Elliptic Curve Cryptography over GF(2 ) on a Reconfigurable Computer: Polynomial Basis vs. Optimal Normal Basis Representation Comparative Study

shoulderslyricalΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

71 εμφανίσεις


Elliptic Curve Cryptography
over GF(2
m
)

on a Reconfigurable Computer:

Polynomial Basis vs. Optimal Normal Basis
Representation
Comparative Study


Kris Gaj,
Sashisu Bajracharya, Chang Shu, Sang Han

George Mason University

kgaj@gmu.edu, sbajrach@gmu.edu, c
shu@gmu.edu


Tarek El
-
Ghazawi

The George Washington Universit
y


tarek@gwu.edu



Reconfigurable Computers are high
-
end computers based on the close system
-
level
integration of traditional microprocessors and Field Programmable Gate Arrays (FPGAs).
P
ublic ke
y cr
yptography

is particularly suitable for implementation on
FPGAs rather than
traditional microprocessors
because of the need for computationally intensive arithmetic
operations with unconv
entionally long operand
size
s

of several hundreds or even
thousan
ds of bits.
Elliptic Curve Cryptosystems (ECCs) are a family of public
cryptosystems that has emerged over the last ten years as a transformation

of choice for
use

in

future communication networks.

In this paper
,

we present and contrast two fundamentally d
ifferent families of Elliptic
Curve Cryptosystems

from the point

of view of their suitability for

implementation on a
reconfigurable computer. Both families are based on operations in the Galois Fields
GF(2
m
) with m in the range from 160 to 512 bits. They
differ in the way the operands are
represented, and the way of defining multiplicatio
n of two components of the
Galois
Field
GF(2
m
)
.

Our goal is to determine which of the two possible
Galois Field
representations:
Polynomial Basis or Optimal Normal Basis (
ONB) is more suitable for an
implementation on a reconfigurable computer.
This suitability is determined in terms of
both an absolute execution time, as well as in terms of the speed
-
up compared to a purely
microprocessor
-
based implementation.

As a platfo
rm for our experiments, we have chosen one of the first general
-
purpose,
stand
-
alone reconfigurable computers available on the market, SRC
-
6E

from SRC
Compu
ters Inc. This machine allows an application to be executed on two User FPGAs
Xilinx Virtex

II
XC2V6
000
, and two microprocessors P3
with
1 GHz

clock
.

The
first
tentati
ve results of
the
implementation

of
both classes of Elliptic Curve
Cryptosystems using SRC
-
6E

have been reported in our earlier publications

[
1, 2
]
.

While
these publications gave the first
rough estimate of the speed
-
up that can be achieved
using both approaches, they used different implementation approaches and optimizations,
and as a result were not very suitable for comparison.

In this paper, our attempt is to implement both classes of E
lliptic Cu
rve Cryptosystems
using
very
similar techniques and optimizations, and
allow differences

only for
operations that are fundamentally different in both investigated representations.

In particular,

the following ECC operations and the ways of their
implementation are
common for both Galois Field representations:

1. scalar multiplication performed using Montgomery Scalar Multiplication with
Projective Coordinates [
3
],

2. Elliptic Curve addition and doubling performed in Projective Coordinates [
3
],

3.
Transformation from Projective Coordinates to Affine Coordinates.

The two operations that are specific to a given representation are:

1.

Galois Field multiplication and squaring, and

2.

Galois Field inversion
.

Since the optimal ways of performing these operation
s are substantially different in each
representation, an effort has been made to devote
the
similar

amount of

time and effort to
their optimizations. The limitation in both cases comes from the limit on the maximum
clock frequency, which is set to 100 MHz,

and is fixed in the SRC architecture.

Based on the tentative results, we predict that our implementations will result in
similar absolute execution times for both Galois Field representations, and that t
he speed
-
up compared to a microprocessor
-
based imple
mentation

will be substantially
higher for
the Optimal Normal Basis representation. This speed up has been estimated to be in the
range from 895 to 1300 depending on the chosen algorithm description partitioning
scheme (the amount of code written in VHDL v
s. C).

While earlier publications (e.g., [
4
]) regarding implementations of cryptography on
reconfigurable computers have already proven the capability of accomplishing a 1000x
speed
-
up compared to the microprocessor
-
based

implementations in terms of the da
ta
throughput, this is a first publication that shows a comparable speed
-
up for data latency.
This speed
-
up is even more remarkable taking into account that the selected operation has
only limited amount of intrinsic parallelism, and cannot be easily sped
up by multiple
instantiations of the same computational unit.


References


1.

Nguyen N., Gaj K., Caliga D., El
-
Ghazawi T., “Implementation of Elliptic Curve
Cryptosystems on a Reconfigurable Computer,” IEEE International Conference on Field
-
Programmable Techn
ology, FPT 2003, Tokyo, Japan, Dec. 2003.

2.

Bajracharya, S., Shu, C., Gaj, K., El
-
Ghazawi, K., “Implementation of Elliptic Curve
Cryptosystems over GF(2
n
) in Optimal Normal Basis on a Reconfigurable Computer,”
14
th
International Conference on Field Programma
ble
Logic and Applications, FPL 2004,
Antwerp, Belgium, Aug.
-
Sep. 2004 (in print).

3.

López, J., and Dahab, R.:

Fast Multiplication on Elliptic Curves over GF(2
m
) without
precomputation
,”

CHES’99, LNCS 1717, (1999)

4.

Fidanci O. D., Poznanovic D., Gaj K., El
-
G
hazawi K., and Alexandridis N., "Performance
and Overhead in a Hybrid Reconfigurable Computer," Reconfigurable Architecture
Workshop, RAW 2003, Nice, France, Apr. 2003.