• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.10
• /
• pp.1093-1100
• /
• 2015

Since the security of RSA cryptosystem depends on the difficulty of factoring integers, it is the most important problem to factor large integers in RSA cryptosystem. The Lenstra elliptic curve factorization method(ECM) is considered a special purpose factoring algorithm as it is still the best algorithm for divisors not greatly exceeding 20 to 25 digits(64 to 83 bits or so). ECM, however, wastes most time to calculate $M{\cdot}P$ mod N and so Montgomery and Koyama both give fast methods for implementing $M{\cdot}P$ mod N. We, in this paper, further analyze Montgomery and Koyama's methods and propose an efficient algorithm which choose the optimal parameters and reduces the number of multiplications of Montgomery and Koyama's methods. Consequently, the run time of our algorithm is reduced by 20% or so than that of Montgomery and Koyama's methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.37-44
• /
• 2001

In this paper, an efficient architecture for the ECC multiplier in GF(2") is proposed. We give a design example for the irreducible trinomials $x_{193}\;+\;x_{15}\;+\;1$. In hardware implementations, it is often desirable to use the irreducible trinomial equations. A digit-serial multiplier with a digit size of 32 is proposed, which has more advantages than the 193bit serial LFSR architecture. The proposed multiplier is verified with a VHDL description using an elliptic curve addition. The elliptic curve used in this implementation is defined by Weierstrass equations. The measured results show that the proposed multiplier it 0.3 times smaller than the bit-serial LFSR multiplier.lier.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.1
• /
• pp.57-67
• /
• 2005

Fast scalar multiplication of points on elliptic curve is important for elliptic curve cryptography applications. In order to vary field sizes depending on security situations, the cryptography coprocessors should support variable length finite field arithmetic units. To determine the effective variable length finite field arithmetic architecture, two well-known curve scalar multiplication algorithms were implemented on FPGA. The affine coordinates algorithm must use a hardware division unit, but the projective coordinates algorithm only uses a fast multiplication unit. The former algorithm needs the division hardware. The latter only requires a multiplication hardware, but it need more space to store intermediate results. To make the division unit versatile, we need to add a feedback signal line at every bit position. We proposed a method to mitigate this problem. For multiplication in projective coordinates implementation, we use a widely used digit serial multiplication hardware, which is simpler to be made versatile. We experimented with our implemented ECC coprocessors using variable length finite field arithmetic unit which has the maximum field size 256. On the clock speed 40 MHz, the scalar multiplication time is 6.0 msec for affine implementation while it is 1.15 msec for projective implementation. As a result of the study, we found that the projective coordinates algorithm which does not use the division hardware was faster than the affine coordinate algorithm. In addition, the memory implementation effectiveness relative to logic implementation will have a large influence on the implementation space requirements of the two algorithms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.670-673
• /
• 2008

Optimized algorithms and numerical expressions which had been verified through C program simulation, should be analyzed again with HDL (hardware description language) such as Verilog, so that the verified ones could be modified to be applied directly to hardware implementation. The reason is that the characteristics of C programming language design is intrinsically different from the hardware design structure. The hardware IP verified doubly in view of hardware structure together with algorithmic verification, was implemented on the Altera Excalibur FPGA device equipped with ARM9 microprocessor core, to a real chip prototype, using Altera embedded system development tool kit. The implemented finite field calculation IPs can be used as library modules as Elliptic Curve Cryptography finite field operations which has more than 193 bit key length.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.7
• /
• pp.327-331
• /
• 2008

Optimal Extension Fields (OEFs) are finite fields of a special form which are very useful for software implementation of elliptic curve cryptosystems. Bailey and Paar introduced efficient OEF arithmetic algorithms including the $p^ith$ powering operation, and an efficient algorithm to construct OEFs for cryptographic use. In this paper, we give a counterexample where their $p^ith$ powering algorithm does not work, and show that their OEF construction algorithm is faulty, i.e., it may produce some non-OEFs as output. We present improved algorithms which correct these problems, and give improved statistics for the number of OEFs.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.236-239
• /
• 2021

IoT 기기가 발전으로 블루투스 활용도와 보안에 대한 관심이 증가하면서, 블루투스와 관련된 취약점이 매년 발생하고 있다. 보안을 높이기 위하여 블루투스 4.2 버전부터 페어링 단계에서 타원곡선 디피-헬먼 키 교환을 적용하였지만 타원곡선 기반의 암호들은 양자컴퓨터의 발전과 Shor 알고리즘에 의해 더 이상 안전하다고 보기 어렵다. 본 논문에서는 양자 환경에서 발생할 법한 블루투스 관련 취약점을 미연에 방지하기 위하여 페어링 단계에 적용된 기존의 암호 대신 양자 내성 암호 NewHope를 적용한 블루투스 모델을 제안한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.151-162
• /
• 1995

보다 짧은 길이의 덧셈/뺄셈 사슬($addition_{traction-chain}$)을 찾는 문제는 정수론을 기반으로 하는 많은 암호시스템들에 있어서 중요한 문제이다. 특히, RSA에서의 모듈라멱승(modular exponentiation)이나 타원 곡선(elliptic curve)에서의 곱셈 연산시간은 덧셈사슬(addition-chain) 또는 덧셈/뺄셈 사슬의 길이와 정비례한다 본 논문에서는 덧셈/뻘셈 사슬을 구하는 새로운 알고리즘을 제안하고, 그 성능을 분석하여 기존의 방법들과 비교한다. 본 논문에서 제안하는 알고리즘은 작은윈도우(small-window) 기법을 기반으로 하고, 뺄셈을사용해서 윈도우의 개수를 최적화함으로써 덧셈/뺄셈 사슬의 길이를 짧게 한다. 본 논문에서 제안하는 알고리즘은 512비트의 정수에 대해 평균길이 595.6의 덧셈/뺄셈 사슬을 찾는다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1019-1025
• /
• 2012

Fault attacks manipulate the computation of an algorithm and get information about the private key from the erroneous result. It is the most powerful attack for the cryptographic device. Currently, the research on error detection methods and fault attacks have been studied actively. S. Pontarelli et al. introduced an error detection method in 2009. It can detect an error that occurs during Elliptic Curve Scalar Multiplication (ECSM). In this paper, we present a new fault attack. Our attack can avoid the error detection method introduced by S. Pontarelli et al. We inject a bit flip error in the Euclidean Addition Chain (EAC) on the private key in ECSM and retrieve the private key.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.293-298
• /
• 2009

In this contribution, a 193-bit elliptic curve cryptography coprocessor was implemented on an FPGA board. Optimized algorithms and numerical expressions which had been verified through C program simulation, should be analyzed again with HDL (hardware description language) such as Verilog, so that the verified ones could be modified to be applied directly to hardware implementation. The reason is that the characteristics of C programming language design is intrinsically different from the hardware design structure. The hardware IP which was double-checked in view of hardware structure together with algoritunic verification, was implemented on the Altera CycloneII FPGA device equipped with ARM9 microprocessor core, to a real chip prototype, using Altera embedded system development tool kit. The implemented finite field calculation IPs can be used as library modules as Elliptic Curve Cryptography finite field operations which has more than 193 bit key length.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1925-1928
• /
• 2003

컴퓨터와 네트워크의 보급이 일반화되면서 인터넷을 통한 정보전달이 일상 생활처럼 되고 있다. 기존에는 정보를 전달하기 위한 방법이 주로 전자메일에 한정되어 있던 것에 반해, 요즘은 좀 더 즉각적으로 메시지를 전달해주는 인스턴트 메신저를 많이 사용하고 있다. 인스턴트 메신저는 이러한 장점으로 인해 국내에서도 사용자가 급속하게 늘고 있다. 현재 사용하고 있는 대부분의 인스턴트 메신저는 서버에 로그 온 할 때 패스워드를 대칭키 암호기술로 암호화해서 보내지만 패스워드 크래킹 프로그램들이 많이 알려져 있어 전송되는 정보가 제 3자에 의한 암호 해독이 가능하게 된다. 또한 키 분배 및 관리에 있어서 어려움이 있다. 대칭키 암호기술의 어려움을 극복하는 방안으로 제안되었던 공개키 암호기준은 키 분배 및 관리는 편리해졌지만 알고리즘이 더 복잡하고 키의 길이가 상당히 길어 많은 제약이 따르며 처리속도가 오래 걸린다는 단점을 지닌다.[1] 이에 대안으로 제안된 타원곡선 암호체계(Elliptic Curve Cryptography, ECC)는 동일한 키 사이즈를 갖는 다른 암호체계보다 훨씬 강하다고 알려져 있다. 본 논문에서는 ECC를 이용하여 빠르고 효율적이며 높은 안전도를 나타내는 인스턴트 메신저에서의 패스워드 키 교환 방식을 설계한다.