A 3.40ms/GF(p521) and 2.77ms/GF(2521) DF-ECC processor with side-channel attack resistance

Jen Wei Lee; Szu Chi Chung; Hsie-Chia Chang; Chen-Yi Lee

doi:10.1109/ISSCC.2013.6487632

A 3.40ms/GF(p₅₂₁) and 2.77ms/GF(2⁵²¹) DF-ECC processor with side-channel attack resistance

Jen Wei Lee^*, Szu Chi Chung, Hsie-Chia Chang, Chen-Yi Lee

^*Corresponding author for this work

Institute of Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

Public-key cryptosystems (Fig. 3.3.1) have been widely developed for ensuring the security of information exchange in network communications, financial markets, private data storage, and personal identification devices. In contrast to the well-known RSA algorithm, elliptic curve cryptography (ECC) provides the same security level with a shorter key size. As specified in IEEE P1363 (Standard Specifications for Public Key Cryptography), ECC arithmetic is required to provide not only dual-field operations over GF(p) and GF(2 ^m) but also arbitrary elliptic curves (EC) for different requirements, such as encryption, signature, and key exchange. In this paper, a solution supporting a 521b key size is proposed to accelerate the most time-critical elliptic curve scalar multiplication (ECSM). It computes multiple points KP = P + P +... + P, where K is the private key and P is an EC point. In addition, side-channel attack resistance is implemented to prevent information leakage from simple power-analysis (SPA), differential power-analysis (DPA) [1], zero-value point (ZVP) [2], and doubling attacks [3].

Original language	English
Title of host publication	2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers
Pages	50-51
Number of pages	2
DOIs	https://doi.org/10.1109/ISSCC.2013.6487632
State	Published - 2013
Event	2013 60th IEEE International Solid-State Circuits Conference, ISSCC 2013 - San Francisco, CA, United States Duration: 17 Feb 2013 → 21 Feb 2013

Publication series

Name	Digest of Technical Papers - IEEE International Solid-State Circuits Conference
Volume	56
ISSN (Print)	0193-6530

Conference

Conference	2013 60th IEEE International Solid-State Circuits Conference, ISSCC 2013
Country/Territory	United States
City	San Francisco, CA
Period	17/02/13 → 21/02/13

Access to Document

10.1109/ISSCC.2013.6487632

Cite this

Lee, J. W., Chung, S. C., Chang, H.-C., & Lee, C.-Y. (2013). A 3.40ms/GF(p₅₂₁) and 2.77ms/GF(2⁵²¹) DF-ECC processor with side-channel attack resistance. In 2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers (pp. 50-51). Article 6487632 (Digest of Technical Papers - IEEE International Solid-State Circuits Conference; Vol. 56). https://doi.org/10.1109/ISSCC.2013.6487632

@inproceedings{31b221c3e3694d45a9fad676cb5be141,

title = "A 3.40ms/GF(p521) and 2.77ms/GF(2521) DF-ECC processor with side-channel attack resistance",

abstract = "Public-key cryptosystems (Fig. 3.3.1) have been widely developed for ensuring the security of information exchange in network communications, financial markets, private data storage, and personal identification devices. In contrast to the well-known RSA algorithm, elliptic curve cryptography (ECC) provides the same security level with a shorter key size. As specified in IEEE P1363 (Standard Specifications for Public Key Cryptography), ECC arithmetic is required to provide not only dual-field operations over GF(p) and GF(2 m) but also arbitrary elliptic curves (EC) for different requirements, such as encryption, signature, and key exchange. In this paper, a solution supporting a 521b key size is proposed to accelerate the most time-critical elliptic curve scalar multiplication (ECSM). It computes multiple points KP = P + P +... + P, where K is the private key and P is an EC point. In addition, side-channel attack resistance is implemented to prevent information leakage from simple power-analysis (SPA), differential power-analysis (DPA) [1], zero-value point (ZVP) [2], and doubling attacks [3].",

author = "Lee, {Jen Wei} and Chung, {Szu Chi} and Hsie-Chia Chang and Chen-Yi Lee",

year = "2013",

doi = "10.1109/ISSCC.2013.6487632",

language = "English",

isbn = "9781467345132",

series = "Digest of Technical Papers - IEEE International Solid-State Circuits Conference",

pages = "50--51",

booktitle = "2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers",

note = "2013 60th IEEE International Solid-State Circuits Conference, ISSCC 2013 ; Conference date: 17-02-2013 Through 21-02-2013",

}

Lee, JW, Chung, SC, Chang, H-C & Lee, C-Y 2013, A 3.40ms/GF(p₅₂₁) and 2.77ms/GF(2⁵²¹) DF-ECC processor with side-channel attack resistance. in 2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers., 6487632, Digest of Technical Papers - IEEE International Solid-State Circuits Conference, vol. 56, pp. 50-51, 2013 60th IEEE International Solid-State Circuits Conference, ISSCC 2013, San Francisco, CA, United States, 17/02/13. https://doi.org/10.1109/ISSCC.2013.6487632

A 3.40ms/GF(p₅₂₁) and 2.77ms/GF(2⁵²¹) DF-ECC processor with side-channel attack resistance. / Lee, Jen Wei; Chung, Szu Chi; Chang, Hsie-Chia et al.
2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers. 2013. p. 50-51 6487632 (Digest of Technical Papers - IEEE International Solid-State Circuits Conference; Vol. 56).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A 3.40ms/GF(p521) and 2.77ms/GF(2521) DF-ECC processor with side-channel attack resistance

AU - Lee, Jen Wei

AU - Chung, Szu Chi

AU - Chang, Hsie-Chia

AU - Lee, Chen-Yi

PY - 2013

Y1 - 2013

N2 - Public-key cryptosystems (Fig. 3.3.1) have been widely developed for ensuring the security of information exchange in network communications, financial markets, private data storage, and personal identification devices. In contrast to the well-known RSA algorithm, elliptic curve cryptography (ECC) provides the same security level with a shorter key size. As specified in IEEE P1363 (Standard Specifications for Public Key Cryptography), ECC arithmetic is required to provide not only dual-field operations over GF(p) and GF(2 m) but also arbitrary elliptic curves (EC) for different requirements, such as encryption, signature, and key exchange. In this paper, a solution supporting a 521b key size is proposed to accelerate the most time-critical elliptic curve scalar multiplication (ECSM). It computes multiple points KP = P + P +... + P, where K is the private key and P is an EC point. In addition, side-channel attack resistance is implemented to prevent information leakage from simple power-analysis (SPA), differential power-analysis (DPA) [1], zero-value point (ZVP) [2], and doubling attacks [3].

AB - Public-key cryptosystems (Fig. 3.3.1) have been widely developed for ensuring the security of information exchange in network communications, financial markets, private data storage, and personal identification devices. In contrast to the well-known RSA algorithm, elliptic curve cryptography (ECC) provides the same security level with a shorter key size. As specified in IEEE P1363 (Standard Specifications for Public Key Cryptography), ECC arithmetic is required to provide not only dual-field operations over GF(p) and GF(2 m) but also arbitrary elliptic curves (EC) for different requirements, such as encryption, signature, and key exchange. In this paper, a solution supporting a 521b key size is proposed to accelerate the most time-critical elliptic curve scalar multiplication (ECSM). It computes multiple points KP = P + P +... + P, where K is the private key and P is an EC point. In addition, side-channel attack resistance is implemented to prevent information leakage from simple power-analysis (SPA), differential power-analysis (DPA) [1], zero-value point (ZVP) [2], and doubling attacks [3].

UR - http://www.scopus.com/inward/record.url?scp=84876514850&partnerID=8YFLogxK

U2 - 10.1109/ISSCC.2013.6487632

DO - 10.1109/ISSCC.2013.6487632

M3 - Conference contribution

AN - SCOPUS:84876514850

SN - 9781467345132

T3 - Digest of Technical Papers - IEEE International Solid-State Circuits Conference

SP - 50

EP - 51

BT - 2013 IEEE International Solid-State Circuits Conference, ISSCC 2013 - Digest of Technical Papers

T2 - 2013 60th IEEE International Solid-State Circuits Conference, ISSCC 2013

Y2 - 17 February 2013 through 21 February 2013

ER -