Modular Exponentiation on Reconfigurable Hardware

Blum, Thomas

03 September 1999

"It is widely recognized that security issues will play a crucial role in the majority of future computer and communication systems. A central tool for achieving system security are cryptographic algorithms. For performance as well as for physical security reasons, it is often advantageous to realize cryptographic algorithms in hardware. In order to overcome the well-known drawback of reduced flexibility that is associated with traditional ASIC solutions, this contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs). The proposed architectures perform modular exponentiation with very long integers. This operation is at the heart of many practical public-key algorithms such as RSA and discrete logarithm schemes. We combine two versions of Montgomery modular multiplication algorithm with new systolic array designs which are well suited for FPGA realizations. The first one is based on a radix of two and is capable of processing a variable number of bits per array cell leading to a low cost design. The second design uses a radix of sixteen, resulting in a speed-up of a factor three at the cost of more used resources. The designs are flexible, allowing any choice of operand and modulus. Unlike previous approaches, we systematically implement and compare several versions of our new architecture for different bit lengths. We provide absolute area and timing measures for each architecture on Xilinx XC4000 series FPGAs. As a first practical result we show that it is possible to implement modular exponentiation at secure bit lengths on a single commercially available FPGA. Secondly we present faster processing times than previously reported. The Diffie-Hellman key exchange scheme with a modulus of 1024 bits and an exponent of 160 bits is computed in 1.9 ms. Our fastest design computes a 1024 bit RSA decryption in 3.1 ms when the Chinese remainder theorem is applied. These times are more than ten times faster than any reported software implementation. They also outperform most of the hardware-implementations presented in technical literature."

public-key cryptography

FPGA

Montgomery multiplication

Modular Exponentiation

RSA

Reconfigurable Hardware

Cryptography

Gate array circuits

A microcoded elliptic curve cryptographic processor.

January 2001

Leung Ka Ho. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2001. / Includes bibliographical references (leaves [85]-90). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / List of Figures --- p.ix / List of Tables --- p.xi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Aims --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Thesis Outline --- p.4 / Chapter 2 --- Cryptography --- p.6 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Foundations --- p.6 / Chapter 2.3 --- Secret Key Cryptosystems --- p.8 / Chapter 2.4 --- Public Key Cryptosystems --- p.9 / Chapter 2.4.1 --- One-way Function --- p.10 / Chapter 2.4.2 --- Certification Authority --- p.10 / Chapter 2.4.3 --- Discrete Logarithm Problem --- p.11 / Chapter 2.4.4 --- RSA vs. ECC --- p.12 / Chapter 2.4.5 --- Key Exchange Protocol --- p.13 / Chapter 2.4.6 --- Digital Signature --- p.14 / Chapter 2.5 --- Secret Key vs. Public Key Cryptography --- p.16 / Chapter 2.6 --- Summary --- p.18 / Chapter 3 --- Mathematical Background --- p.19 / Chapter 3.1 --- Introduction --- p.19 / Chapter 3.2 --- Groups and Fields --- p.19 / Chapter 3.3 --- Finite Fields --- p.21 / Chapter 3.4 --- Modular Arithmetic --- p.21 / Chapter 3.5 --- Polynomial Basis --- p.21 / Chapter 3.6 --- Optimal Normal Basis --- p.22 / Chapter 3.6.1 --- Addition --- p.23 / Chapter 3.6.2 --- Squaring --- p.24 / Chapter 3.6.3 --- Multiplication --- p.24 / Chapter 3.6.4 --- Inversion --- p.30 / Chapter 3.7 --- Summary --- p.33 / Chapter 4 --- Literature Review --- p.34 / Chapter 4.1 --- Introduction --- p.34 / Chapter 4.2 --- Hardware Elliptic Curve Implementation --- p.34 / Chapter 4.2.1 --- Field Processors --- p.34 / Chapter 4.2.2 --- Curve Processors --- p.36 / Chapter 4.3 --- Software Elliptic Curve Implementation --- p.36 / Chapter 4.4 --- Summary --- p.38 / Chapter 5 --- Introduction to Elliptic Curves --- p.39 / Chapter 5.1 --- Introduction --- p.39 / Chapter 5.2 --- Historical Background --- p.39 / Chapter 5.3 --- Elliptic Curves over R2 --- p.40 / Chapter 5.3.1 --- Curve Addition and Doubling --- p.41 / Chapter 5.4 --- Elliptic Curves over Finite Fields --- p.44 / Chapter 5.4.1 --- Elliptic Curves over Fp with p>〉3 --- p.44 / Chapter 5.4.2 --- Elliptic Curves over F2n --- p.45 / Chapter 5.4.3 --- Operations of Elliptic Curves over F2n --- p.46 / Chapter 5.4.4 --- Curve Multiplication --- p.49 / Chapter 5.5 --- Elliptic Curve Discrete Logarithm Problem --- p.51 / Chapter 5.6 --- Public Key Cryptography --- p.52 / Chapter 5.7 --- Elliptic Curve Diffie-Hellman Key Exchange --- p.54 / Chapter 5.8 --- Summary --- p.55 / Chapter 6 --- Design Methodology --- p.56 / Chapter 6.1 --- Introduction --- p.56 / Chapter 6.2 --- CAD Tools --- p.56 / Chapter 6.3 --- Hardware Platform --- p.59 / Chapter 6.3.1 --- FPGA --- p.59 / Chapter 6.3.2 --- Reconfigurable Hardware Computing --- p.62 / Chapter 6.4 --- Elliptic Curve Processor Architecture --- p.63 / Chapter 6.4.1 --- Arithmetic Logic Unit (ALU) --- p.64 / Chapter 6.4.2 --- Register File --- p.68 / Chapter 6.4.3 --- Microcode --- p.69 / Chapter 6.5 --- Parameterized Module Generator --- p.72 / Chapter 6.6 --- Microcode Toolkit --- p.73 / Chapter 6.7 --- Initialization by Bitstream Reconfiguration --- p.74 / Chapter 6.8 --- Summary --- p.75 / Chapter 7 --- Results --- p.76 / Chapter 7.1 --- Introduction --- p.76 / Chapter 7.2 --- Elliptic Curve Processor with Serial Multiplier (p = 1) --- p.76 / Chapter 7.3 --- Projective verses Affine Coordinates --- p.78 / Chapter 7.4 --- Elliptic Curve Processor with Parallel Multiplier (p > 1) --- p.79 / Chapter 7.5 --- Summary --- p.80 / Chapter 8 --- Conclusion --- p.82 / Chapter 8.1 --- Recommendations for Future Research --- p.83 / Bibliography --- p.85 / Chapter A --- Elliptic Curves in Characteristics 2 and3 --- p.91 / Chapter A.1 --- Introduction --- p.91 / Chapter A.2 --- Derivations --- p.91 / Chapter A.3 --- "Elliptic Curves over Finite Fields of Characteristic ≠ 2,3" --- p.92 / Chapter A.4 --- Elliptic Curves over Finite Fields of Characteristic = 2 --- p.94 / Chapter B --- Examples of Curve Multiplication --- p.95 / Chapter B.1 --- Introduction --- p.95 / Chapter B.2 --- Numerical Results --- p.96

Computer security

Curves, Elliptic--Data processing

Public key cryptography

Cryptography

Field programmable gate arrays

New hardware algorithms and designs for Montgomery modular inverse computation in Galois Fields GF(p) and GF(2 [superscript n])

Gutub, Adnan Abdul-Aziz

11 June 2002

Graduation date: 2003

Modular functions

Algorithms

Functions, Inverse

Finite fields (Algebra)

Public key cryptography

On Pairing-Based Signature and Aggregate Signature Schemes

Knapp, Edward

January 2008

In 2001, Boneh, Lynn, and Shacham presented a pairing-based signature scheme known as the BLS signature scheme. In 2003, Boneh, Gentry, Lynn, and Shacham presented the first aggregate signature scheme called the BGLS aggregate signature scheme. The BGLS scheme allows for N users with N signatures to combine their signatures into a single signature. The size of the resulting signature is independent of N. The BGLS signature scheme enjoys roughly the same level of security as the BLS scheme. In 2005, Waters presented a pairing-based signature scheme which does not assume the existence of random oracles. In 2007, Lu, Ostrovsky, Sahai, Shacham, and Waters presented the LOSSW aggregate signature scheme which does not assume the existence of random oracles. The BLS, BGLS, Waters, and LOSSW authors each chose to work with a restricted class of pairings. In each scheme, it is clear that the scheme extend to arbitrary pairings. We present the schemes in their full generality, explore variations of the schemes, and discuss optimizations that can be made when using specific pairings. Each of the schemes we discuss is secure assuming that the computational Diffie-Hellman (CDH) assumption holds. We improve on the security reduction for a variation of the BGLS signature scheme which allows for some restrictions of the BGLS signature scheme can be dropped and provides a stronger guarantee of security. We show that the BGLS scheme can be modified to reduce public-key size in presence of a certifying authority, when a certain type of pairing is used. We show that patient-free bit-compression can be applied to each of the scheme with a few modifications.

mathematics

cryptography

signature schemes

provable security

elliptic curves

public-key cryptography

Combinatorics and Optimization

SPP Secure Payment Protocol: Protocol Analysis, Implementation and Extensions

Kovan, Gerry

January 2005

Internet commerce continues to grow rapidly. Over 60% of US households use the internet to shop online. A secure payment protocol is required to support this rapid growth. A new payment protocol was recently invented at IBM. We refer to the protocol as SPP or Secure Payment Protocol. This thesis presents a protocol analysis of SPP. It is essential that a thorough security analysis be done on any new payment protocol so that we can better understand its security properties. We first develop a method for analyzing payment protocols. This method includes a list of desirable security features and a list of proofs that should be satisfied. We then present the results of the analysis. These results validate that the protocol does contain many security features and properties. They also help understand the security properties and identify areas where the protocol can be further secured. This led us to extend the design of the protocol to enhance its security. This thesis also presents a prototype implementation of SPP. Three software components were implemented. They are the Electronic Wallet component, the merchant software component and the Trusted Third Party component. The architecture and technologies that are required for implementation are discussed. The prototype is then used in performance measurement experiments. Results on system performance as a function of key size are presented. Finally, this thesis presents an extension of SPP to support a two buyer scenario. In this scenario one buyer makes an order while another buyer makes the payment. This scenario enables additional commerce services.

Computer Science

Secure Payment Protocol

Internet Commerce

Public Key Cryptography

SSL

Digital Signatures

On Pairing-Based Signature and Aggregate Signature Schemes

Knapp, Edward

January 2008

In 2001, Boneh, Lynn, and Shacham presented a pairing-based signature scheme known as the BLS signature scheme. In 2003, Boneh, Gentry, Lynn, and Shacham presented the first aggregate signature scheme called the BGLS aggregate signature scheme. The BGLS scheme allows for N users with N signatures to combine their signatures into a single signature. The size of the resulting signature is independent of N. The BGLS signature scheme enjoys roughly the same level of security as the BLS scheme. In 2005, Waters presented a pairing-based signature scheme which does not assume the existence of random oracles. In 2007, Lu, Ostrovsky, Sahai, Shacham, and Waters presented the LOSSW aggregate signature scheme which does not assume the existence of random oracles. The BLS, BGLS, Waters, and LOSSW authors each chose to work with a restricted class of pairings. In each scheme, it is clear that the scheme extend to arbitrary pairings. We present the schemes in their full generality, explore variations of the schemes, and discuss optimizations that can be made when using specific pairings. Each of the schemes we discuss is secure assuming that the computational Diffie-Hellman (CDH) assumption holds. We improve on the security reduction for a variation of the BGLS signature scheme which allows for some restrictions of the BGLS signature scheme can be dropped and provides a stronger guarantee of security. We show that the BGLS scheme can be modified to reduce public-key size in presence of a certifying authority, when a certain type of pairing is used. We show that patient-free bit-compression can be applied to each of the scheme with a few modifications.

mathematics

cryptography

signature schemes

provable security

elliptic curves

public-key cryptography

Combinatorics and Optimization

A survey and security strength classification of PKI certificate revocation management implementations /

MacMichael, John L.

January 2003

Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, December 2003. / Thesis advisor(s): J.D. Fulp, D.F. Warren. Includes bibliographical references. Also available online.

A scalable and secure networking paradigm using identity-based cryptography

Kwok, Hon-man, Sammy., 郭漢文.

January 2011

published_or_final_version / Electrical and Electronic Engineering / Doctoral / Doctor of Philosophy

Data encryption (Computer science)

Computer networks - Security measures.

Public key cryptography.

Forward security and certificate management in mobile AD Hoc networks

Go, Hiu-wing., 吳曉頴.

January 2004

published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy

Wireless communication systems

Public key cryptography.

Mobile communication systems.

Contributions to group key distribution schemes

Kurnio, Hartono.

January 2005

Thesis (Ph.D.)--University of Wollongong, 2005. / Typescript. Includes bibliographical references: leaf 149-157.