• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
High Speed and Low Space Complexity FPGA Based ECC Processor

High Speed and Low Space Complexity FPGA Based ECC Processor



services on...... embedded(ARM9,ARM11,LINUX,DEVICE DRIVERS,RTOS) VLSI-FPGA DIP/DSP PLC AND SCADA JAVA AND DOTNET iPHONE ANDROID If ur intrested in these project please feel free to contact ...

services on...... embedded(ARM9,ARM11,LINUX,DEVICE DRIVERS,RTOS) VLSI-FPGA DIP/DSP PLC AND SCADA JAVA AND DOTNET iPHONE ANDROID If ur intrested in these project please feel free to contact us@09640648777,Mallikarjun.V



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    High Speed and Low Space Complexity FPGA Based ECC Processor High Speed and Low Space Complexity FPGA Based ECC Processor Document Transcript

    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 2010 High Speed and Low Space Complexity FPGA Based ECC Processor Prof.Rahila Bilal Dr.M.Rajaram Anna University Anna University Associate Professor ,Dept. of ECE , Professor & HOD, Dept. of EEE, TPGIT, VELLORE -2. GCE, TIRUNELVELI.ABSTRACT methods. ECC hardware implementations requires lessElliptic Curve Cryptography is one of the most interested transistors. It is approximately 12 times faster than RSA. Withresearch topic in VLSI. Network security is becoming more and smaller key size, it provides equivalent security relative to RSA.more crucial as the volume of data being exchanged on theInternet increases. ECC offers high security for networking and 2.1 Finite Fieldscommunication. FPGA based architecture for elliptic curve Field can be taken as either complex numbers or real numberscryptography coprocessor ,which has promising performance in or rational numbers. Although elliptic curves can be defined onterms of both Space Complexity and Time Complexity is a variety of different fields, only finite fields are employed forproposed in this paper. The coprocessor consists of three levels cryptography. The elliptic curve operations over the realof operations, which are elements operations over binary finite numbers are slow and inaccurate due to round-off error. Tofield, point adding and doubling operations on elliptic curve and make operations on elliptic curve accurate and more efficient,scalar multiplication. the ECC is defined over finite fields. In this work on coprocessor, Point addition operationis performed with mixed coordinates to improve the Among them the following two finite fields offer theperformance of scalar multiplication . VHDL codes were most efficient and secure implementation.developed for all these operations. The modules are simulatedusing Modelsim SE software and synthesized using Xilinx ISE Prime field Fp and9.2i software. Experimental results show that ECC coprocessor Binary field F2mrealized in this architecture can speed up an elliptic curve scalarmultiplication suitable for low area constraint applications and ECC uses modular arithmetic or polynomial arithmetic for itsvery high speed applications. operations based on the field chosen.Keywords : ECC, FPGA, Binary Field, Mixed coordinates,point Addition, Point doubling and scalar multiplication. 2.2 Scalar Multiplication The most important operation in ECC is scalar multiplication. It1. INTRODUCTION is simply calculating kP.Cryptography is the science of keeping secrets. Traditionally, Q = kPencryption was used to transfer confidential matter amongst thehighest government agencies. Today, it is an important aspect of Where Q- public key which is also a point on the elliptic curveeveryday life. This is because of the k- Private key(scalar)importance of transferring messages such as credit card P- Base point on a curvenumbers, bank transactions, etc. safely over the network. Thesecurity of web transactions is extremely important because a This is the operation which is the key to the uselot of sensitive information are transmitted over the Internet. of elliptic curves for asymmetric cryptography. ECC arranges ECC is attractive in applications such as smart itself by encrypting a message with public key, decrypting acards, set-top boxes, low power portable devices (cell phone). message with private key. Scalar multiplication can beThe computationally intensive operation needed for ECC which computed by repeated point additions and point doublings.is implemented in hardware using FPGA technology hasnumerous advantages. For example, if k=31 then Q = [2( 2( 2( 2P+P)+P)+P)+P]2.ECC 2P - Point DoublingElliptic curve cryptography is one of the public key 2P+P - Point Additioncryptography like RSA, Diffie-Hellman. The main reason forchoosing ECC is that it offers high level of security with small 2.3 Co-ordinateskey size and smaller hardware realization than the other a. Affine co-ordinates 5
    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 2010Affine coordinate system is the ordinary Cartesian coordinate hardware implementation because it is carry free. Elementssystem with points (x ,y). The equation of the elliptic curve in operations over finite fields include finite field multiplication,affine coordinate is given by finite field addition and finite field squaring. In this project , L- D projective coordinate is used hence it avoids finite field inversion. The point doubling and addition requires inversion 3.1 Finite Field Multiplicationoperation and multiplication requires more inversions thanadding and squaring. Division of two numbers can be done byinversion operation. For example two points P and Q on theelliptic curve are represented in affine coordinates as (x 1,y1)and(x2,y2).Addition of these two points will result in R = P + Qwhich has a coordinate of (x3,y3). The coordinates of R are given by Fig : 1. Modular Multiplier Architecture for 4 bit . The architecture of the multiplier for bit 4 is depicted in Fig.1, in which logic AND gate and logic XOR gates are used for performing multiplication operation. The flow chart is Here to compute the coordinates of R we require two shown in Fig.inversion operations which is time consuming and costly forhardware implementation. So it is advantageous to representpoints using projective coordinates. Result = 0 Loop = 3b. Projective Co-ordinates Left shift Result (fill with 0) Projective coordinate system is a three coordinate Result = Result (A AND B)system with points (X,Y,Z).Any equation f (x,y)=0 of a curve in Loop = Loop-1the affine plane corresponds to an equation F(X,Y,Z)(Z ≠ 0)where F is obtained by replacing x=X/Z, y=Y/Z2 andmultiplying by a power of Z to clear the denominators. Loop = 0? Yes Done The equation of the elliptic curve in projectivecoordinate is Subtract No polynomial If Z = 0 in this equation, then Y2 = 0 i.e. = Yes Result. MSB0.Therefore,(1,0,0) is the only projective point that satisfies the =equation for which Z=0.This point is called the point at infinity.Due to the computational expense of inversion compared to Nomultiplication, projective coordinate methods have beenproposed which avoids the inversion operation. Currently thereare three popular projective coordinates1. Homogenous projective coordinate2 . Jacobian projective coordinate Fig:2 Flow chart for GF(2m) multiplication3.Lopez and Dahab (L-D) projective coordinate . When comparing the above three coordinates , the 3.2 Finite Field Addition and Squaringcomputation cost for L-D projective coordinates is less. Hencepoint arithmetic based on the Lopez - Dahab coordinate is the Addition of two elements over binary finite field can bemost efficient for hardware implementation.In this paper, Scalar finished easily with exclusive XOR logic circuit. Elementmultiplication operations are to be carried out with point adding squaring is also a necessary arithmetic in the field arithmetic, toin mixed coordinates i.e. one point is in affine and another point perform squaring arithmetic in FPGA just use register rotating.is in L-D projective coordinate and point doubling in L-Dprojective coordinates in the binary field. 3.3 Point operations on Elliptic curve Both point addition and doubling operations are foundation of3. FINITE FIELD ARITHMETIC scalar multiplication. Point operations includes two different points adding and two same point doubling. In this section, we Arithmetic of ECC is primarily based on several elements will discuss the implementation of point operations insideoperations over finite field which have advantage in terms of FPGA based coprocessor in L-D projective coordinates. 6
    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 2010 Since the modular inversion operation over field is a 3.6 Point Doubling formula in Projective co-time consuming operation, points on elliptic curve should berepresented in projective coordinates to avoid it. The points ordinatesaddition formula that do not involve modular inversion The point doubling operation is to add a point on the ellipticoperation can be derived by converting the point to affine curve with itself. Suppose point P( X1,Y1,Z1) and theprojective as x=X/Z, y=Y/Z2 at first, then clearing the projective coordinate form of doubling formula isdenominators. With the method mentioned above, the distinct 2P(X1,Y1,Z1) = Q(X2,Y2,Z2)points adding and the same point doubling formula can be Implementation of the operation requires 4 fieldderived. multiplications. The point doubling is computed 1. Z2 = Z12 + X123.4 Point addition -Projective co-ordinates 2. X2 = X14 + b.Z14As for two distinct points adding, suppose the first pointP(X1,Y1,Z1 ) and the second point Q(X2,Y2,Z2) are on elliptic 3. Y2 = bZ14 + X2.(aZ2 + Y12 + bZ14)curve, the adding result of the two different points isR(X3,Y3,Z3) as following 4. ALGORITHM - POINT OPERATION ( X1,Y1,Z1 ) + (X2 ,Y2,Z2 ) = (X3 ,Y3 ,Z3 ) The following algorithm implements a point addition and doubling in the projective coordinates.The two distinct points adding formula in pure projective Input: The field elements a and b defining a elliptic curve Ecoordinates is shown and it requires 13 field multiplications over GF(2m); projective coordinates (X1,Y1,Z1) andand no inversion since operation is done with projective (X2,Y2,Z2) for points P and Q on E.coordinates. Output: Projective coordinates (X3,Y3,Z3 )for the point R = P + 1. A0 = Y2 ·Z12 9. Z3 = F2 Q. Steps 2. A1 = Y1·Z22 10. G = D2·(F+aE2) 3. B0 = X2·Z1 11. H = C·F 1. If Z1=0, then output (X3,Y3,Z3) = (X2,Y2,Z2) and stop. 4. B1 = X1·Z2 12. X3 = C2 + H + G 2. If Z2=0, then output (X3,Y3,Z3) = (X1,Y1,Z1) and stop. 5. C = A0+A1 13. I = D2·B0·E + X3 3. Set(X3,Y3,Z3)=Add[(X1,Y1,Z1), (X2,Y2,Z2)]. 6. D = B0+B1 14. J = D2·A0 + X3 4. If (X3,Y3,Z3)=(0,0,0), then 7. E = Z1·Z2 15. Y3 = H·I + Z3·J set (X3,Y3,Z3)=Double[(X1,Y1,Z1)] 8. F = D·E 5. Output(X3, Y3, Z3).3.5 Point Addition – Mixed Co-ordinates STARTWhen using the double and add method for scalar multiplicationk·P the point P is never modified in all distinct point adding. Inmixed coordinates (one is projective point and the other is INPUT P(X1, Y1, Z1) andaffine point) the point P maintaining in affine coordinates will Q(X2, Y2, Z2)simplify the computing. The point adding in mixed coordinatesis shown which requires only 9 field multiplications. Yes( X0, Y0, Z0 ) + ( X1, Y1, 1 ) = ( X2, Y2, Z2 ) is computed by If Z1 = 0 1. A = Y1·Z02+Y0 6. E = A·C N R=Q 2.B = X1·Z0 + X0 7.X2 = A2 + D + E o 3.C = Z0·B 8.F = X2 + X1·Z2 If Z2 = 0 Yes 4.D = B2·(C + aZ0) 9. G = X2 + Y1·Z22 0 R =P 5. Z2 = C2 10.Y2 = E·F + Z2. N o Compared with pure projective coordinates, mixed R=P+Qcoordinates has reduced computational steps and it requires lesstime and less area. Yes If R = 0 Table 1 Comparison for point addition R = 2P NCoordinates Multiplication Squaring Addition o Output R PureProjective 13 6 8 STOP Mixed 9 4 8 Fig : 3 Flow chart - Point Addition and Point Doubling in Projective co-ordinates 7
    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 2010With finite field addition, finite field squaring and finite field YYP XXPmultiplication arithmetic implemented in FPGA device, thepoint addition module inside coprocessor can be realized. YYP XXP+YYP5. ALGORITHM - SCALAR MULTIPLICATION 0 1 sel_1Scalar Multiplication Q=kp can be computed by repeated point 0 X0 YQ XXPaddition and point doubling.In general, first point doubling Y1operation is performed and its output is used as one of the input startto the point addition. The coordinates of point p is represented POINT ADDITION/DOUBLING _addition addition_doneas XXp and YYp. POINT ADDITION / DOUBLINGInput: An integer k ≥ 0 and X3 XXP+YYP YYP Y3 XXPa base point P = (x,y) Є E.Output: Q = Kp 1,2 0 2 1 0 If k = 0 or x =0 then output (0,0) sel_2 and stop. 0 next_xQ next_yQ initially assign xxP =X, YYP =Y for k in 1 to m-1 loop > XQ Buffer YQ Buffer Initially : 1 ce_Q If p is positive then load XXP ← X,Y1 ← YYP else XQ YQ XXP ← X, Y1 ← XXP+YYP Q_infinity If start_addition is 0(XQ,YQ) = Double (XXP,Y1) else(XQ,YQ) = Add (XXP,Y1 and XQ,YQ); Fig:5 Architecture of Scalar multiplying moduleend loop; 6. RESULTSoutput (XQ,YQ) 6.1 Simulation Results START INPUT x and y Calculate X1, Z1, X2 and Z2 For j <= l-2 to 0 Yes No kj = 1? ADD(X1, Z1, X2, Z2), ADD(X2, Z2, X1, Z1), DBL(X2 , Z2) DBL(X1 , Z1) Convert projective to affine coordinates STOPFig:4-Scalar multiplication in Projective co-ordinates Fig:.6.Simulation - Point addition m = 163 in mixed co-ordinates. Fig:7 Simulation - Point doubling for m = 163 in mixed co- ordinates 8
    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 2010 50 45 40 35 30 25 pure projec tive 20 mixed Time (ns) 15 10 5 0 4 8 16 16 No. of bits (m) 163 Fig. 10. Time Vs No. of bits (m) for Point Addition It is obvious from the chart that area and time consumption is lesser in mixed coordinates than pure projective coordinates. Similarly for various bit sizes (m), the area required and time consumed to realize scalar multiplication where point Fig:8 Simulation - Scalar multiplication m = 163 using addition is in mixed coordinates and point doubling is in pure point addition in mixed co-ordinates and point doubling in projective coordinates are shown in Fig. 11 and Fig:12 pure projective co-ordinates. respectively 4000 6.2 Xilinx Synthesis Report 3500 3000 Synthesis was done for point addition for different bit sizes like 2500 m=4, m=8, m=16 and m=163 in pure projective and mixed No. of Slices 2000 pure projec tive coordinates 1500 mix ed 6.3 Performance comparison between 1000 Coordinates 500 When comparing the area required and time consumption 0 for performing point addition in pure projective coordinates and 4 8 16 163 16 mixed coordinates , the time consumption in the mixed coordinates is considerably reduced because of less number of conversions required. No. of bits (m) For Comparison chart for different bit sizes (m), the area required and the time consumed to perform point addition in Fig. 11. No. of Slices Vs No. of bits(m) for Scalar both pure projective and mixed coordinates are shown in Fig: 9 multiplication and Fig: 10 respectively. 60 4000 50 3500 40No. of Slices 3000 30 pure projec tive 2500 mix ed 20 2000 pure projective Time (ns) mixed 10 1500 1000 0 4 8 16 16 500 163 0 4 8 16 16 163 No. of bits (m) Fig. 12 Time Vs No. of bits (m) for Scalar multiplication No. of bits (m) Here due to point addition in mixed coordinates the total Fig. 9.No. of Slices Vs No. of bits (m) for Point Addition. time to complete scalar multiplication is lesser than in pure projective coordinates. 9
    • International Journal of Computer Applications (0975 – 8887) Volume 8– No.3, October 20107. CONCLUSION AND FUTURE WORKFor ECC, Scalar multiplication is the core operation to convert [7] Michael Jung, “FPGA Based Implementation of an Ellipticthe given plain text to the cipher text . Scalar multiplication can Curve Coprocessor Utilizing Synthesizable VHDL code”,be performed using Darmstadt University of Technology.point addition and point doubling. Point addition can be carried [8] Reyhani-Masoleh,A and Hasan, M.A. (2002), “Efficientout with mixed coordinates to reduce the number of conversions Digital Serial Normal Basis Multipliers over GF(2 m )”, infrom affine to projective coordinates. Therefore the time taken proceedings of IEEE International Symposium on Circuits andand area required to perform point addition is reduced in mixed Systems (ISCAS 2002), pp781-784.coordinates when compared with pure projective coordinates. [9] Souichi Okada, Naoya Torii, Kouichi Itoh and MasahikoPoint doubling is done with projective coordinates. Finally, Takenaka, (2000), “Implementation of Elliptic curvescalar multiplication is carried out by using the Lopez – Dahab Cryptographic Coprocessor over GF(2 m ) on an FPGA”,algorithm in order to reduce the number of inversions required. pp.25-40. Verilog code for Point operations and Scalar multiplication [10] Sunar, B. Koc, C.K. (2001), “An Efficient Optimalin pure projective coordinates was developed and simulated Normal Basis Type II Multiplier”. Computers, IEEEusing Modelsim 5.5e, for various values of m such as 4, 8 and Transactions, pp. 83-87.16. The code was synthesized with Xilinx 9.2i using Virtex 4,4vlx15sf363-12 as the target device.Then the VHDL codes for [11] WANG You-Bo, DONG Xiang-Jun, TIAN Zhi-Guangthe above three operations were developed and finally the test (2007), “FPGA Based Design of Elliptic Curve Cryptographybench for point addition, point doubling and Scalar Coprocessor”, IEEE Third International Conference on Naturalmultiplication in mixed coordinates were created and simulated Computation, ICNC 2007.using Modelsim 5.7f for the binary fields 4, 8, 16 and 163. [12] William N. Chelton, Mohammed Benaissa (2008), “ Fast From the graph shown the area required and as well as the Elliptic Curve Cryptography on FPGA”, IEEE Transactions ontime consumption in mixed coordinates is reduced. In future, Very Large Scale Integration (VLSI) systems, vol. 16,No.2.the algorithms using pipelining and parallelism can bedeveloped to improve the efficiency of the coprocessor. 9. BIOGRAPHIES8. REFERENCES Prof. Rahila Bilal is working as an Associate Professor in[1] Chang shu, K.G. and Tarek El-Ghazawi (2005), “Low Thanthai Periyar Government Institute Of Technology,Latency Elliptic curve Cryptography Accelerators for NIST Vellore, affiliated to Anna university, Chennai. Has got 23curves over Binary field”, ICFPT(2005) years of Teaching experience. She has presented many papers in[2] Erlangung des .D (Dr. rer. nat.), National and International Conferences Has been the co-Naturwissenschaftlichen .F, Reinischen .F.W (2006),“ Efficient coordinator in conducting the International Conference andImplementation of Elliptic Curve Cryptography on FPGAs”. various workshops .[3] Jian Huang, (2007), “ FPGA implementations of Elliptic Dr.M.Rajaram, is the Prof. &Head of the department of EEE,Curve Cryptography and Tate Pairing over Binary Field”. at Government College of Engineering , Tirunelveli, .He has[4] Leung, K.H. Ma, K.W. Wong, W. K. Leong, P.H.W. published many as 120 papers in National and International(2000), “FPGA implementation of a microcoded elliptic curve Journals. He has his credit of having organized manycryptographic processor”, in: proceedings of Field – Conferences, Seminars and workshops .He has served asProgrammable Custom Computing Machines,pp.68-76. Professor in Government Engineering Colleges in the state of Tamil Nadu for more than 28 years. He has guided and[5] Lopez, J. Dahab, R. (1999), “Improved Algorithm For produced many Ph. Ds. He is being a reviewer in many reputedElliptic Curve Arithmetic in GF(2 m)”. Selected Areas in journals and active member in various technical committee andCryptography- SAC’98, LNCS 1556, pp. 201-212. societies including IEEE and ISTE[6] Lutz, J. and Hasan, A. (2004), “High performance FPGAbased elliptic curve cryptographic co-processor”, in Proc . Int .Conf . Inf . Technol . :Coding Comput.(ITCC),p.486. 10