Modular inverse arithmetic plays an important role in elliptic curve cryptography. Based on the analysis of Montgomery modular inversion algorithm, this paper presents a new dual-field modular inversion algorithm, and...Modular inverse arithmetic plays an important role in elliptic curve cryptography. Based on the analysis of Montgomery modular inversion algorithm, this paper presents a new dual-field modular inversion algorithm, and a novel scalable and unified architecture for Montgomery inverse hardware in finite fields GF(p) and GF(2n) is proposed. Furthermore, this architecture based on the new modular inversion algorithm has been verified by modeling it in Verilog-HDL, and accomplished it under 0.18 μm CMOS technology. The result indicates that our work has better performance and flexibility than other works.展开更多
Modular inversion is one of the key arithmetic operations in public key cryptosystems, so low-cost, high-speed hardware implementation is absolutely necessary. This paper presents an algorithm for prime fields for ha...Modular inversion is one of the key arithmetic operations in public key cryptosystems, so low-cost, high-speed hardware implementation is absolutely necessary. This paper presents an algorithm for prime fields for hardware implementation. The algorithm involves only ordinary addition/subtraction and does not need any modular operations, multiplications or divisions. All of the arithmetic operations in the algorithm can be accomplished by only one adder, so it is very suitable for fast very large scale integration (VLSI) implementation. The VLSI implementation of the algorithm is also given with good performance and low silicon penalty.展开更多
Public key cryptographic (PKC) algorithms, such as the RSA, elliptic curve digital signature algorithm (ECDSA) etc., are widely used in the secure communication sys- tems, such as OpenSSL, and a variety of in- for...Public key cryptographic (PKC) algorithms, such as the RSA, elliptic curve digital signature algorithm (ECDSA) etc., are widely used in the secure communication sys- tems, such as OpenSSL, and a variety of in- formation security systems. If designer do not securely implement them, the secret key will be easily extracted by side-channel attacks (SCAs) or combinational SCA thus mitigat- ing the security of the entire communication system. Previous countermeasures of PKC im- plementations focused on the core part of the algorithms and ignored the modular inversion which is widely used in various PKC schemes. Many researchers believe that instead of straightforward implementation, constant time modular inversion (CTMI) is enough to resist the attack of simple power analysis combined with lattice analysis. However, we find that the CTMI security can be reduced to a hidden t-bit multiplier problem. Based on this feature, we firstly obtain Hamming weight of interme- diate data through side-channel leakage. Then, we propose a heuristic algorithm to solve the problem by revealing the secret (partial and full) base of CTMI. Comparing previous nec-essary input message for masking filtering, our procedure need not any information about the secret base of the inversion. To our knowl- edge, this is the first time for evaluating the practical security of CTM! and experimental results show the fact that CTMI is not enough for high-level secure communication systems.展开更多
基金Supported by the National High Technology Research and Development Program of China (863 Program) (No. 2008AA01Z103)
文摘Modular inverse arithmetic plays an important role in elliptic curve cryptography. Based on the analysis of Montgomery modular inversion algorithm, this paper presents a new dual-field modular inversion algorithm, and a novel scalable and unified architecture for Montgomery inverse hardware in finite fields GF(p) and GF(2n) is proposed. Furthermore, this architecture based on the new modular inversion algorithm has been verified by modeling it in Verilog-HDL, and accomplished it under 0.18 μm CMOS technology. The result indicates that our work has better performance and flexibility than other works.
基金Supported by the Prom otion Plan of the Ministry of E-ducation and the National Natural Science Foundationof China(No.2 0 0 2 AA14 10 4 0 )
文摘Modular inversion is one of the key arithmetic operations in public key cryptosystems, so low-cost, high-speed hardware implementation is absolutely necessary. This paper presents an algorithm for prime fields for hardware implementation. The algorithm involves only ordinary addition/subtraction and does not need any modular operations, multiplications or divisions. All of the arithmetic operations in the algorithm can be accomplished by only one adder, so it is very suitable for fast very large scale integration (VLSI) implementation. The VLSI implementation of the algorithm is also given with good performance and low silicon penalty.
基金supported by the Key Technology Research and Sample-Chip Manufacture on Resistance to Physical Attacks at Circuit Level(546816170002)
文摘Public key cryptographic (PKC) algorithms, such as the RSA, elliptic curve digital signature algorithm (ECDSA) etc., are widely used in the secure communication sys- tems, such as OpenSSL, and a variety of in- formation security systems. If designer do not securely implement them, the secret key will be easily extracted by side-channel attacks (SCAs) or combinational SCA thus mitigat- ing the security of the entire communication system. Previous countermeasures of PKC im- plementations focused on the core part of the algorithms and ignored the modular inversion which is widely used in various PKC schemes. Many researchers believe that instead of straightforward implementation, constant time modular inversion (CTMI) is enough to resist the attack of simple power analysis combined with lattice analysis. However, we find that the CTMI security can be reduced to a hidden t-bit multiplier problem. Based on this feature, we firstly obtain Hamming weight of interme- diate data through side-channel leakage. Then, we propose a heuristic algorithm to solve the problem by revealing the secret (partial and full) base of CTMI. Comparing previous nec-essary input message for masking filtering, our procedure need not any information about the secret base of the inversion. To our knowl- edge, this is the first time for evaluating the practical security of CTM! and experimental results show the fact that CTMI is not enough for high-level secure communication systems.
