrical and Electronics Department,
More informationReprésentation RNS des nombres et calcul de couplages
Représentation RNS des nombres et calcul de couplages Sylvain Duquesne Université Rennes 1 Séminaire CCIS Grenoble, 7 Février 2013 Sylvain Duquesne (Rennes 1) RNS et couplages Grenoble, 07/02/13 1 / 29
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationSmall FPGA-Based Multiplication-Inversion Unit for Normal Basis over GF(2 m )
1 / 19 Small FPGA-Based Multiplication-Inversion Unit for Normal Basis over GF(2 m ) Métairie Jérémy, Tisserand Arnaud and Casseau Emmanuel CAIRN - IRISA July 9 th, 2015 ISVLSI 2015 PAVOIS ANR 12 BS02
More informationEfficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe Negre, Thomas Plantard, Jean-Marc Robert Team DALI (UPVD) and LIRMM (UM2, CNRS), France CCISR, SCIT, (University
More informationFast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System
Fast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System Jithra Adikari, Vassil S. Dimitrov, and Pradeep Mishra Department of Electrical and
More informationA low-time-complexity and secure dual-field scalar multiplication based on co-z protected NAF
LETTER IEICE Electronics Express, Vol.11, No.11, 1 12 A low-time-complexity and secure dual-field scalar multiplication based on co-z protected NAF Jizeng Wei a), Xulong Liu, Hao Liu, and Wei Guo b) School
More informationReduced-Area Constant-Coefficient and Multiple-Constant Multipliers for Xilinx FPGAs with 6-Input LUTs
Article Reduced-Area Constant-Coefficient and Multiple-Constant Multipliers for Xilinx FPGAs with 6-Input LUTs E. George Walters III Department of Electrical and Computer Engineering, Penn State Erie,
More informationFrequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography
Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography Selçuk Baktır, Berk Sunar {selcuk,sunar}@wpi.edu Department of Electrical & Computer Engineering Worcester Polytechnic Institute
More informationEfficient Leak Resistant Modular Exponentiation in RNS
Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1), Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2)
More informationHardware implementations of ECC
Hardware implementations of ECC The University of Electro- Communications Introduction Public- key Cryptography (PKC) The most famous PKC is RSA and ECC Used for key agreement (Diffie- Hellman), digital
More informationNew Algorithm for Classical Modular Inverse
New Algorithm for Classical Modular Inverse Róbert órencz C in Prague CR 9/8/00 CHE 00 1 Introduction - Modular Inverse Inseparable part of cryptographic algorithms. Always needed classical modular inverse
More informationComputer Architecture 10. Residue Number Systems
Computer Architecture 10 Residue Number Systems Ma d e wi t h Op e n Of f i c e. o r g 1 A Puzzle What number has the reminders 2, 3 and 2 when divided by the numbers 7, 5 and 3? x mod 7 = 2 x mod 5 =
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationMulti-Exponentiation Algorithm
Multi-Exponentiation Algorithm Chien-Ning Chen Email: chienning@ntu.edu.sg Feb 15, 2012 Coding and Cryptography Research Group Outline Review of multi-exponentiation algorithms Double/Multi-exponentiation
More informationAn Optimized Hardware Architecture of Montgomery Multiplication Algorithm
An Optimized Hardware Architecture of Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, and Tarek El-Ghazawi 1 1 The George Washington University, Washington, DC 20052,
More informationRandomized Signed-Scalar Multiplication of ECC to Resist Power Attacks
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks Jae Cheol Ha 1 and Sang Jae Moon 2 1 Division of Information Science, Korea Nazarene Univ., Cheonan, Choongnam, 330-718, Korea jcha@kornu.ac.kr
More informationPower Analysis to ECC Using Differential Power between Multiplication and Squaring
Power Analysis to ECC Using Differential Power between Multiplication and Squaring Toru Akishita 1 and Tsuyoshi Takagi 2 1 Sony Corporation, Information Technologies Laboratories, Tokyo, Japan akishita@pal.arch.sony.co.jp
More informationDesign and Implementation of a Low Power RSA Processor for Smartcard
I.J.Modern Education and Computer Science, 2011, 3, 8-14 Published Online June 2011 in MECS (http://www.mecs-press.org/) esign and Implementation of a Low Power RSA Processor for Smartcard Zhen Huang Institute
More informationGENERALIZED ARYABHATA REMAINDER THEOREM
International Journal of Innovative Computing, Information and Control ICIC International c 2010 ISSN 1349-4198 Volume 6, Number 4, April 2010 pp. 1865 1871 GENERALIZED ARYABHATA REMAINDER THEOREM Chin-Chen
More informationA Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m )
A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m ) Stefan Tillich, Johann Großschädl Institute for Applied Information Processing and
More informationA High-Speed Realization of Chinese Remainder Theorem
Proceedings of the 2007 WSEAS Int. Conference on Circuits, Systems, Signal and Telecommunications, Gold Coast, Australia, January 17-19, 2007 97 A High-Speed Realization of Chinese Remainder Theorem Shuangching
More informationInformation encoding and decoding using Residue Number System for {2 2n -1, 2 2n, 2 2n +1} moduli sets
Information encoding and decoding using Residue Number System for {2-1, 2, 2 +1} moduli sets Idris Abiodun Aremu Kazeem Alagbe Gbolagade Abstract- This paper presents the design methods of information
More informationInternational Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Emerging Technologies in Computational
More informationArithmetic in Integer Rings and Prime Fields
Arithmetic in Integer Rings and Prime Fields A 3 B 3 A 2 B 2 A 1 B 1 A 0 B 0 FA C 3 FA C 2 FA C 1 FA C 0 C 4 S 3 S 2 S 1 S 0 http://koclab.org Çetin Kaya Koç Spring 2018 1 / 71 Contents Arithmetic in Integer
More informationFast and Regular Algorithms for Scalar Multiplication over Elliptic Curves
Fast and Regular Algorithms for Scalar Multiplication over Elliptic Curves Matthieu Rivain CryptoExperts matthieu.rivain@cryptoexperts.com Abstract. Elliptic curve cryptosystems are more and more widespread
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationDual-Field Arithmetic Unit for GF(p) and GF(2 m ) *
Institute for Applied Information Processing and Communications Graz University of Technology Dual-Field Arithmetic Unit for GF(p) and GF(2 m ) * CHES 2002 Workshop on Cryptographic Hardware and Embedded
More information14:332:231 DIGITAL LOGIC DESIGN. Why Binary Number System?
:33:3 DIGITAL LOGIC DESIGN Ivan Marsic, Rutgers University Electrical & Computer Engineering Fall 3 Lecture #: Binary Number System Complement Number Representation X Y Why Binary Number System? Because
More informationEntropy Evaluation for Oscillator-based True Random Number Generators
Entropy Evaluation for Oscillator-based True Random Number Generators Yuan Ma DCS Center Institute of Information Engineering Chinese Academy of Sciences Outline RNG Modeling method Experiment Entropy
More informationSquare Always Exponentiation
Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1,2 Georges Gagnerot 1,2 Mylène Roussellet 2 Vincent Verneuil 2,3 1 XLIM-Université de Limoges, France 2 INSIDE Secure, Aix-en-Provence, France
More informationThe goal differs from prime factorization. Prime factorization would initialize all divisors to be prime numbers instead of integers*
Quantum Algorithm Processor For Finding Exact Divisors Professor J R Burger Summary Wiring diagrams are given for a quantum algorithm processor in CMOS to compute, in parallel, all divisors of an n-bit
More informationHardware Operator for Simultaneous Sine and Cosine Evaluation
Hardware Operator for Simultaneous Sine and Cosine Evaluation Arnaud Tisserand To cite this version: Arnaud Tisserand. Hardware Operator for Simultaneous Sine and Cosine Evaluation. ICASSP 6: International
More informationAre standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? Sandeep S. Kumar and Christof Paar Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany Abstract. With elliptic
More informationEfficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2016 Efficient randomized regular modular exponentiation
More informationExponentiation and Point Multiplication. Çetin Kaya Koç Spring / 70
Exponentiation and Point Multiplication 1 2 3 4 5 6 8 7 10 9 12 16 14 11 13 15 20 http://koclab.org Çetin Kaya Koç Spring 2018 1 / 70 Contents Exponentiation and Point Multiplication Exponentiation and
More informationAddition of QSD intermediat e carry and sum. Carry/Sum Generation. Fig:1 Block Diagram of QSD Addition
1216 DESIGN AND ANALYSIS OF FAST ADDITION MECHANISM FOR INTEGERS USING QUATERNARY SIGNED DIGIT NUMBER SYSTEM G.MANASA 1, M.DAMODHAR RAO 2, K.MIRANJI 3 1 PG Student, ECE Department, Gudlavalleru Engineering
More informationOn the Complexity of Error Detection Functions for Redundant Residue Number Systems
On the Complexity of Error Detection Functions for Redundant Residue Number Systems Tsutomu Sasao 1 and Yukihiro Iguchi 2 1 Dept. of Computer Science and Electronics, Kyushu Institute of Technology, Iizuka
More informationOptimization of new Chinese Remainder theorems using special moduli sets
Louisiana State University LSU Digital Commons LSU Master's Theses Graduate School 2010 Optimization of new Chinese Remainder theorems using special moduli sets Narendran Narayanaswamy Louisiana State
More informationImproving Modular Inversion in RNS using the Plus-Minus Method
Author manuscript, published in "CHES - 15th Workshop on Cryptographic Hardware and Embedded Systems - 2013 8086 (2013) 233-249" DOI : 10.1007/978-3-642-40349-1_14 Improving Modular Inversion in RNS using
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1
More informationDesign and FPGA Implementation of Radix-10 Algorithm for Division with Limited Precision Primitives
Design and FPGA Implementation of Radix-10 Algorithm for Division with Limited Precision Primitives Miloš D. Ercegovac Computer Science Department Univ. of California at Los Angeles California Robert McIlhenny
More informationVLSI Arithmetic. Lecture 9: Carry-Save and Multi-Operand Addition. Prof. Vojin G. Oklobdzija University of California
VLSI Arithmetic Lecture 9: Carry-Save and Multi-Operand Addition Prof. Vojin G. Oklobdzija University of California http://www.ece.ucdavis.edu/acsel Carry-Save Addition* *from Parhami 2 June 18, 2003 Carry-Save
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More information6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)
6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC) 6.0 Introduction Elliptic curve cryptography (ECC) is the application of elliptic curve in the field of cryptography.basically a form of PKC which applies over the
More informationEECS150 - Digital Design Lecture 24 - Arithmetic Blocks, Part 2 + Shifters
EECS150 - Digital Design Lecture 24 - Arithmetic Blocks, Part 2 + Shifters April 15, 2010 John Wawrzynek 1 Multiplication a 3 a 2 a 1 a 0 Multiplicand b 3 b 2 b 1 b 0 Multiplier X a 3 b 0 a 2 b 0 a 1 b
More informationCo-Z Addition Formulæ and Binary Ladders on Elliptic Curves. Raveen Goundar Marc Joye Atsuko Miyaji
Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves Raveen Goundar Marc Joye Atsuko Miyaji Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves Raveen Goundar Marc Joye Atsuko Miyaji Elliptic
More informationChapter 5 Arithmetic Circuits
Chapter 5 Arithmetic Circuits SKEE2263 Digital Systems Mun im/ismahani/izam {munim@utm.my,e-izam@utm.my,ismahani@fke.utm.my} February 11, 2016 Table of Contents 1 Iterative Designs 2 Adders 3 High-Speed
More informationReduce-by-Feedback: Timing resistant and DPA-aware Modular Multiplication plus: How to Break RSA by DPA
Reduce-by-Feedback: Timing resistant and DPA-aware Modular Multiplication plus: How to Break RSA by DPA M. Vielhaber vielhaber@gmail.com Hochschule Bremerhaven und/y Universidad Austral de Chile CHES 2012
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 2, Issue 8, August 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Efficient
More informationChapter 1: Solutions to Exercises
1 DIGITAL ARITHMETIC Miloš D. Ercegovac and Tomás Lang Morgan Kaufmann Publishers, an imprint of Elsevier, c 2004 Exercise 1.1 (a) 1. 9 bits since 2 8 297 2 9 2. 3 radix-8 digits since 8 2 297 8 3 3. 3
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More information4 Number Theory and Cryptography
4 Number Theory and Cryptography 4.1 Divisibility and Modular Arithmetic This section introduces the basics of number theory number theory is the part of mathematics involving integers and their properties.
More informationA new algorithm for residue multiplication modulo
A new algorithm for residue multiplication modulo 2 521 1 Shoukat Ali and Murat Cenk Institute of Applied Mathematics Middle East Technical University, Ankara, Turkey shoukat.1983@gmail.com mcenk@metu.edu.tr
More informationCombining leak resistant arithmetic for elliptic curves defined over F p and RNS representation
Combining leak resistant arithmetic for elliptic curves defined over F p and RNS representation JC Bajard a, S. Duquesne b, M Ercegovac c a LIP6, UPMC Paris, France, and LIRMM, CNRS, France; b IRMAR, CNRS
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationVolume 3, No. 1, January 2012 Journal of Global Research in Computer Science RESEARCH PAPER Available Online at
Volume 3, No 1, January 2012 Journal of Global Research in Computer Science RESEARCH PAPER Available Online at wwwjgrcsinfo A NOVEL HIGH DYNAMIC RANGE 5-MODULUS SET WHIT EFFICIENT REVERSE CONVERTER AND
More informationResidue Number Systems. Alternative number representations. TSTE 8 Digital Arithmetic Seminar 2. Residue Number Systems.
TSTE8 Digital Arithmetic Seminar Oscar Gustafsson The idea is to use the residues of the numbers and perform operations on the residues Also called modular arithmetic since the residues are computed using
More informationIntroduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part
More informationForward and Reverse Converters and Moduli Set Selection in Signed-Digit Residue Number Systems
J Sign Process Syst DOI 10.1007/s11265-008-0249-8 Forward and Reverse Converters and Moduli Set Selection in Signed-Digit Residue Number Systems Andreas Persson Lars Bengtsson Received: 8 March 2007 /
More informationBinary-Ternary Plus-Minus Modular Inversion in RNS
inary-ternary Plus-Minus Modular Inversion in RNS Karim igou, Arnaud Tisserand To cite this version: Karim igou, Arnaud Tisserand inary-ternary Plus-Minus Modular Inversion in RNS IEEE Transactions on
More informationEfficient and Secure Algorithms for GLV-Based Scalar Multiplication and Their Implementation on GLV-GLS Curves
Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and Their Implementation on GLV-GLS Curves SESSION ID: CRYP-T07 Patrick Longa Microsoft Research http://research.microsoft.com/en-us/people/plonga/
More informationE40M. Binary Numbers. M. Horowitz, J. Plummer, R. Howe 1
E40M Binary Numbers M. Horowitz, J. Plummer, R. Howe 1 Reading Chapter 5 in the reader A&L 5.6 M. Horowitz, J. Plummer, R. Howe 2 Useless Box Lab Project #2 Adding a computer to the Useless Box alows us
More informationScalar Multiplication on Koblitz Curves using
Scalar Multiplication on Koblitz Curves using τ 2 NAF Sujoy Sinha Roy 1, Chester Rebeiro 1, Debdeep Mukhopadhyay 1, Junko Takahashi 2 and Toshinori Fukunaga 3 1 Dept. of Computer Science and Engineering
More informationSubquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases
1 Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases H. Fan and M. A. Hasan March 31, 2007 Abstract Based on a recently proposed Toeplitz
More information3 The fundamentals: Algorithms, the integers, and matrices
3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers
More informationLeak Resistant Arithmetic
Leak Resistant Arithmetic Jean-Claude Bajard 1, Laurent Imbert 1, Pierre-Yvan Liardet 2, and Yannick Teglia 2 1 LIRMM, CNRS UMR 5506, Université Montpellier II 161 rue Ada, 34392 Montpellier cedex 5, FRANCE
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationAn Effective New CRT Based Reverse Converter for a Novel Moduli Set { 2 2n+1 1, 2 2n+1, 2 2n 1 }
An Effective New CRT Based Reverse Converter for a Novel Moduli Set +1 1, +1, 1 } Edem Kwedzo Bankas, Kazeem Alagbe Gbolagade Department of Computer Science, Faculty of Mathematical Sciences, University
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationRandom Delay Insertion: Effective Countermeasure against DPA on FPGAs
Random Delay Insertion: Effective Countermeasure against DPA on FPGAs Lu, Yingxi Dr. Máire O Neill Prof. John McCanny Overview September 2004 PRESENTATION OUTLINE DPA and countermeasures Random Delay Insertion
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationOptimizing scalar multiplication for koblitz curves using hybrid FPGAs
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 6-1-2009 Optimizing scalar multiplication for koblitz curves using hybrid FPGAs Gregory Głuszek Follow this and
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationHorizontal and Vertical Side-Channel Attacks against Secure RSA Implementations
Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID:
More informationHardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow
Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow Cees J.A. Jansen Pijnenburg Securealink B.V. Vught, The Netherlands ISSE Conference, London 27 September,
More informationHigh Performance GHASH Function for Long Messages
High Performance GHASH Function for Long Messages Nicolas Méloni 1, Christophe Négre 2 and M. Anwar Hasan 1 1 Department of Electrical and Computer Engineering University of Waterloo, Canada 2 Team DALI/ELIAUS
More informationGF(2 m ) arithmetic: summary
GF(2 m ) arithmetic: summary EE 387, Notes 18, Handout #32 Addition/subtraction: bitwise XOR (m gates/ops) Multiplication: bit serial (shift and add) bit parallel (combinational) subfield representation
More informationA Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2 m )
A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2 m ) Johann Großschädl Graz University of Technology Institute for Applied Information Processing and Communications Inffeldgasse
More informationSingle Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC
Single Base Modular Multiplication for Efficient Hardare RNS Implementations of ECC Karim Bigou and Arnaud Tisserand CNRS, IRISA, INRIA Centre Rennes - Bretagne Atlantique and University Rennes 1, 6 rue
More informationassume that the message itself is considered the RNS representation of a number, thus mapping in and out of the RNS system is not necessary. This is p
Montgomery Modular Multiplication in Residue Arithmetic Jean-Claude Bajard LIRMM Montpellier, France bajardlirmm.fr Laurent-Stephane Didier Universite de Bretagne Occidentale Brest, France laurent-stephane.didieruniv-brest.fr
More informationAn Efficient Multiplier/Divider Design for Elliptic Curve Cryptosystem over GF(2 m ) *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 25, 1555-1573 (2009) An Efficient Multiplier/Divider Design for Elliptic Curve Cryptosystem over GF(2 m ) * MING-DER SHIEH, JUN-HONG CHEN, WEN-CHING LIN AND
More informationELEN Electronique numérique
ELEN0040 - Electronique numérique Patricia ROUSSEAUX Année académique 2014-2015 CHAPITRE 3 Combinational Logic Circuits ELEN0040 3-4 1 Combinational Functional Blocks 1.1 Rudimentary Functions 1.2 Functions
More informationLazy Leak Resistant Exponentiation in RNS
Lazy Leak Resistant Exponentiation in RNS Andrea Lesavourey, Christophe Negre, Thomas Plantard To cite this version: Andrea Lesavourey, Christophe Negre, Thomas Plantard. Lazy Leak Resistant Exponentiation
More informationA Simple Left-to-Right Algorithm for Minimal Weight Signed Radix-r Representations
A Simple Left-to-Right Algorithm for Minimal Weight Signed Radix-r Representations James A. Muir School of Computer Science Carleton University, Ottawa, Canada http://www.scs.carleton.ca/ jamuir 23 October
More information