Logo
Logo-Icon Sitemap Print-Icon Print-Version Contact-Icon Contact
  • Home
  • About IAIK
    • People
    • News
    • Events
    • How To Reach Us
    • Jobs
    • Privacy Policy
  • Research
    • Publications
    • E-Government
    • Formal Methods for Design & Verification
    • Implementation Attacks
    • Java-Security
    • Krypto
    • Secure & Correct Systems
    • Secure Entities for Smart Environments
    • Secure RFID
    • Trusted Computing
    • VLSI
  • Teaching
    • Bachelor Courses
    • Master Courses
    • Master Theses
    • Microsoft Academic Alliance
    • PhD
    • E-Exam
  • Partnerships
    • A-SIT
    • Stiftung SIC
Left Logo
VLSI
Archive - Arteus - CLU - Coating - CRISP - CUM - ECCU - Grandesca - ISEC - Powertrust - QCC - RSA - Scard - SETIC - SOSCARD - USBCRYPT Equipment Hardware Modules Partners Projects Publications
Right Logo
You are here: Start » Research » VLSI » Archive » ECCU

ECC elliptic curve cryptography

Digital signatures as well as key establishment algorithms are increasingly implemented with Elliptic Curve Cryptography (ECC). ECC can implement these schemes very efficiently because it requires shorter keylengths compared to algorithms based on the discrete logarithm problem or the factorization problem. ECC is standardized by many international organizations as ANSI, IEEE, ISO/IEC, and NIST. Technological advantages and wide acceptance will make ECC to a major technology of information security systems.

ECCU ECC for smartcards

Elliptic Curve Cryptography (ECC) is especially of interest for smartcards or similar systems that have constricted chip area, sparse computational power, or limited power supply. ECCU addresses the resulting low-power and low-area demands. The support of prime field operations (GF(p)) and binary field operations (GF(2^m)) allows to calculate all operations which arise during the generation of an elliptic-curve digital signature and other EC-primitives. Further implementation issues of ECCU are the resistance against spa- and dpa-attacks, and low-power operation on small chip area.

The Elliptic Curve Crypto Unit ECCU is an elliptic-curve processor that is well suited for resource constricted devices like smartcards or enhanced tags which offer asymmetric cryptography. ECCU is a fully-fledged EC processor that needs no interaction by an host processor to compute EC operations. ECCU contains a dual-field arithmetic unit that allows to compute EC operations over prime fields GF(p) as well it computes EC operations over binary fields GF(2^m). The dual-field capability comes at neglible cost in comparison to a pure GF(p) architecture. The arithmetic unit can compute all finite-field operations that are needed to compute EC operations. The arithmetic unit is optimized for low power consumption and low silicon die size. Its performance is not excessive but adequate for smartcard applications.

A programmable control unit steers the operation of ECCU's datapath. This concept allows standalone applications of ECCU as signature generating devices. In such applications, the controller is able to do IO operations besides controlling the EC datapath. Features of ECCU

  • Scalar multiplication of EC points including conversion of results to affine coordinates
  • Size on 0.35 µm CMOS: 1.3 mm² (192-bit architecture)
  • Performance on 0.35 µm CMOS
    • Max. clock frequency: 66 MHz
    • Throughput (192-bit ECC) : 7ms / operation (140 ops/sec)
  • Arithmetic unit with dual-field capability [Prime-field operation GF(p), Binary-field operation GF(2^m)]
  • Control unit to orchestrates operation of ECCU
    • Freely programmable
    • Can take over IO tasks (protocols, …)
  • VHDL code
    • Targetable to CMOS standard cells and FPGAs
    • Parameterizable word size: 163–571 bits

FASTGF2 ECC for e-government

Internet servers for e-commerce and e-government applications have to establish secure and authenticated communication with clients. Hardware accelerated Elliptic Curve Cryptograpy (ECC) liberates the software from this computational intensive taks and gurantees quality of service in terms of throughput and latency. FASTGF2 — a dedicated hardware solution — offers the advantage to process data at the full wordsize (160 to 512 bits) and to exploit parallelism (field multiplication). These features allow high speed operation (> 1000 signatures per second). A well considered implementation of FASTGF2 ensures constant running time to prevent timing attacks. The software integration of FASTGF2 is simple because all EC-operations are done on the card and results have an affine representation. An integration in the IAIK-JCE is available.

FASTGF2 is a PCI-card for accelerating Elliptic Curve Cryptography (ECC). Its application is in e-commerce and e-government where servers have to establish secure and authenticated communication with clients. FASTGF2 is highly optimized for a particular class of elliptic curves (i.e. ANSI c2tnb191v1). The FPGA based solution calculates EC-primitives at high speed to guarantee powerful throughput and low latency. The elliptic curve processor resides within the programmable FPGA which eases upgrades.

The high performace of FASTGF2 is mainly caused by an arithmetic unit that is optimized for a distinct field GF(2^m). The flexible VHDL-model can be parameterized for any bitlength m and for any irreducible polynomial (trinomials and pentanomials). Synthesis will produce an optimized hardware in minutes.

At the start of an application which makes use of FASTGF2, the hardware configuration of the elliptic curve processor is loaded into the FPGA. Applications communicate with FASTGF2 via a DLL that offers EC-relevant operations like scalar multiplication and point addition. After calling a DLL-function, data is transfered to the card and the desired command is invoked. During the period in which FASTGF2 is busy, all other resources of the computer are available for remaining duties — FASTGF2 requires no interaction with the CPU in this time.

All results of EC-operations calculated by FASTGF2 are transformed into their affine representation before output. Therefore, the software is completely relieved from EC-specific operations. To implement crypto primitives like ECDSA it is only necessary to do a few modular integer operations in software — the bulk of calculations is done by FASTGF2.

FASTGF2 can be implemented on very small FPGA devices. On a Xilinx Spartan-2 XC2S200 device it uses 66% of the resources and can be clocked with 66 MHz. Field Multiplication makes use of a digit-serial multiplier (radix-256; 8 bits per cycle). Field Squaring executes in a single cycle. A scalar multiplication takes 620 µs -- in this number IO and tranformation to affine representation is included! Thus, 1612 scalar operations per second can be performed. A constant running time prevents timing attacks. Software drivers for Windows NT, Windows 2000 are available. A sSoftware integration requires only the linking of a DLL. A web application based on JAVA is available which demonstrates the capabilities of FASTGF2.

© 1990 - 2012 IAIK TU Graz
Contact | Jobs | Sitemap | Impressum