• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.931-934
• /
• 2005

The scalar point multiplication operations is one of the most time-consuming components in elliptic curve cryptosystems. In this paper, we suggest how to induce the point-quadruple (4Q) operation by improving the double-and-add method, which has been a prevailing computing method for calculating the result of a scalar point multiplication. Induced and drived numerical expressions were evaluated and verified by a real application using C programming language. The induced algorithm can be applied to a various kind of calculations in elliptic curve operations more efficiently and by a faster implementation.

• Journal of IKEEE
• /
• v.25 no.1
• /
• pp.174-179
• /
• 2021

An Edwards curve cryptography (EdCC) core supporting point scalar multiplication (PSM) on Edwards curves of Edwards25519 and Edwards448 was designed. For area-efficient implementation, finite field multiplier based on word-based Montgomery multiplication algorithm was designed, and the extended twisted Edwards coordinates system was adopted to implement point operations without division operation. As a result of synthesizing the EdCC core with 100 MHz clock, it was implemented with 24,073 equivalent gates and 11 kbits RAM, and the maximum operating frequency was estimated to be 285 MHz. The evaluation results show that the EdCC core can compute 299 and 66 PSMs per second on Edwards25519 and Edwards448 curves, respectively. Compared to the ECC core with similar structure, the number of clock cycles required for 256-bit PSM was reduced by about 60%, resulting in 7.3 times improvement in computational performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.169-177
• /
• 2003

We establish the security requirements and derive a generic condition of elliptic curve scalar multiplication to resist against DPA and Goubin’s attack. Also we show that if a scalar multiplication algorithm satisfies our generic condition, then both attacks are infeasible. Showing that the randomized signed scalar multiplication using Ha-Moon's receding algorithm satisfies the generic condition, we recommend the randomized signed scalar multiplication using Ha-Moon's receding algorithm to be protective against both attacks. Also we newly design a random recoding method to Prevent two attacks. Finally, in efficiency comparison, it is shown that the recommended method is a bit faster than Izu-Takagi’s method which uses Montgomery-ladder without computing y-coordinate combined with randomized projective coordinates and base point blinding or isogeny method. Moreover. Izu-Takagi’s method uses additional storage, but it is not the case of ours.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.45-51
• /
• 2002

As Koblitz curve, the Frobenius endomorphism is know to be useful in efficient implementation of multiplication on non-supersingular elliptic cures defined on small finite fields of characteristic two. In this paper a method using the extended Frobenius endomorphism to speed up scalar multiplication is introduced. It will be shown that the proposed method is more efficient than Muller's block method in ［5］ because the number of point addition for precomputation is small but on the other hand the expansion length is almost same.

• Proceedings of the IEEK Conference
• /
• 2002.06b
• /
• pp.345-348
• /
• 2002

This paper presents new fast scalar multiplier of elliptic curve cryptosystem that is regarded as next generation public-key crypto processor. For fast operation of scalar multiplication a finite field multiplier is designed with LFSR type of bit serial structure and a finite field inversion operator uses extended binary euclidean algorithm for reducing one multiplying operation on point operation. Also the use of the window non-adjacent form (WNAF) method can reduce addition operation of each other different points.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.1
• /
• pp.143-152
• /
• 2012

In this paper hardware implementation of GF($2^{191}$) elliptic curve cryptographic coprocessor which supports 7 operations such as scalar multiplication(kP), Menezes-Vanstone(MV) elliptic curve cipher/decipher algorithms, point addition(P+Q), point doubling(2P), finite-field multiplication/division is described. To meet structure resistant against simple power analysis, the ECC processor adopts the Montgomery scalar multiplication scheme which main loop operation consists of the key-independent operations. It has operational characteristics that arithmetic units, such GF_ALU, GF_MUL, and GF_DIV, which have 1, (m/8), and (m-1) fixed operation cycles in GF($2^m$), respectively, can be executed in parallel. The processor has about 68,000 gates and its simulated worst case delay time is about 7.8 ns under 0.35um CMOS technology. Because it has about 320 kbps cipher and 640 kbps rate and supports 7 finite-field operations, it can be efficiently applied to the various cryptographic and communication applications.

• ETRI Journal
• /
• v.21 no.1
• /
• pp.28-39
• /
• 1999

Koblitz has suggested to use "anomalous" elliptic curves defined over ${\mathbb{F}}_2$, which are non-supersingular and allow or efficient multiplication of a point by and integer, For these curves, Meier and Staffelbach gave a method to find a polynomial of the Frobenius map corresponding to a given multiplier. Muller generalized their method to arbitrary non-supersingular elliptic curves defined over a small field of characteristic 2. in this paper, we propose an algorithm to speed up scalar multiplication on an elliptic curve defined over a small field. The proposed algorithm uses the same field. The proposed algorithm uses the same technique as Muller's to get an expansion by the Frobenius map, but its expansion length is half of Muller's due to the reduction step (Algorithm 1). Also, it uses a more efficient algorithm (Algorithm 3) to perform multiplication using the Frobenius expansion. Consequently, the proposed algorithm is two times faster than Muller's. Moreover, it can be applied to an elliptic curve defined over a finite field with odd characteristic and does not require any precomputation or additional memory.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.4
• /
• pp.548-555
• /
• 2022

This paper describes the hardware implementation of elliptic curve cryptography (ECC) used as a core operation in elliptic curve digital signature algorithm (ECDSA). The ECC processor supports eight operation modes (four point operations, four modular operations) on the NIST P-521 curve. In order to minimize computation complexity required for point scalar multiplication (PSM), the radix-4 Booth encoding scheme and modified Jacobian coordinate system were adopted, which was based on the complexity analysis for five PSM algorithms and four different coordinate systems. Modular multiplication was implemented using a modified 3-Way Toom-Cook multiplication and a modified fast reduction algorithm. The ECC processor was implemented on xczu7ev FPGA device to verify hardware operation. Hardware resources of 101,921 LUTs, 18,357 flip-flops and 101 DSP blocks were used, and it was evaluated that about 370 PSM operations per second were achieved at a maximum operation clock frequency of 45 MHz.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.356-360
• /
• 2006

Recently, many power analysis attacks have been proposed. Since the attacks are powerful, it is very important to implement cryptosystems securely against the attacks. We propose countermeasures against power analysis attacks for elliptic curve cryptosystems based on Koblitz curves (KCs), which are a special class of elliptic curves. That is, we make our countermeasures be secure against SPA, DPA, and new DPA attacks, specially RPA, ZPA, using a random point at each execution of elliptic curve scalar multiplication. And since our countermeasures are designed to use the Frobenius map of KC, those are very fast.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.117-121
• /
• 2007

Most existing countermeasures against classical DPA are vulnerable to new DPA, e.g., refined power analysis attack (RPA), zero-value point attack (ZPA), and doubling attack. More recently, Mamiya et al proposed a new countermeasure (so-called BRIP) against RPA, ZPA, classical DPA and SPA. This countermeasure, however, also has a vulnerability of scalar multiplication computations by exploiting specially chosen input message. Therefore, to prevent various power analysis attacks like DPA and new SPA, we propose an enhanced countermeasure by developing a new random blinding technique.