Elliptic curve cryptosystems and their implementation

Elliptic curves have been extensively studied for many years. Recent interest has revolved around their applicability to factoring integers, primality testing, and to cryptography. In this paper we explore the feasibility of implementing in hardware an arithmetic processor for doing elliptic curve computations over finite fields. Of special interest, for practical reasons, are the curves over fields of characteristic 2. The elliptic curve analogue of the ElGamal cryptosystem is also analyzed.     

Optimized FPGA-based elliptic curve cryptography processor for high-speed applications

In this paper, we introduce an FPGA-based processor for elliptic curve cryptography on Koblitz curves. The processor targets specifically to applications requiring very high speed. The processor is optimized for performing scalar multiplications, which are the basic operations of every elliptic curve cryptosystem, only on one specific Koblitz curve; the support for other curves is achieved by reconfiguring the FPGA. We combine efficient methods from various recent papers into a very efficient processor architecture. The processor includes carefully designed processing units dedicated for different parts of the scalar multiplication in order to increase performance. The computation is pipelined providing simultaneous processing of up to three scalar multiplications. We provide experimental results on an Altera Stratix II FPGA demonstrating that the processor computes a single scalar multiplication on average in and achieves a throughput of 235,550 scalar multiplications per second on NIST K-163.     

基于椭圆曲线密码体制的安全电子邮件系统

针对电子邮件在传输过程中存在的安全问题，提出了一种基于三重DES和椭圆曲线密码体制的解决方案。其公钥管理是借鉴PGP系统管理公钥的方法；进而重点介绍了邮件的加密／解密、签名／验证的过程，有效地解决了电子邮件系统中的加密、签名和身份认证问题。     

ELLIPTIC CURVE CRYPTOGRAPHY BASED AUTHENTICATED KEY AGREEMENT WITH PRE-SHARED PASSWORD

Based on elliptic curve Diffie-Hellman algorithm, an Elliptic Curve Authenticated Key Agreement (ECAKA) protocol with pre-shared password is proposed. Its security relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It provides identity authentication,key validation and perfect forward secrecy, and it can foil man-in-the-middle attacks.     

Algorithms and architectures for a flexible elliptic curve cryptography processor

In this paper algorithms and architectures for an new versatile type of elliptic curve cryptography processor over Galois fields GF(2 ^m ) are presented. Due to its flexibility, it readily permits changes in the system security parameters. The processor has, at its core, a novel method of performing arithmetic in GF(2 ^m ). The implementation aspects and design trade-offs of such a processor in comparison with more traditional implementations are examined through prototyping on FPGA technology.     

Elliptic Curve Point Multiplication by Generalized Mersenne Numbers

Montgomery modular multiplication in the residue number system （RNS） can be applied for elliptic curve cryptography. In this work, unified modular multipliers over generalized Mersenne numbers are proposed for RNS Montgomery modular multiplication, which enables efficient elliptic curve point multiplication （ECPM）. Meanwhile, the elliptic curve arithmetic with ECPM is performed by mixed coordinates and adjusted for hardware implementation. In addition, the conversion between RNS and the binary number system is also discussed. Compared with the results in the literature, our hardware architecture for ECPM demonstrates high performance. A 256-bit ECPM in Xilinx XC2VP100 field programmable gate array device （FPGA） can be performed in 1.44 ms, costing 22147 slices, 45 dedicated multipliers, and 8.25K bits of random access memories （RAMs）.     

基于Montgomery型椭圆曲线密码的RFID安全认证方案

针对现有基于椭圆曲线密码（elliptic curve cryptography,ECC）体制的 RFID（radio frequency identification device）安全认证方案不能满足相互认证、隐私保护和前向安全性等要求,提出一种基于Montgomery型椭圆曲线密码的认证方案。利用Montgomery型椭圆曲线来降低计算量,并提供标签和服务器之间的相互认证,具有匿名性和前向安全性。通过分析表明,该方案能够抵抗重放攻击、标签伪装攻击、服务器欺骗攻击、DoS攻击、位置跟踪攻击和克隆攻击。与现有方案相比,该方案在保证较低的内存、计算和通信需求的情况下,提供了较高的安全性能,能够满足RFID系统的安全性要求。     

A dynamic CDMA network for multicore systems

Code-division multiple-access (CDMA) is a data transmission method based on the spreading code technology, wherein multiple data streams share the same physical medium with no interference. A novel architecture for on-chip communication networks based on this approach is devised. The proposed design allows sharing coding resources among network?s users through the use of dynamic assignment of spreading codes. Data transmission latency is reduced by adopting a parallel structure for the coding/decoding circuitry. A 14-node CDMA network based on the proposed architecture is synthesised using 65 nm ST technology library. Performance analysis reveals that the proposed approach achieves significantly lower data packet latency compared to both conventional CDMA and packet switched network-on-chip implementations. Large area and power savings compared to existing approaches are also obtained.     

Elliptic curve implementation of zero-knowledge blobs

In [2] the authors show how to construct the building blocks for perfect zero-knowledge proofs called blobs using the discrete log problem. Contrary to what they remark on p. 73 of [2], we argue that the Mordell group of an elliptic curve is more suitable than the multiplicative group of a finite field for the construction of a hard cryptographic suite of problems.     

An Elliptic Curve Trapdoor System

We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair (E_s, E_pb) of elliptic curves over F₂¹⁶¹ is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in E_s(F₂¹⁶¹) to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) E_s is isogenous to E_s; (iii) the best attack on the ECDLP in E_s(F₂¹⁶¹) is the parallelized Pollard rho method. The curve E_s is used just as usual in elliptic curve cryptosystems. The curve E_s is submitted to a trusted authority for the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user's private key, which makes applications such as widespread wire-tapping impossible.     

Elliptic curve ElGamal based homomorphic image encryption scheme for sharing secret images

This paper proposes an encryption scheme with a new additive homomorphism based on Elliptic Curve ElGamal (EC-ElGamal) for sharing secret images over unsecured channel. The proposed scheme enables shorter key and better performance than schemes based on RSA or ElGamal. It has a lower computation overhead in image decryption comparing with the method that uses other additively homomorphic property in EC-ElGamal. Elliptic curve parameters are selected to resist the Pohlig-Hellman, Pollard's-rho, and Isomorphism attacks. Experimental results and analysis show that the proposed method has superior performance to RSA and ElGamal.     

面向椭圆曲线密码的处理器并行体系结构研究与设计

在研究椭圆曲线密码算法的处理特征以及有限域层上的并行调度算法基础上,采用指令级并行和数据级并行方法,提出了面向椭圆曲线密码的并行处理器体系结构模型,并就模型的存储结构进行了分析。基于该模型实现了一款验证原型,在FPGA上成功进行了验证测试并在0.18μm CMOS工艺标准单元库下进行逻辑综合以及布局布线。实验证明提出的并行处理器体系结构既能保证椭圆曲线密码算法应用的灵活性,又能够达到较高的性能。     

GF(2m)椭圆曲线密码体制在智能卡中的应用

介绍了特征2域上的椭圆曲线密码体制（ECC）的理论基础。分析了智能卡的安全机制，将椭圆曲线密码体制应用到智能卡中，给出了椭圆曲线密码算法在智能卡数据加密中的实现，并给出了在智能卡pin验证中的应用流程。最后，对ECC智能卡的性能进行了分析。     

Accelerated precomputation points–based scalar reduction on elliptic curve cryptography for wireless sensor networks

Sensor devices are limited resource power and energy, thus providing security services for sensor networks is very difficult. Elliptic curve cryptography (ECC) is one of the most famous asymmetric cryptographic schemes, which offers the same level of security with much shorter keys compared to the other widely used asymmetric cryptographic algorithm, RSA (Rivest, Shamir, and Adleman). In ECC, the main and most‐heavily used operation is the scalar multiplication kP , where the scalar value k is a private integer and must be secured. In this work, we present a new approach to accelerate the main scalar multiplication on ECC over prime fields for sensor networks. This approach uses an equivalent representation of points and can act as a support for existing schemes in a selected interval. The simulation results showed that the proposed technique increases the efficiency of the computation time. For example, on this scalar multiplication, we obtain a gain of 4 bits in 161 bits for 6.25% of the scalars. This gain can sometimes reach 100% in some cases. After this significant reduction of the scalar k , we present a fast precomputation algorithm in a distributed scalar multiplication on kP to avoid storage of precomputation points, which requires extra memory.     

椭圆曲线加密结合cookie信息的物联网终端安全认证协议

针对物联网(IoT)中终端设备接入网络服务器的安全性问题,提出了一种基于椭圆曲线加密(ECC)和cookie信息的物联网终端安全认证协议.协议首先将用户身份信息、服务器私钥、随机数和cookie有效期信息组成一个cookie文件,然后利用椭圆曲线加密体制对其进行加密,并将之存储在智能终端.在认证阶段,通过比对由cookie信息计算的安全参数来实现相互身份认证.性能分析表明,该协议在具有较低计算和通信成本的同时,能够有效抵抗多种攻击,提供了较高的安全性,非常适合应用于物联网中资源有限的终端设备.     

椭圆曲线上的射影平面

本文利用椭圆曲线上射影平面的概念,将椭圆曲线上加法转换成射影平面上的加法,从而避免了求逆运算。     

椭圆曲线密码体制

本文对椭圆曲线密码体制进行了概述与研究,并对椭圆曲线的原理、群的构成、对数问题、“倍点”公式以及城上元素运算的实现等一系列问题进行了讨论。最后,介绍了在椭圆曲线支持下的公开密钥密码体制。     

椭圆曲线密码体制的VLSI并行算法研究

文章分析了有限域上椭圆曲线密码体制的基本操作,针对实现中计算量最大的两个问题乘法和求逆运算,提出了ＶＬＳＩ并行算法,设计了相应的脉动阵列,并指出了它在椭圆曲线密码体制实现中的重要意义。     

A secure and efficient identity‐based mutual authentication scheme with smart card using elliptic curve cryptography

The e‐commerce has got great development in the past decades and brings great convenience to people. Users can obtain all kinds of services through e‐commerce platform with mobile device from anywhere and at anytime. To make it work well, e‐commerce platform must be secure and provide privacy preserving. To achieve this goal, Islam et al. proposed a dynamic identity‐based remote user mutual authentication scheme with smart card using Elliptic Curve Cryptography(ECC). Islam et al claimed that the security of their scheme was good enough to resist various attacks. However, we demonstrate that their scheme is vulnerable to insider attack and suffers from off‐line password guessing attack if smart card is compromised. To overcome the deficiencies, we present an improved scheme over Islam's scheme. The security proof and analysis shows that our scheme can also provide user anonymity and mutual authentication, and the security is enough to against relay attack, impersonation attack, and other common secure attackers. The performance analysis shows that the proposed scheme is more efficient than Islam et al's scheme.