基于GF(2~n)的ECC协处理器芯片设计

文章讨论了定义在GaloisField(GF)2有限域上椭圆曲线密码体制(ECC)协处理器芯片的设计。首先在详细分析基于GF(2n)ECC算法的基础上提取了最基本和关键的运算,并提出了通过协处理器来完成关键运算步骤,主处理器完成其它运算的ECC加/解密实现方案。其次,进行了加密协处理器体系结构设计,在综合考虑面积、速度、功耗的基础上选择了全串行方案来实现GF(2n)域上的乘和加运算。然后,讨论了加密协处理器芯片的电路设计和仿真、验证问题。最后讨论了芯片的物理设计并给出了样片的测试结果。     

GF（2^n）域上的一种Ⅱ型优化正规基乘法器及其FPGA实现

有限域GF(2^n)上的椭圆曲线密码体制以其密钥短，安全强度高的优点正在获得广泛的重视和应用。该密码体制最主要的运算是有限域上的乘法运算。本文提出了一种基于Ⅱ型优化正规基的乘法器，该乘法器具有Massey-Omura乘法器的优点，又避免了其不足，易于编程，适合FPGA实现，实验表明，该算法简单，快速。     

ECC密码技术及其优越性

椭圆曲线密码体制是近年来兴起的一种性能优良的公钥密码体制，本文介绍了椭圆曲线密码体制的有关概念和基本理论，将它与其它公钥密码体制进行了比较，阐述了椭圆曲线密码体制的优越性。     

域GF（2^n）上安全椭圆曲线及基点的选取

该文系统地介绍了如何利用Ｗｅｉｌ定理来寻找特征的２的域上的安全椭圆曲线，提出了一种求曲线的基点的算法，求基点的算法中涉及求域元素的迹的问题，该文在最后还提出了一种求域ＧＦ（２＾ｌ）的扩域ＧＦ（２＾ｌｋ）上元素的迹的快速实现方法。     

小面积、低能耗的GF（2^m）域ECC模运算VLSI实现

以面积、能耗为优先准则,研究了GF(2m)域椭圆曲线密码(ECC)模运算VLSI的实现.选择GF(2163)上固定多项式基,引入了简单有效的快速模平方算法和改进的模逆算法,利用串行结构分别实现了模乘、模平方与模逆模块.基于UMC 0.25μm 1.8V工艺库的仿真结果表明,提出的串行模乘、快速组合逻辑模平方和快速模逆VLSI实现方式,通过牺牲域多项式灵活性,能够有效地减小面积、降低能耗,适合于资源受限的ECC系统.     

基于ECC的密码系统研究与设计

文章设计了一个基于ECC的密码系统方案，给出了该方案所涉及主要操作的算法描述。该方案综合了对称密码体制和公钥密码体制的优点，采用基于ECC的密钥交换以及基于CBC的三重加密算法．具有安全可靠、加解密效率高、易于实现等特点，可应用于数据通信、电子商务等多个领域，以提供所需的安全服务。     

微科正式提供RSA/ECC二合一密码算法协处理器芯片技术授权

<正>上海微科集成电路有限公司近日宣布开发成功RSA/ECC二合一密码算法协处理器芯片。该芯片可以完成RSA、ECC两种算法,可以根据用户的要求选择密码系统的参数与密钥,可以自由选择用户工作的曲线,最多可完成256Bit的ECC和     

有限域GF（q）上安全椭圆曲线的选取

椭圆曲线密码体制是安全性最高的公钥密码体制,它的安全性是基于椭圆曲线上的离散对数问题,同时椭圆曲线参数的选择对系统的安全性也至关重要。本文首先介绍了椭圆曲线密码体制的基本概念和相关数论知识,其次阐述了选择安全椭圆曲线的原则,最后详细介绍了如何通过选取合适的椭圆曲线参数来产生安全椭圆曲线,并对这些参数的合理性进行了验证。结果表明,按照这种方式所选取的椭圆曲线,抵御现有算法攻击能力大大增强。     

基于ECC芯片的数字签名系统设计

本文完成一种基于椭圆曲线密码ECC(Elliptic Curve Cryptosystems)芯片的数字签名系统的设计,完全采用硬件电路实现电子签章的逻辑控制运算、数据传输和控制,实现了签名产生、签名验证、密钥产生和密钥交换四项功能,签名速度可达每秒2000次以上.     

Adder based residue to binary number converters for(2n-1, 2n, 2n+1)

Based on an algorithm derived from the new Chinese remainder theorem I, we present three new residue-to-binary converters for the residue number system (2ⁿ-1, 2ⁿ, 2ⁿ+1) designed using 2n-bit or n-bit adders with improvements on speed, area, or dynamic range compared with various previous converters. The 2n-bit adder based converter is faster and requires about half the hardware required by previous methods. For n-bit adder-based implementations, one new converter is twice as fast as the previous method using a similar amount of hardware, whereas another new converter achieves improvement in either speed, area, or dynamic range compared with previous converters     

RNS-to-Binary Converters for Two Four-Moduli Sets {2n−1,2n,2n+1,2n+1−1} and {2n−1,2n,2n+1,2n+1+1}

In this paper, reverse converters for two recently proposed four-moduli sets {2ⁿ - 1,2ⁿ,2ⁿ + 1,2ⁿ+1 - 1} and {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ+1 + 1} are described. The reverse conversion in the three-moduli set {2ⁿ - 1,2ⁿ,2ⁿ + 1} has been optimized in literature. Hence, the proposed converters are based on two new moduli sets {(2ⁿ(2²ⁿ-1)),2ⁿ⁺¹-1} and {(2ⁿ(2²ⁿ-1)), 2ⁿ⁺¹+1} and use mixed radix conversion. The resulting designs do not require any ROM. Both are similar in their architecture except that the converter for the moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ+1 + 1} is slightly complicated due to the difficulty in performing reduction modulo (2ⁿ⁺¹+1) as compared with modulo (2ⁿ⁺¹-1). The proposed conversion techniques are compared with earlier realizations described in literature with regard to conversion time as well as area requirements.     

`R-lens filter': An (RC)n current-mode lowpass filter

A continuous-time (RC)ⁿ lowpass filter is presented that can be fully integrated with cutoff frequency down to the 0.1 MHz range. The circuit is based on a cascade of new compact RC-cells that provides current amplification and filtering with minimum power dissipation (<15 μW/pole) using a single supply voltage (2 V). The high value resistance of the RC-cell is obtained by means of a current conveyor feedback that de-magnifies the signal current flowing in a small physical resistor. The circuit is intrinsically low-noise due to a `cooling effect' in the equivalent resistor     

Fast Bit Parallel-Shifted Polynomial Basis Multipliers in GF(2n)

A new nonpipelined bit-parallel-shifted polynomial basis multiplier for GF(2ⁿ) is presented. For some irreducible trinomials, the space complexity of the multiplier matches the best results available in the literature, and its gate delay is equal to T _A+lceillog₂nrceilT_X, where T_A and T_X are the delay of one two-input and and xor gates, respectively. To the best of our knowledge, this is the first time that the gate delay bound T_A+lceillog₂nrceilT_X is reached. For some irreducible pentanomials, its gate delay is equal to T_A +(1+lceillog₂nrceil)T_X. NIST has recommended five binary fields for the elliptic curve digital signature algorithm applications: GF(2¹⁶³), GF(2²³³), GF(2 ²⁸³), GF(2⁴⁰⁹), and GF(2⁵⁷¹), but no irreducible trinomials exist for three degrees, viz., 163, 283 and 571. For the three corresponding binary fields, we show that the gate delay of the proposed multiplier is T_A+(1+lceillog₂nrceil)T_X. This result outperforms the previously known results     

Regular VLSI architectures for multiplication modulo(2n+1)

The authors describe VLSI architectures for multiplication modulo p, where p is a Fermat prime. With increasing p , ROM-based table lookup methods become unattractive for integration due to excessive memory requirements. Three novel methods are discussed and compared to ROM implementations with regard to their speed and complexity characteristics. The first method is based on an ( n+1)×(n+1)-bit array multiplier, the second on modulo p carry-save addition, and the third on modulo (p -1) carry-save addition using a bit-pair recoding scheme. All allow very high throughputs in pipelined implementations. While the former is very convenient for CAD (computer-aided design) environments providing a pipelined multiplier macrocell, the latter two are well-suited to full-custom implementation     

Appropriate (CR)m-(RC)n shaping for fastbipolar front-end read-out

The author presents a study of the influence of the order, n and m, of a (CR)^m-(RC)ⁿ shaper on the signal-to-noise, S/N, ratio of a read-out system, subject to input referred f² noise emitted by the bipolar input transistor. As a function of n and m, normalised equivalent noise charges, ENC(n, n), are calculated. Conclusions and some guidelines for filter design are derived from the data obtained     

2n prime-sequence codes and coding architecture foroptical code-division multiple-access

Recent study shows that optical code-division multiple-access (CDMA) networks cannot be evaluated or designed by only considering the performance (i.e., correlation properties) of the optical pseudo-orthogonal codes selected. The structures of optical encoders and decoders are another important factors to consider and are needed to coordinate with the selected optical codes as much as possible. A special family of 2ⁿ codes, so-called 2ⁿ prime-sequence codes, is constructed. A general theorem on the cardinality of the new codes is provided. The properties and performance of the codes are also studied. Since these codes pose the algebraic properties of both prime-sequence and 2ⁿ codes, new optical encoding and decoding structures are designed to optimize the system parameters (e.g., power budget and cost) of these optical CDMA networks. This new configuration is particularly attractive for ultrafast optical processing and waveguide implementation for tile future high-capacity, low-loss, all-optical CDMA networks     

2n modified prime codes for use in fibre optic CDMAnetworks

2ⁿ modified prime codes are designed for all-optical code-division multiple access (CDMA) networks using very simple encoders and decoders. The proposed code is obtained from an original 2ⁿ prime code of prime number P. By padding P-1 zeros in each `subsequence' of codewords in the corresponding 2ⁿ prime code. The cross-correlation constraint of the resulting 2ⁿ modified prime code is equal to one, as opposed to two for a 2ⁿ prime code. For a given bit error rate (BER), the proposed code can thus be used to support a larger number of active users in the fibre optic CDMA network than a 2ⁿ prime code. Moreover, using the former can also reduce code length and weight compared with employing the latter to achieve the same BER     

RNS-To-Binary Converter for a New Three-Moduli Set {2n+1−1,2n,2n−1}

In this brief, the design of residue number system (RNS) to binary converters for a new powers-of-two related three-moduli set {2ⁿ⁺¹ - 1, 2ⁿ, 2ⁿ - 1} is considered. This moduli set uses moduli of uniform word length (n to n + 1 bits). It is derived from a previously investigated four-moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2^{n +1} - 1}. Three RNS-to-binary converters are proposed for this moduli set: one using mixed radix conversion and the other two using Chinese remainder theorem. Detailed architectures of the three converters as well as comparison with some earlier proposed converters for three-moduli sets with uniform word length and the four-moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ⁺¹ - 1} are presented.     

Detector-noise suppression by appropriate CR-(RC)nshaping

The influence of the order n of a semi-Gaussian CR-(RC)ⁿ shaper on the signal-to-noise ratio of a read-out system, subject to detector 1/f and 1/f² noise, is presented by the author. Normalised equivalent noise charges, ENC(n), as a function of n for the 1/f and 1/f² noise, respectively, are calculated and presented. An alternative solution to circumvent the problem of the singularity in the Beta function is discussed, which is related to the 1/f noise. Conclusions and some guidelines are derived from the obtained data