This document discusses implementing elliptic curve cryptography using composite fields. It proposes using a 299-bit key represented in the composite field GF((213)23) instead of the conventional GF(2299). This breaks the finite field multiplication into smaller chunks by dividing the field into a ground field and extension field. A lookup table is used for multiplication in the ground field GF(213) while a classic multiplier is used for the extension field GF(23). This composite field approach aims to provide better time and area efficiency for implementation on FPGAs compared to a single large multiplier. The document provides background on elliptic curves, finite fields, and previous work on composite field representations.
Implementation of Elliptic Curve Digital Signature Algorithm Using Variable T...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
INDUCTIVE LEARNING OF COMPLEX FUZZY RELATIONijcseit
The objective of this paper to investigate the notion of complex fuzzy set in general view. In constraint to a
traditional fuzzy set, the membership function of the complex fuzzy set, the range from [0.1] extended to a
unit circle in the complex plane. In this article the comprehensive mathematical operations on the complex
fuzzy set are presented. The basic operation of complex fuzzy set such as union, intersection, complement
of complex fuzzy set and complex fuzzy relation are studied. Also vector aggregation and fuzzy relation
over the complex fuzzy set are discussed. Two novel operations of complement and projection for complex
fuzzy relation are introduced.
Ijcatr03051008Implementation of Matrix based Mapping Method Using Elliptic Cu...Editor IJCATR
Elliptic Curve Cryptography (ECC) gained a lot of attention in industry. The key attraction of ECC over RSA is that it
offers equal security even for smaller bit size, thus reducing the processing complexity. ECC Encryption and Decryption methods can
only perform encrypt and decrypt operations on the curve but not on the message. This paper presents a fast mapping method based on
matrix approach for ECC, which offers high security for the encrypted message. First, the alphabetic message is mapped on to the
points on an elliptic curve. Later encode those points using Elgamal encryption method with the use of a non-singular matrix. And the
encoded message can be decrypted by Elgamal decryption technique and to get back the original message, the matrix obtained from
decoding is multiplied with the inverse of non-singular matrix. The coding is done using Verilog. The design is simulated and
synthesized using FPGA.
A fusion of soft expert set and matrix modelseSAT Journals
Abstract
The purpose of this paper is to define different types of matrices in the light of soft expert sets. We then propose a decision making
model based on soft expert set.
Keywords: Soft set, soft expert set, Soft Expert matrix.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Implementation of Elliptic Curve Digital Signature Algorithm Using Variable T...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
INDUCTIVE LEARNING OF COMPLEX FUZZY RELATIONijcseit
The objective of this paper to investigate the notion of complex fuzzy set in general view. In constraint to a
traditional fuzzy set, the membership function of the complex fuzzy set, the range from [0.1] extended to a
unit circle in the complex plane. In this article the comprehensive mathematical operations on the complex
fuzzy set are presented. The basic operation of complex fuzzy set such as union, intersection, complement
of complex fuzzy set and complex fuzzy relation are studied. Also vector aggregation and fuzzy relation
over the complex fuzzy set are discussed. Two novel operations of complement and projection for complex
fuzzy relation are introduced.
Ijcatr03051008Implementation of Matrix based Mapping Method Using Elliptic Cu...Editor IJCATR
Elliptic Curve Cryptography (ECC) gained a lot of attention in industry. The key attraction of ECC over RSA is that it
offers equal security even for smaller bit size, thus reducing the processing complexity. ECC Encryption and Decryption methods can
only perform encrypt and decrypt operations on the curve but not on the message. This paper presents a fast mapping method based on
matrix approach for ECC, which offers high security for the encrypted message. First, the alphabetic message is mapped on to the
points on an elliptic curve. Later encode those points using Elgamal encryption method with the use of a non-singular matrix. And the
encoded message can be decrypted by Elgamal decryption technique and to get back the original message, the matrix obtained from
decoding is multiplied with the inverse of non-singular matrix. The coding is done using Verilog. The design is simulated and
synthesized using FPGA.
A fusion of soft expert set and matrix modelseSAT Journals
Abstract
The purpose of this paper is to define different types of matrices in the light of soft expert sets. We then propose a decision making
model based on soft expert set.
Keywords: Soft set, soft expert set, Soft Expert matrix.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Global Domination Set in Intuitionistic Fuzzy Graphijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Presentation of my NSERC-USRA funded summer research project given at the Canadian Undergraduate Mathematics Conference (CUMC) 2014.
Please refer to the project site: http://jessebett.com/Radial-Basis-Function-USRA/
Improved security system using steganography and elliptic curve crypto...atanuanwesha
The main objectives of the project is to make the data safe and secure and transmit the data in such a way that it is not possible for anyone to detect the data . Steganography is concealing the secret message in non secret image. Whereas Encryption is converting data into code to prevent unauthorized access .Steganography as well as cryptography has its own disadvantage. Our objective is to implement both the procedures to enforce tight security and to prevent evesdropping etc.
In this paper, we introduce the notions of m-shadow graphs and n-splitting graphs,m ³ 2, n ³ 1. We
prove that, the m-shadow graphs for paths, complete bipartite graphs and symmetric product between
paths and null graphs are odd graceful. In addition, we show that, the m-splitting graphs for paths, stars
and symmetric product between paths and null graphs are odd graceful. Finally, we present some examples
to illustrate the proposed theories.
International Journal of Research in Engineering and Science is an open access peer-reviewed international forum for scientists involved in research to publish quality and refereed papers. Papers reporting original research or experimentally proved review work are welcome. Papers for publication are selected through peer review to ensure originality, relevance, and readability.
Data Security Using Elliptic Curve CryptographyIJCERT
Cryptography technique is used to provide data security. In existing cryptography technique the key generation takes place randomly. Key generation require shared key. If shared key is access by unauthorized user then security becomes disoriented. Hence existing problems are alleviated to give more security to data. In proposed system a algorithm called as Elliptic Curve Cryptography is used. The ECC generates the key by using the point on the curve. The ECC is used for generating the key by using point on the curve and encryption and decryption operation takes place through curve. In the proposed system the encryption and key generation process takes place rapidly.
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
Elliptic Curve Cryptography and Zero Knowledge Proof
Presentation by Nimish Joseph, at College of Engineering Cherthala, Kerala, India, during Faculty Development Program, on 06-Nov-2013
International Journal of Computational Engineering Research(IJCER) ijceronline
nternational Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
This paper presents a design and implementation of FPGA based Bose, Chaudhuri and Hocquenghem (BCH) codes for wireless communication applications. The codes are written in VHDL (Very High Speed Hardware Description Language). Here BCH decoder (15, 5, and 3) is implemented and discussed. And decoder uses serial input and serial output architecture. BCH code forms a large class of powerful random error correcting cyclic codes. BCH operates over algebraic structure called finite fields and they are binary multiple error correcting codes. BCH decoder is implemented by syndrome calculation circuit, the BMA (Berlekamp-Massey algorithm) and Chien search circuit. The codecs are implemented over cyclone FPGA device.
EVEN GRACEFUL LABELLING OF A CLASS OF TREESFransiskeran
A labelling or numbering of a graph G with q edges is an assignment of labels to the vertices of G that
induces for each edge uv a labelling depending on the vertex labels f(u) and f(v). A labelling is called a
graceful labelling if there exists an injective function f: V (G) → {0, 1,2,......q} such that for each edge xy,
the labelling │f(x)-f(y)│is distinct. In this paper, we prove that a class of Tn trees are even graceful.
THE RESULT FOR THE GRUNDY NUMBER ON P4- CLASSESgraphhoc
Our work becomes integrated into the general problem of the stability of the network ad hoc. Some, works
attacked (affected) this problem. Among these works, we find the modelling of the network ad hoc in the
form of a graph. We can resume the problem of coherence of the network ad hoc of a problem of allocation
of frequency
We study a new class of graphs, the fat-extended P4 graphs, and we give a polynomial time algorithm to
calculate the Grundy number of the graphs in this class. This result implies that the Grundy number can be
found in polynomial time for many graphs
Efficiency of 128-bit Encryption and Decryption Process in Elgamal Method Usi...TELKOMNIKA JOURNAL
Cryptography is a growing science of data security. The integrity of a data is an important thing to
keep the secrets contained in the data. In this research will be visualized the efficient quantities that use
elliptic curves and do not use them. The Elgamal method is an asymmetric cryptographic algorithm whose
complexity of processes. It is especially for digital signatures. This research will discuss about the use of
ECC to optimize and streamline the Encryption and Decryption process in particular 128-bit Elgamal
method. The hope is that by using elliptic curves the timing of the encryption and decryption process can
run faster in the computation of Elgamal Method.
Application of Module Structure of Algebra in Homomorphic Signal Processingijsrd.com
In this paper we see how the module structure of Algebra plays a vital role in Homomorphic Signal Processing in branch of Engineering mainly in Information Technology, Electronics and Telecommunication Engineering, Computer Science etc. Here I generalize this concept for module theory in algebra and I introduce the concept module logic. I give some results on module logic and also give conclusion that why the module logic is useful in Signal Processing.
Global Domination Set in Intuitionistic Fuzzy Graphijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Presentation of my NSERC-USRA funded summer research project given at the Canadian Undergraduate Mathematics Conference (CUMC) 2014.
Please refer to the project site: http://jessebett.com/Radial-Basis-Function-USRA/
Improved security system using steganography and elliptic curve crypto...atanuanwesha
The main objectives of the project is to make the data safe and secure and transmit the data in such a way that it is not possible for anyone to detect the data . Steganography is concealing the secret message in non secret image. Whereas Encryption is converting data into code to prevent unauthorized access .Steganography as well as cryptography has its own disadvantage. Our objective is to implement both the procedures to enforce tight security and to prevent evesdropping etc.
In this paper, we introduce the notions of m-shadow graphs and n-splitting graphs,m ³ 2, n ³ 1. We
prove that, the m-shadow graphs for paths, complete bipartite graphs and symmetric product between
paths and null graphs are odd graceful. In addition, we show that, the m-splitting graphs for paths, stars
and symmetric product between paths and null graphs are odd graceful. Finally, we present some examples
to illustrate the proposed theories.
International Journal of Research in Engineering and Science is an open access peer-reviewed international forum for scientists involved in research to publish quality and refereed papers. Papers reporting original research or experimentally proved review work are welcome. Papers for publication are selected through peer review to ensure originality, relevance, and readability.
Data Security Using Elliptic Curve CryptographyIJCERT
Cryptography technique is used to provide data security. In existing cryptography technique the key generation takes place randomly. Key generation require shared key. If shared key is access by unauthorized user then security becomes disoriented. Hence existing problems are alleviated to give more security to data. In proposed system a algorithm called as Elliptic Curve Cryptography is used. The ECC generates the key by using the point on the curve. The ECC is used for generating the key by using point on the curve and encryption and decryption operation takes place through curve. In the proposed system the encryption and key generation process takes place rapidly.
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
Elliptic Curve Cryptography and Zero Knowledge Proof
Presentation by Nimish Joseph, at College of Engineering Cherthala, Kerala, India, during Faculty Development Program, on 06-Nov-2013
International Journal of Computational Engineering Research(IJCER) ijceronline
nternational Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
This paper presents a design and implementation of FPGA based Bose, Chaudhuri and Hocquenghem (BCH) codes for wireless communication applications. The codes are written in VHDL (Very High Speed Hardware Description Language). Here BCH decoder (15, 5, and 3) is implemented and discussed. And decoder uses serial input and serial output architecture. BCH code forms a large class of powerful random error correcting cyclic codes. BCH operates over algebraic structure called finite fields and they are binary multiple error correcting codes. BCH decoder is implemented by syndrome calculation circuit, the BMA (Berlekamp-Massey algorithm) and Chien search circuit. The codecs are implemented over cyclone FPGA device.
EVEN GRACEFUL LABELLING OF A CLASS OF TREESFransiskeran
A labelling or numbering of a graph G with q edges is an assignment of labels to the vertices of G that
induces for each edge uv a labelling depending on the vertex labels f(u) and f(v). A labelling is called a
graceful labelling if there exists an injective function f: V (G) → {0, 1,2,......q} such that for each edge xy,
the labelling │f(x)-f(y)│is distinct. In this paper, we prove that a class of Tn trees are even graceful.
THE RESULT FOR THE GRUNDY NUMBER ON P4- CLASSESgraphhoc
Our work becomes integrated into the general problem of the stability of the network ad hoc. Some, works
attacked (affected) this problem. Among these works, we find the modelling of the network ad hoc in the
form of a graph. We can resume the problem of coherence of the network ad hoc of a problem of allocation
of frequency
We study a new class of graphs, the fat-extended P4 graphs, and we give a polynomial time algorithm to
calculate the Grundy number of the graphs in this class. This result implies that the Grundy number can be
found in polynomial time for many graphs
Efficiency of 128-bit Encryption and Decryption Process in Elgamal Method Usi...TELKOMNIKA JOURNAL
Cryptography is a growing science of data security. The integrity of a data is an important thing to
keep the secrets contained in the data. In this research will be visualized the efficient quantities that use
elliptic curves and do not use them. The Elgamal method is an asymmetric cryptographic algorithm whose
complexity of processes. It is especially for digital signatures. This research will discuss about the use of
ECC to optimize and streamline the Encryption and Decryption process in particular 128-bit Elgamal
method. The hope is that by using elliptic curves the timing of the encryption and decryption process can
run faster in the computation of Elgamal Method.
Application of Module Structure of Algebra in Homomorphic Signal Processingijsrd.com
In this paper we see how the module structure of Algebra plays a vital role in Homomorphic Signal Processing in branch of Engineering mainly in Information Technology, Electronics and Telecommunication Engineering, Computer Science etc. Here I generalize this concept for module theory in algebra and I introduce the concept module logic. I give some results on module logic and also give conclusion that why the module logic is useful in Signal Processing.
Implementation of Elliptic Curve Digital Signature Algorithm Using Variable T...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Low Power FPGA Based Elliptical Curve CryptographyIOSR Journals
Abstract: Cryptography is the study of techniques for ensuring the secrecy and authentication of the information. The development of public-key cryptography is the greatest and perhaps the only true revolution in the entire history of cryptography. Elliptic Curve Cryptography is one of the public-key cryptosystem showing up in standardization efforts, including the IEEE P1363 Standard. The principal attraction of elliptic curve cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the processing overhead. As a Public-Key Cryptosystem, ECC has many advantages such as fast speed, high security and short key. It is suitable for the hardware of implementation, so ECC has been more and more focused in recent years. The hardware implementation of ECC on FPGA uses the arithmetic unit that has small area, small storage unit and fast speed, and it is an extremely suitable system which has limited computation ability and storage space.[1][2] The modular arithmetic division operations are carried out using conditional successive subtractions, thereby reducing the area. The system is implemented on Vertex-Pro XCV1000 FPGA. Index Terms – VHDL, FSM, FPGA, Elliptic Curve Cryptography.
Low Power FPGA Based Elliptical Curve CryptographyIOSR Journals
Cryptography is the study of techniques for ensuring the secrecy and authentication of the
information. The development of public-key cryptography is the greatest and perhaps the only true revolution in
the entire history of cryptography. Elliptic Curve Cryptography is one of the public-key cryptosystem showing
up in standardization efforts, including the IEEE P1363 Standard. The principal attraction of elliptic curve
cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the
processing overhead. As a Public-Key Cryptosystem, ECC has many advantages such as fast speed, high
security and short key. It is suitable for the hardware of implementation, so ECC has been more and more
focused in recent years. The hardware implementation of ECC on FPGA uses the arithmetic unit that has small
area, small storage unit and fast speed, and it is an extremely suitable system which has limited computation
ability and storage space.[1][2] The modular arithmetic division operations are carried out using conditional
successive subtractions, thereby reducing the area. The system is implemented on Vertex-Pro XCV1000 FPGA
COUPLED FPGA/ASIC IMPLEMENTATION OF ELLIPTIC CURVE CRYPTO-PROCESSORIJNSA Journal
In this paper, we propose an elliptic curve key generation processor over GF(2163) scheme based on the Montgomery scalar multiplication algorithm. The new architecture is performed using polynomial basis. The Finite Field operations use a cellular automata multiplier and Fermat algorithm for inversion. For real time implementation, the architecture has been tested on an ISE 9.1 Software using Xilinx Virtex II Pro FPGA and on an ASIC CMOS 45 nm technology as well. The proposed implementation provides a time of 2.07 ms and 38 percent of Slices in Xilinx Virtex II Pro FPGA. Such features reveal the high efficiently of this implementation design.
FPGA Implementation of A New Chien Search Block for Reed-Solomon Codes RS (25...IJERA Editor
The Reed-Solomon codes RS are widely used in communication systems, in particular forming part of the specification for the ETSI digital terrestrial television standard. In this paper a simple algorithm for error detection in the Chien Search block is proposed. This algorithm is based on a simple factorization of the error locator polynomial, which allows reducing the number of components required to implement the proposed algorithm on FPGA board. Consequently, it reduces the power consumption with a percentage which can reach 50 % compared to the basic RS decoder. First, we developed the design of Chien Search Block Second, we generated and simulated the hardware description language source code using Quartus software tools,finally we implemented the proposed algorithm of Chien search block for Reed-Solomon codesRS (255, 239) on FPGA board to show both the reduced hardware resources and low complexity compared to the basic algorithm.
A SURVEY ON ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM AND ITS VARIANTScsandit
The Elliptic Curve Digital Signature Algorithm (ECDSA) is an elliptic curve variant of the
Digital Signature Algorithm (DSA). It gives cryptographically strong digital signatures making
use of Elliptic curve discrete logarithmic problem. It uses arithmetic with much smaller
numbers 160/256 bits instead of 1024/2048 bits in RSA and DSA and provides the same level of
security. The ECDSA was accepted in 1999 as an ANSI standard, and was accepted in 2000 as
IEEE and NIST standards. It was also accepted in 1998 as an ISO standard. Many cryptologist
have studied security aspects of ECDSA and proposed different variants. In this paper, we
discuss a detailed analysis of the original ECDSA and all its available variants in terms of the
security level and execution time of all the phases. To the best of our knowledge, this is a unique
attempt to juxtapose and compare the ECDSA with all of its variants.
Objective: The main target of this project is to study the Baby-Step Giant-Step algorithm and propose an approach for the betterment of the algorithm for solving Elliptic Curve Discrete Logarithmic Problem.
A novel block cipher involving keys in a key bunch matrix as powers of the pl...eSAT Journals
Abstract In this analysis, we have developed an asymmetric block cipher which is involving a key bunch matrix A ( = [aij]) in the process of encryption, and B ( = [bij]) in the process of decryption. The keys aij are used as powers of the plaintext elements, and the keys bij are used as the powers of the ciphertext elements. Here, we have made use of Euler’s totient function and Euler’s theorem in the development of the cipher. The cryptanalysis clearly shows that the strength of the cipher is quite significant. Keywords: Encryption, Decryption, Key, Plaintext, Cipher text and Cryptanalysis.
2. 64 Marisa W. Paryasto, et.al.
combinations that make various ECC implementations difficult to compare.
Every level of ECC offers many things to explore. In this work we focus on the
lowest level: finite field operations. Since multiplication is the most frequently
used operations, we investigate existing multipliers algorithms and make
improvements.
The keylength used in ECC determines the level of security. In general, longer
key requires more components in the corresponding hardware implementation.
As the internet technology grows, the demand to implement ECC on constraint
devices increases. As a consequence, there is a need for efficient algorithm and
architecture for implementing ECC on constraint devices. To fulfill the security
level requirement at the present, ECC should have above 160 bits keylength.
We choose to implement 299 bits in this research. However implementing 299-
bit ECC in constrained devices, simulated with FPGA board, cannot be done
using conventional algorithm and architecture. For example, 299-bit binary
classic multiplier cannot fit in most FPGA devices. One alternative solution is
by using composite field.
Composite field can be seen as a finite field divided into subfields (ground
fields) and extended fields. The representation of composite field can be seen as
composing a long string of bits into smaller groups of bits. This representation
allows arithmetic operations to be done in smaller chunks of string so the
complex operations can be broke down into simpler operations. The focus of
our paper is the implementation of multiplier using composite field. We focus
on multiplier because multiplication is the most frequently used operation in
ECC. The benefit of using composite field is the lower of memory usage and
lower components. Thus if the process of multiplication is more efficient, the
whole performance of cryptosystem will be improved.
This work uses of composite field characteristic of dividing one big chunk of
operation into smaller ones, with the classic multiplication for the extension
field multiplication and LUT for base multiplication. We chose to use the
easiest multiplier algorithm just to confirm the idea that composite field is
promising to be able to perform operations for long bits.
2 Background and Previous Work
2.1 Elliptic Curves
Given a field F of characteristic 2, an elliptic curve E over F is an equation of
the form
y2 + a1xy + a3y = x3 + a2x2 + a4x + a6,
3. Elliptic Curve Cryptography Implementation 65
where a1,a2 ,a3,a4,a6 in F.
The set of rational points on E over F denoted by E(F) is
E(F) = {(x,y) ∈ F2 : y2 + a1xy + a3y = x3 + a2x2 + a4x + a6} ∪ {𝑂}
where O is the projective closure of the equation y2 + a1xy + a3y = x3 + a2x2 +
a4x + a6 .The point O is called the point at infinity.
The set of rational points E(F) carries a commutative group structure with some
addition operation with the point at infinity acting as the zero element. The
following is the explicit formula for the group operation.
Composition Rule. Let P,Q∈E, and L be a line connecting P and Q (the tangent
line of E if P=Q), and R the third point which is the intersection of L and E. Let
L’ be the line connecting R and O. Then P+Q will be the point where L’
intersect E.
Proposition 1. The composition rule above satisfies the following:
If L intersect E at P,Q,R (not necessarily different) then (P+Q)+R=O.
1. P+O = P for all P∈ E
2. P+Q=Q+P for all P,Q∈ E
3. For all P∈ E there exists a point (-P), such that P+(-P)=O
4. For all P, 𝑄, 𝑅 ∈ E(P+Q)+R=P+(Q+R).
5. Hence E with the composition rule form an abelian group with identity O.
Explicit Group Operation. Let E be an elliptic curve satisfies the Weierstrass
equation
E: y2 + a1xy + a3y = x3 + a2x2 + a4x + a6
1. Let P0 = (x0, y0) ∈ E. Then −P0 = (x0,−y0 − a1x0 − a3).
2. Let P1 + P2 = P3 with Pi = (xi, yi)∈ E. If x1 = x2and y1 + y2 + a1x2 + a3 = 0,
then P1 + P2 = O.
Otherwise, let
4. 66 Marisa W. Paryasto, et.al.
𝑦2 −𝑦 1`
𝜇= 𝑥 2 −𝑥 1`
,
𝑦1 𝑥 2 −𝑦2 𝑥 1
𝜗= 𝑥 2 −𝑥 1`
for 𝑥1 ≠ 𝑥2 , and
3 𝑥 1 2 +2𝑎 2 𝑥 1` +𝑎 4 −𝑎 1 𝑦 1`
𝜇=
2𝑦 1` +𝑎 3 +𝑎 1 𝑥 1`
− 𝑥 1 3 +𝑎 4 𝑥 1` +2𝑎 6 −𝑎 3 𝑦 1`
𝜗= 2𝑦 1` +𝑎 3 +𝑎 1 𝑥 1`
for 𝑥1 = 𝑥2 .
Then 𝑦 = 𝜇𝑥 + 𝜗 is the line through P1and P2, or the tangent line of E if P1= P2.
3. P3 = P1 + P2 is given by
x3 = 𝜇2+ a1 𝜇 − a2 − x1 − x2
y3 = −( 𝜇 + a1)x3 − 𝜗 − a3.
For an integer m and P∈ E, define
[m]P = P + … + P (m terms) for m> 0,
[0]P = O, and [m]P = [−m](−P) for m< 0
The El Gamal elliptic curve encryption based on binary field is as following:
INPUT: Elliptic curve domain parameter (k,E,P,n), public key Q, plaintext m
OUTPUT: Ciphertext (C1,C2)
1. Represent the message m as a point M in E(GF(2k))
2. Select k ∈[1, n-1]
3. Compute C1=[k]P
4. Compute C2=M+ [k]Q
5. Return (C1,C2)
5. Elliptic Curve Cryptography Implementation 67
The encryption process is shown in Figure 1
Figure 1 Encryption process in ECC.
For the decryption is as following:
INPUT: Elliptic curve domain parameter (k,E,P,n), private key d, ciphertext
(C1,C2)
OUTPUT: Plaintext m
1. Compute M= C2 –[d] C1
2. Extract m from M
3. Return (m)
Figure 2 Decryption process in ECC.
From the elliptic curve encryption and decryption and elliptic curve operation,
one can see that the role of operations in ground field is very important. In this
research we choose composite field as the ground field.
2.2 Composite Fields
Assume that 𝑞 is a number to be used to construct a field. 𝑞does not have to be
prime if the order of the finite field is power of a prime or 𝑞 = 𝑝 𝑚 where 𝑝 is a
prime. Thus the finite field can be extends to an extension field so the field
𝐺𝐹(𝑞 𝑛 ) can be extended to 𝐺𝐹((𝑞 𝑛 ) 𝑚 ).
6. 68 Marisa W. Paryasto, et.al.
Both in hardware or software implementation performing finite field
arithmetics, choosing 𝑞 = 2 is a big advantage because information is only
representated in 0 or 1.
Referring to [1], certain kinds of finite field can be defined as:
𝑛−1
Two pairs of 𝐺𝐹 2 𝑛 , 𝑄 𝑦 = 𝑦 𝑛 + 𝑖=0 𝑞 𝑖 𝑦 𝑖 dan 𝐺𝐹 2 𝑛 𝑚 , 𝑃 𝑥 = 𝑥 𝑚 +
𝑚−1 𝑖 𝑛
𝑖=0 𝑝 𝑖 𝑥 is a composite field if 𝐺𝐹(2 ) is constructed as extension field of
𝐺𝐹(2) by 𝑄(𝑦) and 𝐺𝐹( 2 𝑛 𝑚 ) is construced as extension field of 𝐺𝐹(2 𝑛 ) by
𝑃(𝑥). 𝑄 𝑦 and 𝑃(𝑥)is irreducible polynomials over 𝐺𝐹(2).
Mathematically, 𝐺𝐹((2 𝑛 ) 𝑚 ) is isomorphic to 𝐺𝐹(2 𝑘 ) for 𝑛. 𝑚 = 𝑘 [2]. Although
a field of order 2 𝑛𝑚 is isomorphic to a field of order 2 𝑘 , the algorithmic
complexity of both fields are different in additions and multiplication
operations. Generally it depends on the chosen 𝑚 and 𝑛 and more specifics on
polynomials 𝑄(𝑦) and 𝑃(𝑥) [3].
All curve representations in 𝐺𝐹(2 𝑘 ) can be converted to curves in 𝐺𝐹((2 𝑛 ) 𝑚 ) . If
both 𝐹 and 𝐹′ are finite fields with equal number of elements, there exists way
to correlate each element in 𝐹 with corresponding element in 𝐹′ so addition and
multiplication tables of 𝐹 and 𝐹′are equal ( 𝐹 and 𝐹′ isomorphic)[4], Theorem
2.60 page 104.Curve representations in composite field converted to non-
composite field has been done in [5].
In finite field, composite field can perform same operations as non-composite.
Only the operation has to be modified to be able to do in composite
representation. In composite field, the field is divided into sub-fields. 𝐺𝐹 28 can
be divided into 𝐺𝐹((22 )4 ) or 𝐺𝐹((24 )2 ). Sub-fields can be processed faster dan
implemented in parallel.
The reason why we use GF((213)23) in this implementation is because
GF((213)23)=GF(2299) which complies with the security level needed. The other
reasons is that GCD(13,23)=1 so irreducible polynomial can be used for both
ground field and extension field, and there are trinomials and polynomials
available. Carefully chosen irreducible polynomial will reduce the complexity
of multiplication operation.
Previous Works. The first idea multiplier for composite field was initiated by
Mastrovito [6]. The multiplier is called hybrid-multiplier. It performs the
multiplication by doing multiplication serially in the ground field and parallel in
the extension field. Mastrovito's multiplier basically works using a
multiplication matrix that includes the reduction process. Paar in his works
[3],[7],[8] added some improvements to Mastrovito's. Paar implemented
7. Elliptic Curve Cryptography Implementation 69
multiplication in the ground field using KOA and Mastrovito for multiplication
in the extension field. Later, Rosner [9] conducted further research of
Mastrovito and Paar.
Look-Up Table (LUT) for composite field operations has been implemented in
[9]. The algorithm for ground field multiplication using logaritmic table lookup
is proven to be fast.
3 Methodology
3.1 Look-Up Table (LUT)
LUT is used for storing log and alog (anti log) table to make multiplication
operation in the ground field GF(2n) perform faster. In [2] it is concluded that n
does not have to be exactly the same as a single computer word (e.g. 8, 16). It
has been proved that n <2is more efficient because the table will be smaller and
thus will take advantage of the first level cache of computers.
One of the reason why this research uses LUT for storing precomputed log and
alog table in GF(213) is that Table 2 in [2] shows that LUT for n =13 is
efficient for polynomial basis multiplication compared to bigger n. To construct
logaritmic lookup table, a primitive element g in GF(2n) is selected to be the
generator of the field GF(2n), so that every element A in this field can be written
as a power of g as A=gi , where 0 < i < 2n-1 . Then the powers of the primitive
element gi can be computed for i=0, 1, 2,.. , 2n-1, and obtain 2n pairs of the form
(A, i). Two tables sorting these pairs have to be constructed in two different
ways: the log table sorted with respect to A and the alog table sorted with the
respect i. These tables then can be used for performing the field multiplication,
squaring and inversion operations. Given two elements A, B in GF(2n) , the
multiplication C=AB is performed as follows:
1. i := log[A]
2. j := log[B]
3. k := i+j (mod 2n-1)
4. C := alog[k]
8. 70 Marisa W. Paryasto, et.al.
The steps above is based on the fact that C = AB = gigj = gi+j mod 2n-1. Ground
field multiplication requires three memory access and a single addition
operation with modulus 2n-1.
Savas and Koc [2] also proposed the use of the extended alog table for
eliminating modular addition operation (step 3). The extended alog table is 2n+1-
1 long, which is about twice the length of the standard alog table. It contains
the values (k, gk) sorted with repect to the index k , where k = 0, 1, 2, . . .,2n+1-2
. Since the values of i and j in step 1 and 2 of the multiplications are in the
range 0, 2n-1 , the range of k = i + j is 0, 2n+1-2 . Thus modular addition
operation can be omitted and the ground field multiplication operation can be
simplified as follows:
1. i := log[A]
2. j := log[B]
3. k := i + j
4. C := extended-alog[k]
Figure 3 shows the process of reading LUT to compute multiplication using log
and alog table.
Figure 3 Multiplying using LUT.
9. Elliptic Curve Cryptography Implementation 71
Figure 4 13-bit LUT implementation.
Figure 5 Multiplication of GF(24) using log and alog table with LUT.
10. 72 Marisa W. Paryasto, et.al.
Figure 6 The waveform of multiplication of GF(24) using log and alog table
with LUT.
Figure 4 shows the RTL diagram of LUT implemented using Quartus and
Altera DE2while Figure 5 shows the RTL of GF(2 4) using LUT for storing log
and a-log table with algorithm from [2]. There are two LUTs in the
implementation, one is for storing 2 4-blocks log table, and the other is for
storing 24 –blocks alog table. Log table put n-bits i values on the first column
and n-bits gi values on the second column. alog table sorted the table based on
gi values, and put the corresponding i values on the second column. Thus, each
multiplier unit requires at least one LUT for storing i and j values in serial
implementation and two LUTs for parallel implementation. Another LUT is
needed for storing alog table.
Figure 6 shows the simulation waveform of multiplier implemented in Figure 5.
As a comparison, Figure 7 shows that straightforward 299-bit implementation
failed for the available resources.
4 Design and Implementation
The generic architecture of our circuit is shown in the Fig 8. On the left side
there are two set of input registers, each for input A and B. The size of the input
registers depends on the bit size. For our particular case, which is a custom
design, it is 13-bit. If we use off the shelf components, we may have to use 16-
bit registers since common components usually have 2n word size.
11. Elliptic Curve Cryptography Implementation 73
Figure 7 Failed implementation for straightforward 299-bit implementation.
Figure 8 Multiplier General Architecture.
12. 74 Marisa W. Paryasto, et.al.
Right next to the input registers are temporary registers that are used to store
addition terms before they are multiplied. The decision will effect the number of
temporary registers (and adders needed).
In the center of our circuit is the GF(213) multiplier. In this particular design we
have only one multiplier, implemented as LUT multiplier. Multiplication is
done in serial fashion. Figure 9 shows an estimated timing diagram, which will
be implemented in the sequencer. For example, when multiplying a22 andb22,
the enable lines of registers related to those element and the result register are
activated.
If area is permitting, we could add more multipliers to perform parallel
multiplication. Additional multipliers will reduce the time to perform all
multiplications at the expense of more area. Careful timing consideration must
be done in order to avoid race condition is multiple multipliers are
implemented.
The results of multiplications are stored in temporary registers before they are
added to create the final results. Thus, there is a network of adders on the right
side.
Figure 9 Estimated timing diagram.
13. Elliptic Curve Cryptography Implementation 75
Figure 10 below is the snippets of VHDL code LUT implementing GF(213)
multiplier. A 13-bit multiplier requires 213entries ≈ 8000 entries, for each table.
If we implement this in general purpose hardware then it should be
implemented in 16 bit (2 bytes). In our implementation, the log and alog table
occupies 2*8*2 bytes = 32 Kbytes .
process (clk) begin
if clk'event and clk = '1' then
case a is
when "0000000000000" => i <= "0000000000001";
when "0000000000001" => i <= "0000000000010";
when "0000000000010" => i <= "0000000000100";
when "0000000000011" => i <= "0000000001000";
when "0000000000100" => i <= "0000000010000";
when "0000000000101" => i <= "0000000100000";
…
Figure 10 Snippet ofGF(213) LUT implementation in VHDL.
ECC Processor Architecture. Figure 11 shows the general architecture of
ECC processor. FFAU (Finite Field Arithmetic Unit) is an arithmetic unit
specifically used for calculating finite fields operations.
The processor will accept input data (plaintext) through data_in pin then will
process the command given according to the opcode. The processor will execute
the command after “start” command. Status of the processor (busy, done) can be
monitored through “status” line. After the process is done, the result (ciphertext)
will be send through “data_out” pin. “reset” pin is used to return the processor
to the initial state.
The ECC processor can process data in different length of bits. For long bits,
the transfer process has to be carefuly considered to fit in the data bus. General
14. 76 Marisa W. Paryasto, et.al.
computers use 32-bits data bus. Meanwhile the data to be processed by ECC
processor is more than 100bits length.
clk
data out
data in
I/O data bus data bus Register
control bus
start
data bus
Control opcode
Unit status
reset
control bus
data bus
Finite Field
Arithmetic
Unit (FFAU)
ECC processor
1.2
Figure 11 ECC top level processor architecture.
Figure 12 FFAU (Finite Field Arithmetic Unit).
One method to solve this is to divide data into several blocks (for example each
blocks is 32-bit length) and load the data to the processor several times. Even
15. Elliptic Curve Cryptography Implementation 77
for the most extreme cases, data can be loaded serially. This ECC processor has
several parameters stored in the register. The parameters are elliptic curve
equation used, private key and public key. The parameters can be stored
permanently (hardcoded) or can be loaded through the ”data_in” using a
specific opcode. ”reset” pin is used to set the parameter to the initial condition
(for example all zero). At the earlier stage of research, the parameters are stored
permanently to simplify the problem.
Figure 12 shows the block diagram of FFAU shown earlier in Figure 11.
GF((213)23) requires 23 GF(213) multipliers. Figure 13 shows the concept of
GF((213)23) multiplier.
Figure 13 GF(213)23) Classical Multiplier-LUT.
5 Analysis
We compare our composite field multiplier with standar non-composite
multipliers: classic multiplier, interleaved multiplier, Karatsuba-Offman
multiplier, Mastrovito multiplier Type-1 and Type-2 and Montgomery
multiplier.
The experiment is done by running each multiplier using Quartus II Version 9.1
Build 350 03/24/2020 SP 2 SJ Web Edition. All multipliers are implemented
using family device is Stratix II, device EP2S15F484C3.
As shown in Table 1, not all multipliers design fit in the standard device. Only
interleaved multiplier and Mastrovito 2 multiplier can handle up to 233 bits.
16. 78 Marisa W. Paryasto, et.al.
Our design has been tested for lower bits and gives promising result that it can
also works for 233 bits or more. This is the subject of our further research since
the architecture should be customized to able to process longer bits.
Table 2 shows the result of all multipliers comparation based on logic
utilization, combinational ALUT(s), dedicated logic registers, total registers and
total pins. The performance of our multiplier is in general better than other
multipliers except it requires more pins.
Our multiplier number of register is 56% lower than interleaved and
Montgomery multiplier and 83% lower than Karatsuba multiplier. Karatsuba
multiplier requires more register due to its recursive process in multiplying
process.
The use of combinational ALUT is less than 1%, which makes our multiplier
use combinational ALUT less than Mastrovito, Mastrovito 2, Classic and
Karatsuba.
Our design uses more pins as a tradeoff of less registers and ALUT.
Figure 15shows gives multipliers compared with all variables. Figure 16 is the
brief version of Figure 15, focusing on variables not significantly observed in
Figure 15.
Figure 14 Multiplier Area Usage Comparison.
18. 80 Marisa W. Paryasto, et.al.
Figure 16 Brief Multiplier Comparison.
6 Conclusions
Our multiplier has been compared with other multipliers and the result
conforms our hypothesis that our multiplier gives better trade off for time and
space, like shown in Figure 15 and Figure 16. The number of total pins is
higher in order to lower the use of ALUT and registers.
The experiment results in Table 1 shows that composite field implementation
requires less combinational ALUT and registers (area) than most of multipliers.
This advantage achieved by gaining better trade off for time is space is the
flexibility of the architecture design that can be modified to fit devices
according to space of time available.
Acknowledgement
This research is supported by Hibah Kompetensi DIKTI based on SK Dekan
STEI No. 0930/I1.C07.1/DN/2011. We thank Muhammad Hafiz Khusyairi and
Nopendri Zulkifli for their inputs and discussions on the topic.
References
[1] Guajardo, Jorge, Efficient Algorithms for Elliptic Curve Cryptosystem,
Master’s thesis, Worcester Polytechnic Institute, 1997.
[2] Savas, E. & Koc, C.K., Efficient Methods for Composite Fields
Arithmetic, Technical report, Oregon State University, 1999.
19. Elliptic Curve Cryptography Implementation 81
[3] Paar, Christof, Efficient VLSI Architectures for Bit-parallel Computation
in Galois Fields, PhD thesis, 1994.
[4] Deschamps, Jean-Pierre, Imana, Jose Luis& Sutter, Gustavo D.,
Hardware Implementation of Finite-Field Arithmetic, The McGraw Hill
Companies, Inc., 2009.
[5] Hoffstein, Jeffrey, Pipher, Jill & Silverman, Joseph H., An Introduction to
Mathematical Cryptography, Springer Science+Business Media, LLC,
2008.
[6] Edoardo, Mastrovito, VLSI Architecture for Computations in Galois
Fields, PhD thesis, Linkoping University, 1991.
[7] Paar, Christof, Fast Arithmetic Architectures for Public-Key Algorithms
over Galois Fields GF((2n)m), Number 1233 in Lecture Notes in
Computer Science, Springer-Verlag, pp. 363–378, 1997.
[8] Paar, Christof & Fleischmann, Peter, Fast Arithmetic for Public-Key
Algorithms in Galois Fields with Composite Exponents, IEEE
Transactions on Computers, 48(10), pp. 1025–1034, October 1999.
[9] Rosner, Martin Christopher, Elliptic Curve Cryptosystems on
Reconfigurable Hardware, Master’s thesis, Worcester Polytechnic
Institute, May 1998.